> In the curl security team, we have a discussion going on with someone who
> wants a set of memory-leaks we fixed in the past to be highlighted and
> reported as "security problems".
Hi,
I think a bug is a security issue when an unauthorized person can deliberately
exploit it. It may still
>> I have simulated with the command line and indeed see a second request
>> in which the url is unchanged compared to the first request. But why
>> are we seeing the changed url in the WireShark?
> It shouldn't change, it's a bug. But a bug we've not heard of before which
> makes me suspect
> I think it doesn't matter (or does it?) but you've not quoted the URL,
> resulting in the "group" parameter getting lost.
Doesn't matter. Camera will return all groups instead
Path part gets across as intended and that was the goal
> Other documents I found that can use CURLOPT_INTERLEAVEFUNCTION and
> CURLOPT_INTERLEAVEDATA to get
> RTP data from RTSP server. But I still don't understand where I can get image
> data.
Curl only does the RTSP for you, like is the case with HTTP. RTSP-interleaving
you can see as
Oops! Overlooked the other mail with the same suggestion
sorry
-Original Message-
From: curl-library On Behalf Of Erik
Janssen via curl-library
Sent: woensdag 1 juli 2020 09:09
To: libcurl development
Cc: Erik Janssen
Subject: RE: Considering a version 8 at some point...
> I ag
> I agree with jumping to the version 8 as long as we define what would be the
> futur scheme post-8.
> - Having an important step forward/addition to the project?
Would it make sense to keep version 7 as a 'Long Term Support' version that
receives bugfixes and security updates but no
> how to store that bitstream as video file .if i want to display that
> bitstream as video what are the
> ways you can suggest ?
You can dump it to a file and vlc/ffmpeg can play that raw content. But it will
go as fast as possible because the framerate isn’t known. For this you will
need
The url you generate is a bit flaky
I think it should be like this:
SETUP rtsp://freja.hiof.no:1935/rtplive/definst/hessdalen03.stream/trackID=2
RTSP/1.0
PLAY rtsp://freja.hiof.no:1935/rtplive/definst/hessdalen03.stream/ RTSP/1.0
I get media from it using my curl-based client, unfortunately own
Hi,
I use libcurl for http, plain sockets and rtsp. rtsp is a bit problematic
because a transfer in rtsp context
consists of a series of steps which are each individual transfers to libcurl.
At each
curl_multi_remove_handle() - curl_multi_add_handle() to get at the next rtsp
step the link
> So I'm wondering, would there be openness to adding a warning to curl, if it
> sees smart quotes on the command line, that it would say something to the
> user? I'd > be willing to try a PR if there is agreement to try to implement
> this.
curl has nothing to do with that... it is the shell
Hi Nicolas,
>> Maybe this is not a curl question, and it is my lack of knowledge about
>> storage of credentials getting in the way.
> It is not really a curl question, I agree. Even though, I’ll try to give you
> some advice.
Thanks for the direction. I realize now these days a low-overhead
Hi,
Maybe this is not a curl question, and it is my lack of knowledge about storage
of credentials getting in the way.
Reading https://en.wikipedia.org/wiki/Digest_access_authentication made me
realise that if I could store the username + password after first successful
connection as "HA1",
Hi,
I doubt whether curl should go that way.
I so see a point in explicitly wiping previous url or credentials when the next
one, or empty string, is specified. It would reduce, but not eliminate, a
potential attack surface. However, generic wipe of memory is expensive but
doesn't solve the
I think involuntary introducing https in systems not expecting it, and not in
need for it, is not the way to go
Lot of simple scripts performing automated tests, configure embedded devices,
etc, will break because the server not talking https
Secure systems will specify https:// explicitly and
Hi
Yes, thanks. Ignore my post. "Shouldn't I check the docs" I was thinking
microseconds before pressing Send.
Actually I read that part over and over years ago. Seems I mixed it up with my
own strategy to deal with things.
Erik
-Original Message-
From: curl-library On Behalf Of
Hi Eric,
Libcurl is not threadsafe. Study the multi interface and run everything curl on
a single thread instead.
It takes a bit more work but saves resources.
Erik
-Original Message-
From: curl-library On Behalf Of erbenton
Sent: dinsdag 31 juli 2018 09:28
To:
The server might be of questionable nature, looking at its identification
Are you sure there is payload on the wire? Do you get data when you try the
same request with the commandline curl?
Erik
From: curl-library [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of
Suganthi
Sent: dinsdag
> However, as you can see there is another $ packet within the RTP payload.
> This messes up the remaining packet and packets to follow.
I think it is exactly like you say. That second $ is a valid byte of the
payload. Only start interpreting interleave headers 1122 bytes after the first
one
> Only TCP packets that are complete are being captured and processed in the
> callback.
I never had that. But I never saw several packets on a single line in wireshark
like in your screenshot, so maybe you run into something not experienced by
anyone. Not so many people use this.
But when I
Hi,
No you can't.
The UDP data has nothing to do with the curl connection! So you should open a
socket for RTP and RTCP yourself, using the numbers that are the result of the
SETUP, and handle the traffic. You can pass the sockets to the same
curl_multi_wait() so a single loop can handle both
Hi,
> Using the "multi-single.c" example[1] as a testbed, I notice that after
> adding the easy
> handle and calling curl_multi_perform, the curl_multi_wait call returns
> immediately
> and sets numfds to 0, indicating there is no fd to wait on.
What is 'immediately' and what happens on the
> I'm getting this error while trying to get an image from a sharepoint server.
> That image is already visible using the same link in the browser within the
> same machine where I can't get it using libcurl.
> But I can't get it using the following code and I'm getting only an error
>
I don't think this list is the right place to find help, unless someone happens
to be a fluent sharepoint user
Curl-wise everything works doesn't it?
Erik
From: curl-library [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of
RHAIEM, Mohamed Slim via curl-library
Sent: vrijdag 24 november
>> Is there some way to see at what timestamp the last read succeeded?
> Not really, but CURLOPT_WRITEFUNCTION is called every time there is data so
> you know that there hasn't been any data
> read since the last callback.
That is how I solved it, keep a timer of your own, restart it from the
Hi,
I recall fiddling out what happens in such cases by copying the entire compiler
invocation from the log and run it by hand
Good luck… I think this will be one of the more trivial problems you will
encounter on this journey
Erik
From: curl-library [mailto:curl-library-boun...@cool.haxx.se]
camera does not work at all and the other only with
udp.
On Wed, Aug 09, 2017 at 10:58:09AM +, Erik Janssen wrote:
> Hi,
>
> my guess: upgrade to newer version. RTSP Authentication is only handled from
> 7.45 or so.
>
> Erik
>
>
> Oorspronkelij
Hi,
my guess: upgrade to newer version. RTSP Authentication is only handled from
7.45 or so.
Erik
Oorspronkelijk bericht
Van: folkert
Datum: 09-08-17 11:58 (GMT+01:00)
Aan: curl-library@cool.haxx.se
Onderwerp: rtsp
Hi,
Tring to get
> I am storing the content in a .avi file.
You can't do that. What you get is an endless HTT response that carries a
stream, not a file. You have to extract the payload from the HTTP response and
write in a container format yourself, upon completion you need to write
Hi Pawel,
Sorry to respond months after the fact. I scanned the list for RTSP and found
this one.
Daniels comment is really important. You must set the CURL_RTSPREQ_RECEIVE
before adding it to the multi, otherwise the handle has nothing to do and will
fall-through like you observed.
So:
. Still climbing that hill :)
Erik
-Original Message-
From: Daniel Stenberg [mailto:dan...@haxx.se]
Sent: donderdag 11 augustus 2016 13:25
To: Erik Janssen <erik.jans...@axis.com>
Cc: libcurl development <curl-library@cool.haxx.se>
Subject: RE: [Patch] accept any RTSP session id
Hi,
> Ok, I was sloppy and didn't run the tests before I merged this. It turns out
> we have test 569
> that verifies that we don't accept spaces as part of the RTSP session id.
> Like this:
>
> Session:\$extraspaces ignore-this-part---;foo=bar
>
> So, do you think we should fix
Hi,
I propose the following small change to make libcurl work in communication with
gstreamer-based RTSP servers. See attached patch against 7.50.1.
The original code validates the session id to be in accordance with the RFC. I
think it is better not to do that:
- For curl the actual
Hi Chris,
I am sorry to reply so late, I use RTSP interleaved all the time.
Did you get it going? These are the options I set to initialize:
my_curl_easy_setopt(m_curl, CURLOPT_INTERLEAVEDATA, (void*)this);
my_curl_easy_setopt(m_curl, CURLOPT_INTERLEAVEFUNCTION,
>> Each of my curl handles has a different CURLOPT_INTERLEAVEDATA. If I
>> play more than one session from a single host then curl may pass the
>> CURLOPT_INTERLEAVEDATA of the wrong curl handle to my
>> CURLOPT_INTERLEAVEFUNCTION, which is always the same.
> Can you help us with a recipe on
Hi,
Libcurl 7.43
RTSP with RTP interleaving using the multi interface only works correct with
one session per host at a time.
Each of my curl handles has a different CURLOPT_INTERLEAVEDATA. If I play more
than one session from a single host then curl may pass the
CURLOPT_INTERLEAVEDATA of
Hi,
With reference to this patch from years ago from Jim Hollinger:
http://comments.gmane.org/gmane.comp.web.curl.library/32043
I'd like to provide the attached patch on 7.43. It respects section 4.4 of
rfc2326: If the Content-Length header is absent, a length 0 must be assumed.
It will prevent
Hello all,
Please find attached a patch for RTSP authentication, credits to Jim Hollinger.
Original at: http://comments.gmane.org/gmane.comp.web.curl.library/32043
This patch is the unmodified authentication-part of it, I only made it against
7.43 to make it easier to use today
Regards,
Erik
, 1 Oct 2014, Erik Janssen wrote:
Stumbled on section 9.2 in the RFC 2326, which is explicit:
Unlike HTTP, an RTSP message MUST contain a Content-Length header
whenever that message contains a payload. Otherwise, an RTSP packet
is terminated with an empty line immediately following
:50:11 +0200 (CEST)
From: Daniel Stenberg dan...@haxx.se
To: libcurl development curl-library@cool.haxx.se
Subject: Re: rtsp authentication not working
Message-ID: alpine.deb.2.00.1409261329280.23...@tvnag.unkk.fr
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
On Fri, 26 Sep 2014, Erik
Hi,
I have been using the http://curl.haxx.se/libcurl/c/rtsp.html example which
uses the curl_easy interface, and RTP interleaving. To reveive the
interleaved data I have modified that example to call curl_easy_perform
repeatedly as explained elsewhere in the list archives.
I have been
Hi,
I noticed Basic/Digest authentication is not supported in libcurl. There are
some older posts about this on the mailing list. There is this patch from long
ago:
http://comments.gmane.org/gmane.comp.web.curl.library/32043
I applied this to the 7.38 sources and recompiled. It works like a
41 matches
Mail list logo