-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Large cookies cause buffer overflow #89
Comments
Places that would need to be changed:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using
-j
, the cookie header can be populated by slowhttptest when sending the request.However, there's an undocumented 1024-byte limit on the size of this header:
slowhttptest/src/slowhttptestmain.cc
Line 155 in 6e316be
For applications that use large authorization cookies (e.g. JWTs), the cookie may exceed 1024 bytes. Using these cookies on the command line will trigger buffer overflow detection - while you're not overflowing the buffer, you're also not writing a null byte.
Improvements here may include:
Cookie
(andAccept
) headers.-j
option is longer than this max lengthcookie
variable to allocate a variable-length buffer of just-enough space for the provided cookiesThe text was updated successfully, but these errors were encountered: