I've just been debugging a very weird bug in some scripted automation
The script takes a bearer token as a parameter that is inserted into
the http request using the -H curl flag.
I eventually tracked the problem down to the bearer token being passed
having an extra newline inserted at the end. This was copied through to
the http request (adding a blank line and making the server ignore any
subsequent http headers breaking the upload).
Clearly this is a bug in my scripts that need to do better input
validation but it does strike me that it might be prudent for curl to
at least check for line breaks in custom http headers. I expect I could
have inserted an entire extra header this way which just seems like a risk.
The counter argument would be that its not up to curl to validate that
the arguments of a -H flag are a valid header. What do other people think?
Stephen
--
======================================================================
|epcc| Dr Stephen P Booth Principal Architect |epcc|
|epcc| s.bo...@epcc.ed.ac.uk Phone 0131 650 5746 |epcc|
======================================================================
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
