On Thu, 17 Jan 2013, Dan Fandrich wrote:
+ char tfield[CURL_MAX_HTTP_HEADER];
+ strncpy(tfield, trailer_headers->data, tptr-trailer_headers->data+1);
This will overflow tfield given a long enough user-supplied header.
In addition to Dan's fine comments, allow me to point out that
CURL_MAX_HTTP_HEADER is 100K by default. To me it seems a bit excessive to
have a local array of that size on the stack there...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
