cURL / Mailing Lists / curl-library / Single Mail


Re: TLS certificate verification

From: Ray Satiro via curl-library <>
Date: Sun, 21 Jun 2015 02:41:19 -0400

On 6/20/2015 7:28 PM, (( \/\/|||"'""/'")) ((\"""" )) (( ))\\\"\\"\ wrote:
> 1. I have found conditions on custom IMAP command to get thousands of
> envelopes in one FETCH where callback function tried to allocate huge
> amounts of memory, more than response size, making Callback return -1,
> and curl_easy_perform return something like "cannot write file" or
> similar. Can't remember exact error...
> 2. When issuing "select inbox" + "search unseen", on 1 mail inbox the
> data returned in body/header is ALWAYS wrong. Happens consistently on
> 1 inbox has probably 9 or 10k unseen mails. It's a MAJOR error here
> and makes libcurl custom command responses 100% unreliable. I attached
> some pictures to better describe and show libcurl incorrect response &
> OpenSSL correct response. The response should be many thousands of
> UID's and libcurl cuts it down to several hundred and concats a UID.
> 3. I found a way to make libcurl do an unhandled exception crash on
> setting a custom command with a 300 byte string, although inconsistent
> happens when sending/recieving many commands back to back. I spent a
> few hours debugging it to try to do an exploit but I couldn't get
> control of RIP so I don't think it's exploitable, but at best it's a
> denial of service. Crash happens on curl_easy_setopt(CUSTOM_COMMAND,
> "\x41 * 300") - dies when calling curl_easy_perform(). I have my
> clients code in there and it's a lot so I can't send source but when I
> have more free time, if needed, I could send you a binary to show the
> crash. It's definitely in libcurl though.

Point 2 is definitely a serious bug [1] and it is listed in known bugs
[2]. I don't know of a good (or even a not-so-good) way to fix it.
Points 1 & 3 are either bugs or user error there isn't enough
information to tell. You'd need to provide a self contained source
example with the minimum amount of code needed to reproduce, no binary.


List admin:
Received on 2015-06-21