< Previous by Date Date Index Next by Date >
  Thread Index Next in Thread >

[reSIProcate] Unsafe use of Content-Length in ConnectionBase


ConnectionBase uses header(h_ContentLength) without a try block in two places. If Content-Length is malformed, we could end up with strange behavior (I haven't dug very deep into precisely how strange). Recommend we wrap these in try, and if something goes wrong, scrap the connection.

Best regards,
Byron Campen

Attachment: smime.p7s
Description: S/MIME cryptographic signature