Disallow binary zero in header and cookies.

1 files changed, 8 insertions, 10 deletions

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 77e80354..6617dd98 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -2537,12 +2537,10 @@ MHD_set_connection_value (struct MHD_Connection *connection,
 
 
 /**
- * This function can be used to add an entry to the HTTP headers of a
- * connection (so that the #MHD_get_connection_values function will
- * return them -- and the `struct MHD_PostProcessor` will also see
- * them).  This maybe required in certain situations (see Mantis
- * #1399) where (broken) HTTP implementations fail to supply values
- * needed by the post processor (or other parts of the application).
+ * This function can be used to add an arbitrary entry to connection.
+ * This function could add entry with binary zero, which is allowed
+ * for #MHD_GET_ARGUMENT_KIND. For other kind on entries it is
+ * recommended to use #MHD_set_connection_value.
  *
  * This function MUST only be called from within the
  * #MHD_AccessHandlerCallback (otherwise, access maybe improperly
@@ -2554,10 +2552,10 @@ MHD_set_connection_value (struct MHD_Connection *connection,
  * @param connection the connection for which a
  *  value should be set
  * @param kind kind of the value
- * @param key key for the value
- * @param key_size number of bytes in @a key (excluding 0-terminator for C-strings)
- * @param value the value itself 
- * @param value_size number of bytes in @a value (excluding 0-terminator for C-strings)
+ * @param key key for the value, must be zero-terminated
+ * @param key_size number of bytes in @a key (excluding 0-terminator)
+ * @param value the value itself, must be zero-terminated
+ * @param value_size number of bytes in @a value (excluding 0-terminator)
  * @return #MHD_NO if the operation could not be
  *         performed due to insufficient memory;
  *         #MHD_YES on success