cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 15 May 2014 23:32:27 +0200 (CEST)

On Wed, 14 May 2014, Daniel Stenberg wrote:

> PROTOPT_CREDSPERREQUEST means that the protocol sends full credentials per
> request (so that the same connection can be re-used even if the
> user/password changes between requests), and HTTP works the same way as
> HTTPS in that regard so I really think both should have that bit set.

I've just pushed this fix, and I also first made sure that the bug could be
triggered before the change and is fixed afterwards.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-05-15

This message: [ Message body ]
Next message: Ryan Braud: "question about chunked encoding and CURLINFO_SIZE_DOWNLOAD"
Previous message: Daniel Stenberg: "Re: a darwinssl-related crash, #1369"
In reply to: Daniel Stenberg: "RE: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]