Commit 37a23fea authored by Rob Swindell's avatar Rob Swindell

Fix heap corruption that could occur when HSTS feature is enabled

At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.
parent 739ce579
Pipeline #367 passed with stage
in 17 minutes and 57 seconds
......@@ -2779,6 +2779,8 @@ static BOOL parse_headers(http_session_t * session)
else {
if (session->req.vary_list)
strcat(p, ", ");
else
*p = '\0';
strcat(p, get_header(HEAD_UPGRADEINSECURE));
session->req.vary_list = p;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment