Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: TLS certificate verification

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Sun, 21 Jun 2015 02:41:19 -0400

On 6/20/2015 7:28 PM, (( \/\/|||"'""/'")) ((\"""" )) (( ))\\\"\\"\ wrote:
> 1. I have found conditions on custom IMAP command to get thousands of
> envelopes in one FETCH where callback function tried to allocate huge
> amounts of memory, more than response size, making Callback return -1,
> and curl_easy_perform return something like "cannot write file" or
> similar. Can't remember exact error...
>
> 2. When issuing "select inbox" + "search unseen", on 1 mail inbox the
> data returned in body/header is ALWAYS wrong. Happens consistently on
> 1 inbox has probably 9 or 10k unseen mails. It's a MAJOR error here
> and makes libcurl custom command responses 100% unreliable. I attached
> some pictures to better describe and show libcurl incorrect response &
> OpenSSL correct response. The response should be many thousands of
> UID's and libcurl cuts it down to several hundred and concats a UID.
>
> 3. I found a way to make libcurl do an unhandled exception crash on
> setting a custom command with a 300 byte string, although inconsistent
> happens when sending/recieving many commands back to back. I spent a
> few hours debugging it to try to do an exploit but I couldn't get
> control of RIP so I don't think it's exploitable, but at best it's a
> denial of service. Crash happens on curl_easy_setopt(CUSTOM_COMMAND,
> "\x41 * 300") - dies when calling curl_easy_perform(). I have my
> clients code in there and it's a lot so I can't send source but when I
> have more free time, if needed, I could send you a binary to show the
> crash. It's definitely in libcurl though.

Point 2 is definitely a serious bug [1] and it is listed in known bugs
[2]. I don't know of a good (or even a not-so-good) way to fix it.
Points 1 & 3 are either bugs or user error there isn't enough
information to tell. You'd need to provide a self contained source
example with the minimum amount of code needed to reproduce, no binary.

[1]: http://sourceforge.net/p/curl/bugs/1366/
[2]: http://curl.haxx.se/docs/knownbugs.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-06-21