OCSP verification bypass with TLS session reuse
===
Project curl Security Advisory, January 31 2024 -
[Permalink](https://curl.se/docs/CVE-2024-0853.html)
VULNERABILITY
-
curl inadvertently kept the SSL session ID for connections in its
Hello!
Welcome to a new curl release! Get it as always from https://curl.se/
curl and libcurl 8.6.0
Public curl releases: 254
Command line options: 258
curl_easy_setopt() options: 304
Public functions in libcurl: 93
Contributors: 3078
This release
Why to use valgrind? Instruments shows the leaks. Also, if I calls this code in
a loop, the memory of the process raise for every call,
Sent from my iPhone
> On 31 Jan 2024, at 4:06, Calvin Buckley via curl-library
> wrote:
>
> On Jan 30, 2024, at 6:56 PM, Josh WizardGuy via curl-library
On Jan 30, 2024, at 6:56 PM, Josh WizardGuy via curl-library
wrote:
> U. Use valgrind? 路
That would be great advice... if Valgrind supported macOS/arm64.
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
U. Use valgrind? 路
On Tue, Jan 30, 2024, 11:39 AM Mos Yud via curl-library <
curl-library@lists.haxx.se> wrote:
> Hi,
>
> Machine: M1 sonoma 14.1.1
>
> At my test I am using the shipped lib of curl, and its default used SSL,
> that is:
> curl 8.1.2 (x86_64-apple-darwin23.0) libcurl/8.1.2
I didn't check it since I assumed I linked only with libcurl.dylib. If i
use this call, i need to link also with openssl.
According to curl documentation curl_easy_cleanup should clean all memory,
and its sounds strange that macOS is shifted with a curl that expose memory
leaks.
I also tested with
On 1/30/2024 11:39 AM, Mos Yud via curl-library wrote:
Machine: M1 sonoma 14.1.1
At my test I am using the shipped lib of curl, and its default used
SSL, that is:
curl 8.1.2 (x86_64-apple-darwin23.0) libcurl/8.1.2 (SecureTransport)
LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.55.1
I am getting
> I would perhaps also add that switching to the mime API is normally not a very
> big nor complicated task.
Yeah, it was easy, and it's working for us. =) I guess this thread is more
for reporting a bug and another reason to switch to curl_mime_*.
Thanks~
From: curl-library On Behalf Of
The leaks are checked after curl_global_cleanup(). I haven't checked it yet
on release 8.5.0.
On Tue, Jan 30, 2024 at 7:18 PM Dan Fandrich via curl-library <
curl-library@lists.haxx.se> wrote:
> Is the code calling curl_global_cleanup() before checking for leaks? Does
> this happen on the latest
Is the code calling curl_global_cleanup() before checking for leaks? Does this
happen on the latest curl releae (8.5.0)?
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Hi,
Machine: M1 sonoma 14.1.1
At my test I am using the shipped lib of curl, and its default used SSL,
that is:
curl 8.1.2 (x86_64-apple-darwin23.0) libcurl/8.1.2 (SecureTransport)
LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.55.1
I am getting memory leaks while running the following test:
*void*
Hi all,
There was another bogus curl CVE filed, published today. We will try to reject
it proper, but here is our official take on it:
https://curl.se/docs/CVE-2023-52071.html
(this CVE was filed before we become a CNA)
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is
On Tue, 30 Jan 2024, Patrick Monnerat via curl-library wrote:
As the formadd API is deprecated, this is not considered as a bug anymore
and won't be fixed. It is however one of the caveats that motivated the
design of the MIME API and I think the best way you fix your program is by
migrating
13 matches
Mail list logo