Excellent catch! Added validation for the new
params
Thanks for the tip! Updated
By adding the return statement you pass the ownership of the string back to main. The unmodified function just took the ownership of the string and deallocated it after printing. Hope this helps
You can already use experimental hyper backend (written in rust) for http stuff in curl https://aws.amazon.com/blogs/opensource/how-using-hyper-in-curl-can-help-make-the-internet-safer/ I wonder if the vulnerability touches this use case as well
Is there a link to the blog somewhere?