On Tue, Nov 23, 2010 at 04:54:57PM -0500, Paulo Garcia wrote: > I'm creating a C++ application (Windows 7 32 bits/VS 2010) and I'm > having an interesting behavior. > > Basically I'm trying to grab files from depositfile.com directly. If I > set my URL like this: > > > char localUrl[MAX_FILEPATH]; > sprintf(localUrl,"http://depositfiles.com%s";, redirection); > curl_easy_setopt(handle, CURLOPT_URL, localUrl); > res = curl_easy_perform(handle); > > I get an error "400 Bad Request". > > But, if I send exactly the same URL as constant, like this: > > curl_easy_setopt(handle, CURLOPT_URL, > "http://depositfiles.com/en/files/6kpdasddasa3svf";); > > I get the right page! > > I have checked the content of localUrl before calling the > curl_easy_perform() function, and it is exactly the same (using > debug). > > I cannot see what's wrong. > > Any ideas?
MAX_FILEPATH isn't a very good constant to use as the size of a URL buffer, since it relates to the filesystem in use on the local system and has nothing to do with URLs. It could be that the sprintf is overwriting the end of the buffer and the last part of the buffer is being clobbered by the time it's being used by libcurl. Try using a buffer that's known to be large enough, and use snprintf/ _snprintf/strlcat to append the location, checking that the operation succeeds. Enable libcurl tracing and see exactly what URL is being requested on the way out. Note also that creating a URL this way is unsafe in at least two ways: the buffer could be overwritten by a long Location: string returned by the remote server (I'm assuming that's what "redirection" holds) allowing a stack smashing attack and possible arbitrary code execution, and the way this code builds the string opens you to redirections to completely different sites (e.g. if "redirection" is .badserver.biz/badfile.exe you'll be redirected to http://depositfiles.com.badserver.biz/badfile.exe, on a completely different domain). Please read the Security Considerations section in the libcurl-tutorial(3) man page. >>> Dan ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
