ded/cpp-httplib
1
0
Fork 0
mirror of https://github.com/yhirose/cpp-httplib.git synced 2026-06-10 16:47:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
907257f51de5213b6f1febe983e7d39ad6e1118c
cpp-httplib/test/fuzzing/corpus/clusterfuzz-testcase-minimized-client_fuzzer-5188033728282624
yhirose 2d2efe46da Fix OSS-Fuzz #508342856: cap Content-Length reservation by payload_max_length_ 
A malicious or malformed server response with an enormous Content-Length
header (e.g. 20000000000) caused the client to call res.body.reserve(len)
with the untrusted value, triggering OOM before read_content's
payload_max_length_ check could take effect. Cap the pre-reservation
at payload_max_length_, since reading more than that is never useful.
2026-05-01 21:28:57 +09:00

4 lines
45 B
Plaintext
Raw Blame History

HTTP/1.1 777
Content-Length:20000000000
Reference in New Issue View Git Blame Copy Permalink