http.c generally looks okay - errors are usually checked and handled, care is taken to ensure buffers are not overrun etc, sizes are handled well etc. From what I can see it appears to also appropriately check input to ensure it doesn't blindly trust it as well.
http.c generally looks okay - errors are usually checked and handled, care is taken to ensure buffers are not overrun etc, sizes are handled well etc. From what I can see it appears to also appropriately check input to ensure it doesn't blindly trust it as well.
Also the upstream history of this file looks pretty stable too http:// git.savannah. gnu.org/ gitweb/ ?p=grub. git;a=history; f=grub- core/net/ http.c
So nothing in particular stands out as a red-flag security wise that I can see.