On Mon, 28 Oct 2013, Steve Holme wrote:
It does make we wonder if it will hit back on us somewhere if something
somewhere is now relying on our "sloppy" parser...
However, it is the uses in http_negotiate.c, krb.c, security.c and getpart.c
that I am little nervous about as I don't know those areas of code at all :(
The getpart is easy, that's only for our own tests and they should certainly
have properly formatted base64 strings or we should fix them. I think the
other places mostly decode externally provided data so as far as I can think
of right now, they *should* be passed in correctly as well so a stricter
parser would be fine.
I would say that the most likely thing that could make this backfire is if
there's some widely deployed software out there in the wild that produces
broken base64 sequences and we want libcurl to work with it. But I also don't
think we will find out if there's anything like that until we actually try...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
