Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CURL_MAX_INPUT_LENGTH: largest acceptable string input size #3805

Closed
wants to merge 2 commits into from

Conversation

Projects
None yet
1 participant
@bagder
Copy link
Member

commented Apr 25, 2019

This limits all accepted input strings passed to libcurl to be less than
CURL_MAX_INPUT_LENGTH (1000000) bytes, for these API calls:
curl_easy_setopt() and curl_url_set().

The 1000000 number is arbitrary picked and is meant to detect mistakes
or abuse, not to limit actual practical use cases. By limiting the
acceptable string lengths we also reduce the risk of integer overflows
all over.

NOTE_ This does not apply to CURLOPT_POSTFIELDS.

Adds test 1559 that verifies the functionality.

bagder added some commits Apr 25, 2019

CURL_MAX_INPUT_LENGTH: largest acceptable string input size
This limits all accepted input strings passed to libcurl to be less than
CURL_MAX_INPUT_LENGTH (1000000) bytes, for these API calls:
curl_easy_setopt() and curl_url_set().

The 1000000 number is arbitrary picked and is meant to detect mistakes
or abuse, not to limit actual practical use cases. By limiting the
acceptable string lengths we also reduce the risk of integer overflows
all over.

NOTE_ This does not apply to `CURLOPT_POSTFIELDS`.
@bagder

This comment has been minimized.

Copy link
Member Author

commented Apr 25, 2019

I also took took this proposal to the mailing list

@bagder

This comment has been minimized.

Copy link
Member Author

commented Apr 29, 2019

No objections have been received, but I bump the limit to 8000000 bytes anyway to reduce the risk of hitting a valid use case further.

@bagder bagder closed this in 5fc2851 Apr 29, 2019

@bagder bagder deleted the bagder/limit-string-lengths branch May 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.