curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: "URLs are dangerous things"

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Tue, 6 Feb 2018 15:37:54 +0100

On Tue, Feb 06, 2018 at 08:24:41AM +0100, Daniel Stenberg wrote:
> Every now and then we get security problems reported to us that are really
> just various types of attacks you can do if you can either A) modify the url
> your curl application is using and/or B) have a server respond with a
> perfectly fine protocol-wise but malicious response to curl.
>
> Letting users freely set the URL, or parts of the URL, for your curl-using
> application can get consequences.
>
> I've started to document exactly what consequences and how:

There looks like a large degree of overlap with
https://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Security Perhaps that
document could be expanded instead of duplicating the info.
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-02-06