Search
Items tagged with: curl
Over the last five years of #curl's bug-bounty we have received 489 submissions. For these 489 submissions the *median* first-response time has been, as calculated by Hackerone: 0 (zero) hours. If this does not ooze of awesomeness from a security team I don't know what does.
I presume they round or truncate to the nearest integer hour. Still means more than half of them got answered within an hour. Whenever or from wherever they were filed.
We take security seriously.
"#curl is being used by several hundred projects around the European Commission"
curl is everywhere for everyone
Not bad for a "hobby"!
sendf: Curl_cwriter_write: remove comment disallowing zero length by schicho · Pull Request #13477 · curl/curl
Curl_client_write calls Curl_cwriter_write, which already has this limitation in place in its comment. blen is not checked in Curl_client_write. Stumbled upon this working on my other MQTT PR.GitHub
Awesome, so much to learn wrt. libcurl! 😍 Posting links below in case anyone is looking for them ✨
📺 Getting started with libcurl
• https://youtube.com/watch?v=aS2eJDA5nSM
📺 Mastering libcurl
• https://youtube.com/watch?v=ZQXv5v9xocU
• https://youtube.com/watch?v=9KqnXsSxqGA
Mastering libcurl (2/2) with Daniel Stenberg
Transfers, Share API, TLS, Proxies, HTTP, Header API, URL API. WebSocket. Future0:00 mastering libcurl part two0:35 setup2:30 agenda4:56 Transfers5:14 Downl...YouTube
Nine years ago today, a #curl command line was prominent on an even larger display...
https://daniel.haxx.se/blog/2015/04/24/curl-on-the-nasdaq-tower/
tool_operate: don't truncate the etag save file by default by Gusted · Pull Request #13432 · curl/curl
This fixes a regression of 75d79a4. The code in tool-operate truncated the etag save file, under the assumption that the file would be written with a new etag value. However since 75d79a4 that migh...GitHub
Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.
Submit your suspected curl securirty issue here: https://hackerone.com/curl
curl - Bug Bounty Program | HackerOne
The curl Bug Bounty Program enlists the help of the hacker community at HackerOne to make curl more secure.HackerOne
Enable test 1117 for hyper HTTP backend as it currently works by Alvenix · Pull Request #13436 · curl/curl
This PR is intended to test the CICD for now, as when I tried this test with the latest hyper it worked. Edit: It seems the test is successful on CICD, so it may be enabled. (Sorry If I missed some...GitHub
If you use brew’s curl on macOS, are you really using it? I installed and had curl setup a couple of years ago. Today it appears that curl was now pointing to Apple’s version, which has this issue (https://daniel.haxx.se/blog/2024/03/08/the-apple-curl-security-incident-12604/). Looks like brew doesn’t add a symlink for curl to /opt/homebrew/bin. Running `ln -s /opt/homebrew/opt/curl/bin/curl /opt/homebrew/bin` resolved the issue.
#TLS #EncryptedClientHello #ECH support has been merged in #curl!
https://github.com/curl/curl/pull/11922
ECH experimental by sftcd · Pull Request #11922 · curl/curl
This is an (as-promised, on the mailing list) early pull request for adding HTTPS RR an ECH support to cURL, that has had so far minimal testing when using OpenSSL or wolfSSL as the TLS provider, b...GitHub
url: fix use of an uninitialized variable by jimmy-park · Pull Request #13399 · curl/curl
The following bug is detected by UndefinedBehaviorSanitizer on Apple Clang. /Users/jimmy.park/Repos/curl_client/build/.cache/curl/760adaf446db44888b0a6d906e318c6147c808ba/lib/url.c:810:10: runtime ...GitHub
Recent additions to the #CURL project from me
Anyone can contribute to an open source project. It is some effort, but you can push changes you make locally back to the project to improve it and make your improvements a part of the project.
https://www.mbsplugins.de/archive/2024-04-17/Recent_additions_to_the_CURL_p
Dockerfile for release automation by daniel-j-h · Pull Request #13250 · curl/curl
Hey @bagder 👋 I've seen your post on mastodon on how to reproduce the release tarballs. I wanted to bounce this off of you as an idea We can check in a Dockerfile build environment based on a spec...GitHub
Write function callback is called twice after resume transfer and return CURL_WRITEFUNC_ERROR · Issue #13337 · curl/curl
I did this We have the scenario when we put the transfer on pause and resume it after a while and then stop transfer with CURL_WRITEFUNC_ERROR. For that we register CURLOPT_WRITEFUNCTION callback a...GitHub
ECH experimental by sftcd · Pull Request #11922 · curl/curl
This is an (as-promised, on the mailing list) early pull request for adding HTTPS RR an ECH support to cURL, that has had so far minimal testing when using OpenSSL or wolfSSL as the TLS provider, b...GitHub
Support for RFC 9421 - HTTP Message Signatures in #curl ?
https://github.com/curl/curl/discussions/13376
Support for RFC 9421 - HTTP Message Signatures · curl curl · Discussion #13376
Hello, Is there any interest to add support for RFC 9421 - HTTP Message Signatures to curl ? I saw that curl already support AWS Signature v4 (with --aws-sigv4), and I feel this RFC is a generaliza...GitHub
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE by the-blank-x · Pull Request #13372 · curl/curl
The bounds of the size parameter were not specified, and nor was it specified how to disable the maximum file size check. The documentation also incorrectly stated that CURLOPT_MAXFILESIZE always r...GitHub
#curl sometimes fails to access some servers. In most situations the problem is not in curl itself but on the server side. Example:
1. Fails: curl https://www.radissonhotels.com
2. Works: curl -A 'Mozilla/5.0 xx Chrome/119' https://www.radissonhotels.com
3. Fails: curl -A 'Mozilla/5.0 xx Chrome/118' https://www.radissonhotels.com
4. Fails, too: curl -A 'Mozilla/5.0 xx Chrome/1189' https://www.radissonhotels.com
Perhaps they perform #filtering to obtain improved #security? It's hard to tell, but any serious attacker surely knows how to spoof the user agent string and bypass such simple #regex
On this day twenty-six years ago, we shipped #curl 4.2
It introduced HTTPS support (powered by SSLeay) and the -T command line option.
As a bonus, a look at the original cURL logo:
Let's kick this fine Monday morning off with a #curl issue filed against curl 7.37.0, released in May 2014...
https://github.com/curl/curl/issues/13370
occasional crash when execute curl_easy_perform · Issue #13370 · curl/curl
I did this Use curl_easy_perform to upload json text or file I expected the following curl_easy_perform is executed successfully. curl/libcurl version 7.37.0 operating system CentOS-7 Crash stack H...GitHub
Today I found a TUI frontend for curl! 🔥
🌀**cute**: TUI HTTP client with API/auth key management and request history/storage.
🌐 Supports importing Postman collections!
🦀 Written in Rust & built with @ratatui_rs
⭐ GitHub: https://github.com/PThorpe92/CuTE
#rustlang #ratatui #tui #curl #http #request #api #auth
GitHub - PThorpe92/CuTE: HTTP client/libcurl TUI front end in Rust, with request + key storage
HTTP client/libcurl TUI front end in Rust, with request + key storage - PThorpe92/CuTEGitHub
Found another Curl resource; that always makes me giddy.
http://cheat.sh/
It's a set of command line cheat sheets accessible through super simple curl requests.
#curl
On this day, eleven years ago, we shipped #curl 7.30.0 which among lots of things introduced support for STARTTLS with imap, pop3 and smtp.
docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example by To1ne · Pull Request #13348 · curl/curl
It's important to set CURLOPT_NOPROGRESS to 0 if you want your transfer callback function, set by CURLOPT_XFERINFOFUNCTION, getting called. To emphasize this to the users, add this to the code exam...GitHub