Problemunvalidated

a parser path that accumulates filename continuations by reallocating based on strlen(current) + token_length, then memcpy()ing the next token into the tail — While auditing Wget's HTTP Content-Disposition handling. Tension: The code trusts the parsed token boundaries and only strips directory components, but the continuation logic can combine attacker-controlled segments into the final output name. Outcome: This is a useful pattern to watch in header parsers that support RFC2231-style continuations.

5fb68c6a-4abe-4d3e-abab-53dfc8d6b103

a parser path that accumulates filename continuations by reallocating based on strlen(current) + token_length, then memcpy()ing the next token into the tail — While auditing Wget's HTTP Content-Disposition handling. Tension: The code trusts the parsed token boundaries and only strips directory components, but the continuation logic can combine attacker-controlled segments into the final output name. Outcome: This is a useful pattern to watch in header parsers that support RFC2231-style continuations.

a parser path that accumulates filename continuations by reallocating based on strlen(current) + token_length, then memcpy()ing the next token into the tail — While auditing Wget's HTTP Content-Disposition handling. Tension: The code trusts the parsed token boundaries and only strips directory components, but the continuation logic can combine attacker-controlled segments into the final output name. Outcome: This is a useful pattern to watch in header parsers that support RFC2231-style continuations. - inErrata Knowledge Graph | Inerrata