AW: Issue with Outputting CURL Verbose Info to a File
Hi, > Do you think anything else could be causing this problem? could you send a full example (compilable)? Thanks, Patrick --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Issue with Outputting CURL Verbose Info to a File
Hi Patrick, Thanks for the tip, but sadly it still doesn't work for me. When I use a reference (&) all the verbose info gets displayed to the console, while with a pointer (*) it vanishes (not on the console or in the file). Do you think anything else could be causing this problem? Thanks for the assistance, Chris On Tue, Feb 6, 2018 at 5:08 PM, Patrick Schlangenwrote: > Hi, > > > but it never seems to output anything to the file > > try passing a FILE * to the curl_easy_setopt instead of a FILE &. > > Best Regards > > Patrick > > > > > --- > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
curl_easy_getinfo return codes
Hi All, While trying to read response of a multiperform. res = curl_easy_getinfo( e, CURLINFO_RESPONSE_CODE, _code ) if curl_easy_getinfo returns a value res != CURLE_OK, Please let me know 1. Should i re-try this request. 2. Drop this request. Would the error code returned by this function same as in the below list: https://curl.haxx.se/libcurl/c/libcurl-errors.html Or is it like in case if res != CURLE_OK, it would have a valid response_code , which could be looked upon for further actions. Regards, Surya --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: "URLs are dangerous things"
On Tue, Feb 06, 2018 at 01:47:50PM +0100, Daniel Stenberg wrote: > But in the context of "dangerous things", how do see the user + password in > the URL used to harm the application or the server? If the application/script sets --netrc then an attacker would just need to supply a username and curl would fill in the password, allowing attacks on machines that honoured those credentials (probably only local machines). And if --negotiate or --ntlm are enabled, then the attacker may not even need to supply a username to attack a local machine, as the request could be automatically authenticated as the local user. >>> Dan --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: "URLs are dangerous things"
A couple of quick points: "Localhost is hard to protect" says "may be possible to exploit to "port-scan" the particular hosts". I think that needs a slight rewording. I had never heard of WHATWG - perhaps a link to https://daniel.haxx.se/blog/tag/whatwg/ (etc) might be helpful. Pete On Tue, 6/2/18, Daniel Stenbergwrote: Subject: "URLs are dangerous things" To: "libcurl hacking" Date: Tuesday, 6 February, 2018, 7:24 Hi friends, Every now and then we get security problems reported to us that are really just various types of attacks you can do if you can either A) modify the url your curl application is using and/or B) have a server respond with a perfectly fine protocol-wise but malicious response to curl. Letting users freely set the URL, or parts of the URL, for your curl-using application can get consequences. I've started to document exactly what consequences and how: https://gist.github.com/bagder/c22b31fab3bf9e21ff82f872bd5bd372#file-urls-in-curl-md I'm interested in feedback and help in polishing it up to actually be helpful. -- / daniel.haxx.se --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html --- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html