Skip to content

(CVE-2024-52531) headers: Be more robust against invalid input when parsing params

Patrick Griffis requested to merge headers-crash into master

If you pass invalid input to a function such as soup_header_parse_param_list_strict() it can cause an overflow if it decodes the input to UTF-8.

This should never happen with valid UTF-8 input which the API requires currently.

This is not possible to happen with network data as all headers are decoded before this point.

Merge request reports

Loading