cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 1 Apr 2014 08:16:00 +0200 (CEST)

On Mon, 31 Mar 2014, myriachan_at_cox.net wrote:

> "creditials" should be "credentials". Sadly, this would make the line
> longer than 80 characters, and moving "request" to the next line would blow
> past the 80 limit on that line, too. Change "as opposed to" to "instead
> of".

Thanks! Will fix.

> Also, I had to modify this patch's url.c change to get it to apply to
> 7.33.0. Does this look right?
>
> if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
> ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) {

Yes, that seems like a decent adaption. We put the "needle->handler->protocol
& CURLPROTO_HTTP" check into the 'wantNTLM' assignment itself at the top in
later versions but either way is fine.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-04-01

This message: [ Message body ]
Next message: Steve Holme: "RE: CURL SMTP - Bypass Authentication"
Previous message: Stojan Veljkovic: "Re: Download from ftp (folders) in exact order of directories on HDD"
In reply to: myriachan_at_cox.net: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"
Next in thread: Vitezslav Cizek: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]