curl-library
Re: Query on HTTP(S) connection
Date: Sun, 4 Mar 2018 07:33:54 -0600
Hello,
Can anyone please help me with the following query:
I am using curl_easy_perform for making HTTP(S) operations using the same
curl handle (reusing the same curl handle for connection persistence).
There are 2 things I want to achieve:
1. How can check using the curl handle if the connection is still
established (the connection is not closed)?
2. How can I close the underlying HTTP connection without calling
"curl_easy_cleanup"?
Thanks,
Ranjan
On Fri, Mar 2, 2018 at 11:19 PM, <curl-library-request_at_cool.haxx.se> wrote:
> Send curl-library mailing list submissions to
> curl-library_at_cool.haxx.se
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-library
> or, via email, send a message with subject or body 'help' to
> curl-library-request_at_cool.haxx.se
>
> You can reach the person managing the list at
> curl-library-owner_at_cool.haxx.se
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of curl-library digest..."
>
>
> Today's Topics:
>
> 1. Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str (Daniel Stenberg)
> 2. Query on HTTP(S) connection (Ranjan Khanna)
> 3. Bearer token authentication? (John Hascall)
> 4. Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str (Prashant Chaudhari)
> 5. crash issue: while invoking easy perform. (surya chandrika)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 2 Mar 2018 17:45:30 +0100 (CET)
> From: Daniel Stenberg <daniel_at_haxx.se>
> To: libcurl development <curl-library_at_cool.haxx.se>
> Subject: Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str
> Message-ID: <alpine.DEB.2.20.1803021744330.31119_at_tvnag.unkk.fr>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
> On Thu, 1 Mar 2018, Prashant Chaudhari wrote:
>
> > I would like to add attached patch, which zero out the user defined
> data. I
> > am particularly targeting to reset the password/authentication secrets.
> >
> > Please find attached patch on the libcurl version 7.57.0. and let me
> know if
> > you can accept it and release.
>
> Thanks, can you please make it a "unified" diff? Like when using -u with
> the
> diff tool? That makes it easier for us to receive and review it!
>
> --
>
> / daniel.haxx.se
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 2 Mar 2018 15:51:53 -0600
> From: Ranjan Khanna <ebox.ranjan_at_gmail.com>
> To: curl-library_at_cool.haxx.se
> Subject: Query on HTTP(S) connection
> Message-ID:
> <CALB7Hc8tyNLMun9CLLcAfZkSyyBk6e5guDEjpscxOtniTg1FAQ_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> I am using curl_easy_perform for making HTTP(S) operations using the same
> curl handle (reusing the same curl handle for connection persistence).
> There are 2 things I want to achieve:
>
> 1. How can check using the curl handle if the connection is still
> established (the connection is not closed)?
>
> 2. How can I close the underlying HTTP connection without calling
> "curl_easy_cleanup"?
>
> Thanks,
> Ranjan
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180302/61260c8b/attachment-0001.html>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 2 Mar 2018 16:13:35 -0600
> From: John Hascall <john_at_iastate.edu>
> To: curl-library_at_cool.haxx.se
> Subject: Bearer token authentication?
> Message-ID:
> <CADCx5Mo80N8zOywc6xScXrrAC9CJ7CEQQcXho4k87ygAyvyeYA_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Has any thought been given to the possibility of something along these
> lines:
>
>
> curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
> curl_easy_setopt(curl, CURLOPT_BEARER_TOKEN, token);
>
> *or*
> curl_easy_setopt(curl, CURLOPT_PASSWORD, token);
>
>
> because faffing around in the struct curl_slist of headers to
>
> replace the "Authorization Bearer *token*" header every time you have
>
> a new token
> (especially with short-lived tokens like at api.box.com)
>
> is annoying
> (and
> smells of an abstraction violation).
>
> Or am I missing some sane way to do it?
>
>
> John
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180302/021c86f8/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 2 Mar 2018 16:00:03 -0800
> From: Prashant Chaudhari <prashantsc_at_gmail.com>
> To: curl-library_at_cool.haxx.se
> Subject: Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str
> Message-ID:
> <CAFLRTxYj1Qp66AWE1EtLE3E-7Gx=gR6a1kgCObtt=jgEsaBcOA_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> From: Daniel Stenberg <daniel_at_haxx.se
> <daniel_at_haxx.se?Subject=Re:%20Fwd:%20Security%20fix:%
> 20reset%20memory%20of%20Curl_easy->UserDefined->str>>
>
> Date: Fri, 2 Mar 2018 17:45:30 +0100 (CET)
>
> On Thu, 1 Mar 2018, Prashant Chaudhari wrote:
>
> *> I would like to add attached patch, which zero out the user defined
> data. I *
> *> am particularly targeting to reset the password/authentication secrets.
> *
> *> *
> *> Please find attached patch on the libcurl version 7.57.0. and let me
> know if *
> *> you can accept it and release. *
>
> Thanks, can you please make it a "unified" diff? Like when using -u with
> the
> diff tool? That makes it easier for us to receive and review it!
>
>
> Please find attached unified diff file with the same fix.
>
> Regards,
> Prashant
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180302/25674986/attachment-0001.html>
> -------------- next part --------------
> --- url.c 2018-01-30 16:19:20.307137284 -0800
> +++ url-changed.c 2018-03-01 13:58:03.530696648 -0800
> @@ -281,6 +281,9 @@
> /* Free all dynamic strings stored in the data->set substructure. */
> enum dupstring i;
> for(i = (enum dupstring)0; i < STRING_LAST; i++) {
> + if (data->set.str[i]) {
> + memset(data->set.str[i], 0, strlen(data->set.str[i]) * sizeof
> (data->set.str[i][0]));
> + }
> Curl_safefree(data->set.str[i]);
> }
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 3 Mar 2018 10:49:27 +0530
> From: surya chandrika <contactsuryac_at_gmail.com>
> To: curl-library_at_cool.haxx.se
> Subject: crash issue: while invoking easy perform.
> Message-ID:
> <CAOZga=YswrVAEsRonWQyFfJxq+5K-iEAf4wVh=kw9tEbpyHJ5w_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Am getting following crash issue:
>
> BT:
>
> #0 0x00007f5a2c4344ab in raise (sig=11)
> at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
> #1 0x00007f5a310b4582 in skgesigOSCrash ()
> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1
> #2 0x00007f5a316d48a5 in kpeDbgSignalHandler ()
> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1
> #3 0x00007f5a310b48c0 in skgesig_sigactionHandler ()
> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1
> #4 <signal handler called>
> #5 __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:
> 66
> #6 0x00007f5a29ddee49 in PR_Lock () from /lib64/libnspr4.so
> #7 0x00007f5a33130747 in nss_connect_common () from /lib64/libcurl.so.4
> #8 0x00007f5a3312795e in Curl_ssl_connect_nonblocking () from
> /lib64/libcurl.so.4
> #9 0x00007f5a330fee4d in Curl_http_connect () from /lib64/libcurl.so.4
> #10 0x00007f5a331214a5 in multi_runsingle () from /lib64/libcurl.so.4
> #11 0x00007f5a33122221 in curl_multi_perform () from /lib64/libcurl.so.4
> #12 0x00007f5a33119523 in curl_easy_perform () from /lib64/libcurl.so.4
>
>
> acc to logic only curl_easy_perform () should be invoked, but not sure
> why BT shows curl_multi_perform () is it internally invoked from curl.
>
> Please let me know if anyone is familiar with this.
>
> Note:
>
> $ curl --version
> curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.28.4 zlib/1.2.7
> libidn/1.28 libssh2/1.4.3
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
> pop3s rtsp scp sftp smtp smtps telnet tftp
> Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
> unix-sockets
>
> Regards,
> Surya
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180303/f6ac0160/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> curl-library mailing list
> curl-library_at_cool.haxx.se
> https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-library
>
>
> ------------------------------
>
> End of curl-library Digest, Vol 151, Issue 4
> ********************************************
>
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-03-04