You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
The snprintf() for getting datasz should be checked, because can fail on unexpected characters - from the manual:
[EILSEQ] An invalid wide character code was encountered.
That will make it safer when wanting to send data taken from SIP traffic (e.g., body of requests).
On negative return code, likely pkg_malloc() will fail, requested size being big.
The second snprintf() is unlikely to fail, but I would use pkg_mallocxz() or set send_data[0] = '\0' before it so in case it fails for what so ever unknown reason, then the CURL library doesn't get a buffer with garbage and does not go beyond allocated buffer to find the '\0'.
For reusing http_client, it would be good to review all modules. Can be done for this one also after merging, it is easier to work directly in repo than as PR.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.