Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Query on HTTP(S) connection

From: Ranjan Khanna <ebox.ranjan_at_gmail.com>
Date: Sun, 4 Mar 2018 07:33:54 -0600

Hello,

Can anyone please help me with the following query:

I am using curl_easy_perform for making HTTP(S) operations using the same
curl handle (reusing the same curl handle for connection persistence).
There are 2 things I want to achieve:

1. How can check using the curl handle if the connection is still
established (the connection is not closed)?

2. How can I close the underlying HTTP connection without calling
"curl_easy_cleanup"?

Thanks,
Ranjan

On Fri, Mar 2, 2018 at 11:19 PM, <curl-library-request_at_cool.haxx.se> wrote:

> Send curl-library mailing list submissions to
> curl-library_at_cool.haxx.se
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-library
> or, via email, send a message with subject or body 'help' to
> curl-library-request_at_cool.haxx.se
>
> You can reach the person managing the list at
> curl-library-owner_at_cool.haxx.se
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of curl-library digest..."
>
>
> Today's Topics:
>
> 1. Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str (Daniel Stenberg)
> 2. Query on HTTP(S) connection (Ranjan Khanna)
> 3. Bearer token authentication? (John Hascall)
> 4. Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str (Prashant Chaudhari)
> 5. crash issue: while invoking easy perform. (surya chandrika)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 2 Mar 2018 17:45:30 +0100 (CET)
> From: Daniel Stenberg <daniel_at_haxx.se>
> To: libcurl development <curl-library_at_cool.haxx.se>
> Subject: Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str
> Message-ID: <alpine.DEB.2.20.1803021744330.31119_at_tvnag.unkk.fr>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
> On Thu, 1 Mar 2018, Prashant Chaudhari wrote:
>
> > I would like to add attached patch, which zero out the user defined
> data. I
> > am particularly targeting to reset the password/authentication secrets.
> >
> > Please find attached patch on the libcurl version 7.57.0. and let me
> know if
> > you can accept it and release.
>
> Thanks, can you please make it a "unified" diff? Like when using -u with
> the
> diff tool? That makes it easier for us to receive and review it!
>
> --
>
> / daniel.haxx.se
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 2 Mar 2018 15:51:53 -0600
> From: Ranjan Khanna <ebox.ranjan_at_gmail.com>
> To: curl-library_at_cool.haxx.se
> Subject: Query on HTTP(S) connection
> Message-ID:
> <CALB7Hc8tyNLMun9CLLcAfZkSyyBk6e5guDEjpscxOtniTg1FAQ_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> I am using curl_easy_perform for making HTTP(S) operations using the same
> curl handle (reusing the same curl handle for connection persistence).
> There are 2 things I want to achieve:
>
> 1. How can check using the curl handle if the connection is still
> established (the connection is not closed)?
>
> 2. How can I close the underlying HTTP connection without calling
> "curl_easy_cleanup"?
>
> Thanks,
> Ranjan
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180302/61260c8b/attachment-0001.html>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 2 Mar 2018 16:13:35 -0600
> From: John Hascall <john_at_iastate.edu>
> To: curl-library_at_cool.haxx.se
> Subject: Bearer token authentication?
> Message-ID:
> <CADCx5Mo80N8zOywc6xScXrrAC9CJ7CEQQcXho4k87ygAyvyeYA_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Has any thought been given to the possibility of something along these
> lines:
>
>
> curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
> curl_easy_setopt(curl, CURLOPT_BEARER_TOKEN, token);
>
> *or*
> curl_easy_setopt(curl, CURLOPT_PASSWORD, token);
>
>
> because faffing around in the struct curl_slist of headers to
> ​ ​
> replace the "Authorization Bearer *token*" header every time you have
> ​ ​
> a new token
> (especially with short-lived tokens like at api.box.com)
> ​ ​
> is annoying
> ​ (and
> smells of an abstraction violation).
>
> Or am I missing some sane way to do it?
>
>
> John​
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180302/021c86f8/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 2 Mar 2018 16:00:03 -0800
> From: Prashant Chaudhari <prashantsc_at_gmail.com>
> To: curl-library_at_cool.haxx.se
> Subject: Re: Fwd: Security fix: reset memory of
> Curl_easy->UserDefined->str
> Message-ID:
> <CAFLRTxYj1Qp66AWE1EtLE3E-7Gx=gR6a1kgCObtt=jgEsaBcOA_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> From: Daniel Stenberg <daniel_at_haxx.se
> <daniel_at_haxx.se?Subject=Re:%20Fwd:%20Security%20fix:%
> 20reset%20memory%20of%20Curl_easy-&gt;UserDefined-&gt;str>>
>
> Date: Fri, 2 Mar 2018 17:45:30 +0100 (CET)
>
> On Thu, 1 Mar 2018, Prashant Chaudhari wrote:
>
> *> I would like to add attached patch, which zero out the user defined
> data. I *
> *> am particularly targeting to reset the password/authentication secrets.
> *
> *> *
> *> Please find attached patch on the libcurl version 7.57.0. and let me
> know if *
> *> you can accept it and release. *
>
> Thanks, can you please make it a "unified" diff? Like when using -u with
> the
> diff tool? That makes it easier for us to receive and review it!
>
>
> Please find attached unified diff file with the same fix.
>
> Regards,
> Prashant
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180302/25674986/attachment-0001.html>
> -------------- next part --------------
> --- url.c 2018-01-30 16:19:20.307137284 -0800
> +++ url-changed.c 2018-03-01 13:58:03.530696648 -0800
> @@ -281,6 +281,9 @@
> /* Free all dynamic strings stored in the data->set substructure. */
> enum dupstring i;
> for(i = (enum dupstring)0; i < STRING_LAST; i++) {
> + if (data->set.str[i]) {
> + memset(data->set.str[i], 0, strlen(data->set.str[i]) * sizeof
> (data->set.str[i][0]));
> + }
> Curl_safefree(data->set.str[i]);
> }
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 3 Mar 2018 10:49:27 +0530
> From: surya chandrika <contactsuryac_at_gmail.com>
> To: curl-library_at_cool.haxx.se
> Subject: crash issue: while invoking easy perform.
> Message-ID:
> <CAOZga=YswrVAEsRonWQyFfJxq+5K-iEAf4wVh=kw9tEbpyHJ5w_at_mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Am getting following crash issue:
>
> BT:
>
> #0 0x00007f5a2c4344ab in raise (sig=11)
> at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
> #1 0x00007f5a310b4582 in skgesigOSCrash ()
> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1
> #2 0x00007f5a316d48a5 in kpeDbgSignalHandler ()
> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1
> #3 0x00007f5a310b48c0 in skgesig_sigactionHandler ()
> from /usr/lib/oracle/12.2/client64/lib/libclntsh.so.12.1
> #4 <signal handler called>
> #5 __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:
> 66
> #6 0x00007f5a29ddee49 in PR_Lock () from /lib64/libnspr4.so
> #7 0x00007f5a33130747 in nss_connect_common () from /lib64/libcurl.so.4
> #8 0x00007f5a3312795e in Curl_ssl_connect_nonblocking () from
> /lib64/libcurl.so.4
> #9 0x00007f5a330fee4d in Curl_http_connect () from /lib64/libcurl.so.4
> #10 0x00007f5a331214a5 in multi_runsingle () from /lib64/libcurl.so.4
> #11 0x00007f5a33122221 in curl_multi_perform () from /lib64/libcurl.so.4
> #12 0x00007f5a33119523 in curl_easy_perform () from /lib64/libcurl.so.4
>
>
> acc to logic only curl_easy_perform () should be invoked, but not sure
> why BT shows curl_multi_perform () is it internally invoked from curl.
>
> Please let me know if anyone is familiar with this.
>
> Note:
>
> $ curl --version
> curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.28.4 zlib/1.2.7
> libidn/1.28 libssh2/1.4.3
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
> pop3s rtsp scp sftp smtp smtps telnet tftp
> Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
> unix-sockets
>
> Regards,
> Surya
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://cool.haxx.se/pipermail/curl-library/
> attachments/20180303/f6ac0160/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> curl-library mailing list
> curl-library_at_cool.haxx.se
> https://cool.haxx.se/cgi-bin/mailman/listinfo/curl-library
>
>
> ------------------------------
>
> End of curl-library Digest, Vol 151, Issue 4
> ********************************************
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-03-04