RE: On memory-leaks as security problems

> In the curl security team, we have a discussion going on with someone who > wants a set of memory-leaks we fixed in the past to be highlighted and > reported as "security problems". Hi, I think a bug is a security issue when an unauthorized person can deliberately exploit it. It may still

RE: FW: GET http request

>> I have simulated with the command line and indeed see a second request >> in which the url is unchanged compared to the first request. But why >> are we seeing the changed url in the WireShark? > It shouldn't change, it's a bug. But a bug we've not heard of before which > makes me suspect

RE: FW: GET http request

> I think it doesn't matter (or does it?) but you've not quoted the URL, > resulting in the "group" parameter getting lost. Doesn't matter. Camera will return all groups instead Path part gets across as intended and that was the goal

RE: How to get a frame of image data from RTSP stream

> Other documents I found that can use CURLOPT_INTERLEAVEFUNCTION and > CURLOPT_INTERLEAVEDATA to get > RTP data from RTSP server. But I still don't understand where I can get image > data. Curl only does the RTSP for you, like is the case with HTTP. RTSP-interleaving you can see as

RE: Considering a version 8 at some point...

Oops! Overlooked the other mail with the same suggestion sorry -Original Message- From: curl-library On Behalf Of Erik Janssen via curl-library Sent: woensdag 1 juli 2020 09:09 To: libcurl development Cc: Erik Janssen Subject: RE: Considering a version 8 at some point... > I ag

RE: Considering a version 8 at some point...

> I agree with jumping to the version 8 as long as we define what would be the > futur scheme post-8. > - Having an important step forward/addition to the project? Would it make sense to keep version 7 as a 'Long Term Support' version that receives bugfixes and security updates but no

RE: curl-library Digest, Vol 174, Issue 10

> how to store that bitstream as video  file .if i want to display that > bitstream  as video what are the > ways you can  suggest ? You can dump it to a file and vlc/ffmpeg can play that raw content. But it will go as fast as possible because the framerate isn’t known. For this you will need

RE: rtsp curl code not playing video

The url you generate is a bit flaky I think it should be like this: SETUP rtsp://freja.hiof.no:1935/rtplive/definst/hessdalen03.stream/trackID=2 RTSP/1.0 PLAY rtsp://freja.hiof.no:1935/rtplive/definst/hessdalen03.stream/ RTSP/1.0 I get media from it using my curl-based client, unfortunately own

multiple rtsp connections to same host in multi interface

Hi, I use libcurl for http, plain sockets and rtsp. rtsp is a bit problematic because a transfer in rtsp context consists of a series of steps which are each individual transfers to libcurl. At each curl_multi_remove_handle() - curl_multi_add_handle() to get at the next rtsp step the link

RE: smart quotes warning

> So I'm wondering, would there be openness to adding a warning to curl, if it > sees smart quotes on the command line, that it would say something to the > user? I'd > be willing to try a PR if there is agreement to try to implement > this. curl has nothing to do with that... it is the shell

RE: use 'first hash' instead of password to do digest auth

Hi Nicolas, >> Maybe this is not a curl question, and it is my lack of knowledge about >> storage of credentials getting in the way. > It is not really a curl question, I agree. Even though, I’ll try to give you > some advice. Thanks for the direction. I realize now these days a low-overhead

use 'first hash' instead of password to do digest auth

Hi, Maybe this is not a curl question, and it is my lack of knowledge about storage of credentials getting in the way. Reading https://en.wikipedia.org/wiki/Digest_access_authentication made me realise that if I could store the username + password after first successful connection as "HA1",

RE: libcurl leaks information in freed memory

Hi, I doubt whether curl should go that way. I so see a point in explicitly wiping previous url or credentials when the next one, or empty string, is specified. It would reduce, but not eliminate, a potential attack surface. However, generic wipe of memory is expensive but doesn't solve the

RE: Deprecate falling back to http:// ?

I think involuntary introducing https in systems not expecting it, and not in need for it, is not the way to go Lot of simple scripts performing automated tests, configure embedded devices, etc, will break because the server not talking https Secure systems will specify https:// explicitly and

RE: segfault when using libcurl in thread but ok when used non threaded

Hi Yes, thanks. Ignore my post. "Shouldn't I check the docs" I was thinking microseconds before pressing Send. Actually I read that part over and over years ago. Seems I mixed it up with my own strategy to deal with things. Erik -Original Message- From: curl-library On Behalf Of

RE: segfault when using libcurl in thread but ok when used non threaded

Hi Eric, Libcurl is not threadsafe. Study the multi interface and run everything curl on a single thread instead. It takes a bit more work but saves resources. Erik -Original Message- From: curl-library On Behalf Of erbenton Sent: dinsdag 31 juli 2018 09:28 To:

RE: Multi CURL - persistent connection issue

The server might be of questionable nature, looking at its identification Are you sure there is payload on the wire? Do you get data when you try the same request with the commandline curl? Erik From: curl-library [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of Suganthi Sent: dinsdag

RE: Multiple '$' blocks in the INTERLEAVE callback function

> However, as you can see there is another $ packet within the RTP payload. > This messes up the remaining packet and packets to follow. I think it is exactly like you say. That second $ is a valid byte of the payload. Only start interpreting interleave headers 1122 bytes after the first one

RE: Read RTP data sent over UDP - non-interleaved mode

> Only TCP packets that are complete are being captured and processed in the > callback. I never had that. But I never saw several packets on a single line in wireshark like in your screenshot, so maybe you run into something not experienced by anyone. Not so many people use this. But when I

RE: Read RTP data sent over UDP - non-interleaved mode

Hi, No you can't. The UDP data has nothing to do with the curl connection! So you should open a socket for RTP and RTCP yourself, using the numbers that are the result of the SETUP, and handle the traffic. You can pass the sockets to the same curl_multi_wait() so a single loop can handle both

RE: Wait for a response using curl_multi_wait

Hi, > Using the "multi-single.c" example[1] as a testbed, I notice that after > adding the easy > handle and calling curl_multi_perform, the curl_multi_wait call returns > immediately > and sets numfds to 0, indicating there is no fd to wait on. What is 'immediately' and what happens on the

RE: image can't be downloaded from sharepoint server using libcurl (c++ code): HTTP/1.1 503 Service Unavailable

> I'm getting this error while trying to get an image from a sharepoint server. > That image is already visible using the same link in the browser within the > same machine where I can't get it using libcurl. > But I can't get it using the following code and I'm getting only an error >

RE: image can't be downloaded from sharepoint server using libcurl (c++ code): HTTP/1.1 503 Service Unavailable

I don't think this list is the right place to find help, unless someone happens to be a fluent sharepoint user Curl-wise everything works doesn't it? Erik From: curl-library [mailto:curl-library-boun...@cool.haxx.se] On Behalf Of RHAIEM, Mohamed Slim via curl-library Sent: vrijdag 24 november

RE: timeouts

>> Is there some way to see at what timestamp the last read succeeded? > Not really, but CURLOPT_WRITEFUNCTION is called every time there is data so > you know that there hasn't been any data > read since the last callback. That is how I solved it, keep a timer of your own, restart it from the

RE: Cross-compile libcurl for embedded arm target running freeRtos and LWIP stack

Hi, I recall fiddling out what happens in such cases by copying the entire compiler invocation from the log and run it by hand Good luck… I think this will be one of the more trivial problems you will encounter on this journey Erik From: curl-library [mailto:curl-library-boun...@cool.haxx.se]

Re: rtsp

camera does not work at all and the other only with udp. On Wed, Aug 09, 2017 at 10:58:09AM +, Erik Janssen wrote: > Hi, > > my guess: upgrade to newer version. RTSP Authentication is only handled from > 7.45 or so. > > Erik > > > Oorspronkelij

Re: rtsp

Hi, my guess: upgrade to newer version. RTSP Authentication is only handled from 7.45 or so. Erik Oorspronkelijk bericht Van: folkert Datum: 09-08-17 11:58 (GMT+01:00) Aan: curl-library@cool.haxx.se Onderwerp: rtsp Hi, Tring to get

RE: Issue with playback of video captured by libcurl

>   I am storing the content in a .avi file.    You can't do that. What you get is an endless HTT response that carries a stream, not a file. You have to extract the payload from the HTTP response and write in a container format yourself, upon completion you need to write

RE: multi interface and RTSP interleved

Hi Pawel, Sorry to respond months after the fact. I scanned the list for RTSP and found this one. Daniels comment is really important. You must set the CURL_RTSPREQ_RECEIVE before adding it to the multi, otherwise the handle has nothing to do and will fall-through like you observed. So:

RE: [Patch] accept any RTSP session id

. Still climbing that hill :) Erik -Original Message- From: Daniel Stenberg [mailto:dan...@haxx.se] Sent: donderdag 11 augustus 2016 13:25 To: Erik Janssen <erik.jans...@axis.com> Cc: libcurl development <curl-library@cool.haxx.se> Subject: RE: [Patch] accept any RTSP session id

RE: [Patch] accept any RTSP session id

Hi, > Ok, I was sloppy and didn't run the tests before I merged this. It turns out > we have test 569 > that verifies that we don't accept spaces as part of the RTSP session id. > Like this: > > Session:\$extraspaces ignore-this-part---;foo=bar > > So, do you think we should fix

[Patch] accept any RTSP session id

Hi, I propose the following small change to make libcurl work in communication with gstreamer-based RTSP servers. See attached patch against 7.50.1. The original code validates the session id to be in accordance with the RFC. I think it is better not to do that: - For curl the actual

RE: RTSP Interleaved Multi Interface

Hi Chris, I am sorry to reply so late, I use RTSP interleaved all the time. Did you get it going? These are the options I set to initialize: my_curl_easy_setopt(m_curl, CURLOPT_INTERLEAVEDATA, (void*)this); my_curl_easy_setopt(m_curl, CURLOPT_INTERLEAVEFUNCTION,

RE: rtsp with the multi interface mixes up the handles

>> Each of my curl handles has a different CURLOPT_INTERLEAVEDATA. If I >> play more than one session from a single host then curl may pass the >> CURLOPT_INTERLEAVEDATA of the wrong curl handle to my >> CURLOPT_INTERLEAVEFUNCTION, which is always the same. > Can you help us with a recipe on

rtsp with the multi interface mixes up the handles

Hi, Libcurl 7.43 RTSP with RTP interleaving using the multi interface only works correct with one session per host at a time. Each of my curl handles has a different CURLOPT_INTERLEAVEDATA. If I play more than one session from a single host then curl may pass the CURLOPT_INTERLEAVEDATA of

Patch for RTSP DESCRIBE returning no content

Hi, With reference to this patch from years ago from Jim Hollinger: http://comments.gmane.org/gmane.comp.web.curl.library/32043 I'd like to provide the attached patch on 7.43. It respects section 4.4 of rfc2326: If the Content-Length header is absent, a length 0 must be assumed. It will prevent

Patch for basic/digest authentication in RTSP

Hello all, Please find attached a patch for RTSP authentication, credits to Jim Hollinger. Original at: http://comments.gmane.org/gmane.comp.web.curl.library/32043 This patch is the unmodified authentication-part of it, I only made it against 7.43 to make it easier to use today Regards, Erik

RE: rtsp authentication not working

, 1 Oct 2014, Erik Janssen wrote: Stumbled on section 9.2 in the RFC 2326, which is explicit: Unlike HTTP, an RTSP message MUST contain a Content-Length header whenever that message contains a payload. Otherwise, an RTSP packet is terminated with an empty line immediately following

RE: rtsp authentication not working

:50:11 +0200 (CEST) From: Daniel Stenberg dan...@haxx.se To: libcurl development curl-library@cool.haxx.se Subject: Re: rtsp authentication not working Message-ID: alpine.deb.2.00.1409261329280.23...@tvnag.unkk.fr Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII On Fri, 26 Sep 2014, Erik

rtp interleaving support with multi interface?

Hi, I have been using the http://curl.haxx.se/libcurl/c/rtsp.html example which uses the curl_easy interface, and RTP interleaving. To reveive the interleaved data I have modified that example to call curl_easy_perform repeatedly as explained elsewhere in the list archives. I have been

rtsp authentication not working

Hi, I noticed Basic/Digest authentication is not supported in libcurl. There are some older posts about this on the mailing list. There is this patch from long ago: http://comments.gmane.org/gmane.comp.web.curl.library/32043 I applied this to the 7.38 sources and recompiled. It works like a