When using -j, the cookie header can be populated by slowhttptest when sending the request.
However, there's an undocumented 1024-byte limit on the size of this header:
|
char cookie[1024] = { 0 }; |
For applications that use large authorization cookies (e.g. JWTs), the cookie may exceed 1024 bytes. Using these cookies on the command line will trigger buffer overflow detection - while you're not overflowing the buffer, you're also not writing a null byte.
Improvements here may include:
- documenting a max length of 1024 for the
Cookie (and Accept) headers.
- fail if the
-j option is longer than this max length
- improving the
cookie variable to allocate a variable-length buffer of just-enough space for the provided cookies
When using
-j, the cookie header can be populated by slowhttptest when sending the request.However, there's an undocumented 1024-byte limit on the size of this header:
slowhttptest/src/slowhttptestmain.cc
Line 155 in 6e316be
For applications that use large authorization cookies (e.g. JWTs), the cookie may exceed 1024 bytes. Using these cookies on the command line will trigger buffer overflow detection - while you're not overflowing the buffer, you're also not writing a null byte.
Improvements here may include:
Cookie(andAccept) headers.-joption is longer than this max lengthcookievariable to allocate a variable-length buffer of just-enough space for the provided cookies