Skip to content
Unverified Commit 2bc230de authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

cookies: reject oversized cookies

... instead of truncating them.

There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.

We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.

Added test 1151 to verify

Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith

Closes #1894
parent 1a072796
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment