Large cookies cause buffer overflow

[aph3rson]

When using -j, the cookie header can be populated by slowhttptest when sending the request.

However, there's an undocumented 1024-byte limit on the size of this header:

slowhttptest/src/slowhttptestmain.cc

Line 155 in 6e316be

char cookie[1024] = { 0 };

For applications that use large authorization cookies (e.g. JWTs), the cookie may exceed 1024 bytes. Using these cookies on the command line will trigger buffer overflow detection - while you're not overflowing the buffer, you're also not writing a null byte.

Improvements here may include:

• documenting a max length of 1024 for the Cookie (and Accept) headers.
• fail if the -j option is longer than this max length
• improving the cookie variable to allocate a variable-length buffer of just-enough space for the provided cookies

[aph3rson]

Places that would need to be changed:

• the buffer for the cookie:
  

  slowhttptest/src/slowhttptestmain.cc

  Line 155 in 6e316be

  char cookie[1024] = { 0 };

• the copy args for pulling the cookie from getopt:
  

  slowhttptest/src/slowhttptestmain.cc

  Line 230 in 6e316be

  strncpy(cookie, optarg, 1023);

• the test_info report line (there's probably plenty of buffer overflows here with large arguments, many of its dependents have 1024 size):
  

  slowhttptest/src/slowhttptest.cc

  Line 394 in 6e316be

  char test_info[1024];