@amadio commented on this pull request.
In src/XrdHttp/XrdHttpProtocol.cc:
> @@ -1528,7 +1528,7 @@ int XrdHttpProtocol::StartSimpleResp(int code, const char *desc, const char *hea if ((bodylen >= 0) && (code != 100)) ss << "Content-Length: " << bodylen << crlf; - if (header_to_add) + if (header_to_add && strlen(header_to_add))
What about avoiding strlen
? Looking around, I see that this function probably doesn't take in untrusted data, but strlen
is more expensive than if(header_to_add && *header_to_add)
with not much added benefit.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1