projects / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7524d5c) | patch
[PATCH] http: return error when receiving too large header set
authorDaniel Stenberg <daniel@haxx.se>
Wed, 2 Aug 2023 21:34:48 +0000 (23:34 +0200)
committerSamuel Henrique <samueloph@debian.org>
Sun, 10 Dec 2023 06:07:30 +0000 (06:07 +0000)
commit9db59f7c57b8e0ef511a91e7a6f03cb3fd05f1dc
tree28cc853abe56f68c01fd442d859f0efedf23c3c8tree | snapshot
parent7524d5c8aa55a9406a8868d5a734f4f7a27f706ccommit | diff
[PATCH] http: return error when receiving too large header set

To avoid abuse. The limit is set to 300 KB for the accumulated size of
all received HTTP headers for a single response. Incomplete research
suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to
1MB.

Closes #11582

Backport to Debian by Carlos Henrique Lima Melara <charlesmelara@riseup.net>

Gbp-Pq: Name CVE-2023-38039.patch
lib/c-hyper.c diff | blob | history
lib/http.c diff | blob | history
lib/http.h diff | blob | history
lib/http_proxy.c diff | blob | history
lib/pingpong.c diff | blob | history
lib/urldata.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.