slowhttptest icon indicating copy to clipboard operation
slowhttptest copied to clipboard

Published 20 hours ago verified publisher icon shekyan

Large cookies cause buffer overflow

Open aph3rson opened this issue 10 months ago • 1 comments

When using -j, the cookie header can be populated by slowhttptest when sending the request.

However, there's an undocumented 1024-byte limit on the size of this header: https://github.com/shekyan/slowhttptest/blob/6e316be98f562dd129a76cb228faae83217030a8/src/slowhttptestmain.cc#L155

For applications that use large authorization cookies (e.g. JWTs), the cookie may exceed 1024 bytes. Using these cookies on the command line will trigger buffer overflow detection - while you're not overflowing the buffer, you're also not writing a null byte.

Improvements here may include:

  • documenting a max length of 1024 for the Cookie (and Accept) headers.
  • fail if the -j option is longer than this max length
  • improving the cookie variable to allocate a variable-length buffer of just-enough space for the provided cookies

aph3rson avatar Apr 17 '24 19:04 aph3rson