[opensource-dev] Review Request: Enable CURLOPT_ENCODING for Inventory caps, which uses the LLURLRequest code path

[Monty Brandenberg]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://codereview.secondlife.com/r/242/#review512
-----------------------------------------------------------


Before shipping, review the exploit history around CURLOPT_ENCODING.  There is a
known buffer overflow exploit, I believe in pre-7.20 releases but that should be
checked first for applicability.

- Monty


On March 28, 2011, 6:22 p.m., Stone Linden wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://codereview.secondlife.com/r/242/
> -----------------------------------------------------------
> 
> (Updated March 28, 2011, 6:22 p.m.)
> 
> 
> Review request for Viewer, Oz Linden, Joshua Linden, and Brad Kittenbrink.
> 
> 
> Summary
> -------
> 
> Enable Accept-Encoding: deflate, gzip in libcurl via setopt CURLOPT_ENCODING. I'm approaching this for Inventory, but it would apply to any HTTP request that goes through the LLURLRequest code path (vs. the LLCurl code path, which already does this).
> 
> 
> Diffs
> -----
> 
>   indra/llmessage/llurlrequest.cpp 2ae060c0fa91 
> 
> Diff: http://codereview.secondlife.com/r/242/diff
> 
> 
> Testing
> -------
> 
> Inventory loads, and I see the encoding options coming through on the backend apache logs.
> 
> 
> Thanks,
> 
> Stone
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20110329/d805b67f/attachment.htm