You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When doing client/server programming, never trust the client. A malicious user may create his client and send junk to your server to exploit vulnerabilities.
the following code:
intHttpParser::_parse_headers(char* recv_buf, Request& request) {
char *p = recv_buf;
char key[1024];
char value[10 * 1024];
int i = 0;
int parse_len = 0;
while (1) {
if (*p == '\r' && *(p + 1) == '\n') {
break;
}
assumes that the header is terminated by a "\r\n", if the client does not do that, your method would keep on reading past the buffer and make your server crash.
The text was updated successfully, but these errors were encountered:
When doing client/server programming, never trust the client. A malicious user may create his client and send junk to your server to exploit vulnerabilities.
the following code:
assumes that the header is terminated by a "\r\n", if the client does not do that, your method would keep on reading past the buffer and make your server crash.
The text was updated successfully, but these errors were encountered: