AW: Issue with Outputting CURL Verbose Info to a File

[Patrick Schlangen]

Hi,

> Do you think anything else could be causing this problem?

could you send a full example (compilable)?

Thanks,

Patrick




---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Issue with Outputting CURL Verbose Info to a File

[Chris Molnar]

Hi Patrick,

Thanks for the tip, but sadly it still doesn't work for me. When I use a
reference (&) all the verbose info gets displayed to the console, while
with a pointer (*) it  vanishes (not on the console or in the file).
Do you think anything else could be causing this problem?

Thanks for the assistance,
Chris

On Tue, Feb 6, 2018 at 5:08 PM, Patrick Schlangen 
wrote:

> Hi,
>
> > but it never seems to output anything to the file
>
> try passing a FILE * to the curl_easy_setopt instead of a FILE &.
>
> Best Regards
>
> Patrick
>
>
>
>
> ---
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette:   https://curl.haxx.se/mail/etiquette.html
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

curl_easy_getinfo return codes

[surya chandrika]

Hi All,

While trying to read response of a multiperform.

 res = curl_easy_getinfo( e, CURLINFO_RESPONSE_CODE, _code )

if  curl_easy_getinfo  returns a value  res  != CURLE_OK, Please let me know
1. Should i re-try this request.
2. Drop this request.
Would the error code returned by this function same as in the below list:
https://curl.haxx.se/libcurl/c/libcurl-errors.html


Or is it like in case if res   != CURLE_OK, it would have a valid
response_code , which could be looked upon for further actions.

Regards,
Surya
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: "URLs are dangerous things"

[Dan Fandrich]

On Tue, Feb 06, 2018 at 01:47:50PM +0100, Daniel Stenberg wrote:
> But in the context of "dangerous things", how do see the user + password in
> the URL used to harm the application or the server?

If the application/script sets --netrc then an attacker would just need to
supply a username and curl would fill in the password, allowing attacks on
machines that honoured those credentials (probably only local machines). And if
--negotiate or --ntlm are enabled, then the attacker may not even need to
supply a username to attack a local machine, as the request could be
automatically authenticated as the local user.

>>> Dan
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: "URLs are dangerous things"

[Pete Lomax]

A couple of quick points:
"Localhost is hard to protect" says "may be possible to exploit to "port-scan" 
the particular hosts". I think that needs a slight rewording.

I had never heard of WHATWG - perhaps a link to 
https://daniel.haxx.se/blog/tag/whatwg/ (etc) might be helpful.

Pete

On Tue, 6/2/18, Daniel Stenberg  wrote:

 Subject: "URLs are dangerous things"
 To: "libcurl hacking" 
 Date: Tuesday, 6 February, 2018, 7:24
 
 Hi friends,
 
 Every now and then we get security
 problems reported to us that are really 
 just various types of attacks you can
 do if you can either A) modify the url 
 your curl application is using and/or
 B) have a server respond with a 
 perfectly fine protocol-wise but
 malicious response to curl.
 
 Letting users freely set the URL, or
 parts of the URL, for your curl-using 
 application can get consequences.
 
 I've started to document exactly what
 consequences and how:
 
 
https://gist.github.com/bagder/c22b31fab3bf9e21ff82f872bd5bd372#file-urls-in-curl-md
 
 I'm interested in feedback and help in
 polishing it up to actually be helpful.
 
 -- 
 
   / daniel.haxx.se
 ---
 Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
 Etiquette:   https://curl.haxx.se/mail/etiquette.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html