Friendica
daniel:// stenberg://
daniel:// stenberg://

daniel:// stenberg://

bagder@mastodon.social

daniel:// stenberg://

bagder@mastodon.social
I write curl. I don't know anything.
ActivityPub
2024-02-23 21:39:50 2024-02-23 15:16:47 2024-02-23 15:16:35 4580207

daniel:// stenberg://
daniel:// stenberg://
mastodon - Link to source

daniel:// stenberg://

1 year ago • •

daniel:// stenberg://

1 year ago • •

#curl HTTP/3 #security #audit

Performed by Trail of Bits. They found things to fix but nothing critical and no security flaws.

daniel.haxx.se/blog/2024/02/23…

curl HTTP/3 security audit | daniel.haxx.se

daniel.haxx.se
#security #audit #curl
  •  Languages
  •  Search Text
  •  Share via ...
in reply to daniel:// stenberg://

daniel:// stenberg://
mastodon - Link to source

daniel:// stenberg://

in reply to daniel:// stenberg:// • 1 year ago • •
I like this little snippet from the report:
cURL’s HTTP/3 code engages in relatively little direct memory management, instead relying on prewritten alloc/init and free functions for common primitives such as bufq and dynbuf. Array accesses are appropriately bounded, potentially null pointers checked, and so on.
  •  Languages
  •  Search Text
  •  Share via ...
in reply to daniel:// stenberg://

Stefan Eissing
mastodon - Link to source

Stefan Eissing

in reply to daniel:// stenberg:// • 1 year ago • •
I like that very much as well. Some official approval of our coding!
  •  Languages
  •  Search Text
  •  Share via ...
in reply to daniel:// stenberg://

daniel:// stenberg://
mastodon - Link to source

daniel:// stenberg://

in reply to daniel:// stenberg:// • 1 year ago • •
on hacker news: news.ycombinator.com/item?id=3…

Curl HTTP/3 security audit | Hacker News

news.ycombinator.com
  •  Languages
  •  Search Text
  •  Share via ...
⇧