bagder

Slop

This collection is limited to only include the reports that were submitted as security vulnerabilities to the curl bug-bounty program on Hackerone.

Reports

1. [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet. #2199174
2. Buffer Overflow Vulnerability in WebSocket Handling #2298307
3. Exploitable Format String Vulnerability in curl_mfprintf Function #2819666

bagder

==450632== 
==450632== HEAP SUMMARY:
==450632==     in use at exit: 13,496 bytes in 331 blocks
==450632==   total heap usage: 5,306 allocs, 4,975 frees, 581,992 bytes allocated
==450632== 
==450632== 24 bytes in 1 blocks are definitely lost in loss record 12 of 81
==450632==    at 0x4844818: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==450632==    by 0x153E93: curl_dbg_malloc (memdebug.c:145)
==450632==    by 0x174753: Curl_memdup (strdup.c:93)
==450632==    by 0x1E7CD9: Curl_httpsrr_set (httpsrr.c:103)

bagder

#!/usr/bin/env perl
# Copyright (C) Daniel Stenberg, <[email protected]>, et al.
#
# SPDX-License-Identifier: curl
#
# 1. Figure out all existing configure --disable-* options
# 2. Generate random command line using supported options
# 3. Run configure (exit if problem)
# 4. run "b" to build (exit if problem)
# 5. sleep a second

bagder

diff --git a/lib/url.c b/lib/url.c
index 3b1ce3568..9f4716ed0 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3337,10 +3337,13 @@ static void reuse_conn(struct Curl_easy *data,
   temp->hostname_resolve = NULL;
 
   /* reuse init */
   existing->bits.reuse = TRUE; /* yes, we are reusing here */
 

bagder

/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
 *
 * This software is licensed as described in the file COPYING, which

bagder

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <errno.h>

/* curl stuff */
#include <curl/curl.h>
#include <curl/mprintf.h>

bagder

python3 tests/http/scorecard.py --httpd --caddy -d --download=100mb h1

master

Downloads
  Server       Size  single(1x1) [cpu/rss]         serial(50x1) [cpu/rss]         parallel(50x50) [cpu/rss]                Errors       
  httpd       100MB    1239 MB/s [89.0%/14MB]         1414 MB/s [88.5%/14MB]         1781 MB/s [100.2%/18MB]              -          
  caddy       100MB    2007 MB/s [74.2%/14MB]         2573 MB/s [82.8%/15MB]         3425 MB/s [100.3%/18MB]              -          

bagder

icing-cw-part5+h2

scoring h2
TLS Handshake
  curl.se...ipv4...ipv6...ok.
  google.com...ipv4...ipv6...ok.
  cloudflare.com...ipv4...ipv6...ok.
  nghttp2.org...ipv4...ipv6...ok.
httpd downloads

bagder

Compare

Generate URLs to parse

urlgen: https://gist.github.com/bagder/50ca185c73a9d4d38a1d21271f7f2d59

I made 100000 URLs with it:

./urlgen.pl 100000 > URLs

bagder

/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
 *
 * This software is licensed as described in the file COPYING, which