This collection is limited to only include the reports that were submitted as security vulnerabilities to the curl bug-bounty program on Hackerone.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
==450632== | |
==450632== HEAP SUMMARY: | |
==450632== in use at exit: 13,496 bytes in 331 blocks | |
==450632== total heap usage: 5,306 allocs, 4,975 frees, 581,992 bytes allocated | |
==450632== | |
==450632== 24 bytes in 1 blocks are definitely lost in loss record 12 of 81 | |
==450632== at 0x4844818: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) | |
==450632== by 0x153E93: curl_dbg_malloc (memdebug.c:145) | |
==450632== by 0x174753: Curl_memdup (strdup.c:93) | |
==450632== by 0x1E7CD9: Curl_httpsrr_set (httpsrr.c:103) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env perl | |
# Copyright (C) Daniel Stenberg, <[email protected]>, et al. | |
# | |
# SPDX-License-Identifier: curl | |
# | |
# 1. Figure out all existing configure --disable-* options | |
# 2. Generate random command line using supported options | |
# 3. Run configure (exit if problem) | |
# 4. run "b" to build (exit if problem) | |
# 5. sleep a second |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/url.c b/lib/url.c | |
index 3b1ce3568..9f4716ed0 100644 | |
--- a/lib/url.c | |
+++ b/lib/url.c | |
@@ -3337,10 +3337,13 @@ static void reuse_conn(struct Curl_easy *data, | |
temp->hostname_resolve = NULL; | |
/* reuse init */ | |
existing->bits.reuse = TRUE; /* yes, we are reusing here */ | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*************************************************************************** | |
* _ _ ____ _ | |
* Project ___| | | | _ \| | | |
* / __| | | | |_) | | | |
* | (__| |_| | _ <| |___ | |
* \___|\___/|_| \_\_____| | |
* | |
* Copyright (C) Daniel Stenberg, <[email protected]>, et al. | |
* | |
* This software is licensed as described in the file COPYING, which |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <fcntl.h> | |
#include <sys/stat.h> | |
#include <errno.h> | |
/* curl stuff */ | |
#include <curl/curl.h> | |
#include <curl/mprintf.h> |
python3 tests/http/scorecard.py --httpd --caddy -d --download=100mb h1
Downloads
Server Size single(1x1) [cpu/rss] serial(50x1) [cpu/rss] parallel(50x50) [cpu/rss] Errors
httpd 100MB 1239 MB/s [89.0%/14MB] 1414 MB/s [88.5%/14MB] 1781 MB/s [100.2%/18MB] -
caddy 100MB 2007 MB/s [74.2%/14MB] 2573 MB/s [82.8%/15MB] 3425 MB/s [100.3%/18MB] -
urlgen: https://gist.github.com/bagder/50ca185c73a9d4d38a1d21271f7f2d59
I made 100000 URLs with it:
./urlgen.pl 100000 > URLs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*************************************************************************** | |
* _ _ ____ _ | |
* Project ___| | | | _ \| | | |
* / __| | | | |_) | | | |
* | (__| |_| | _ <| |___ | |
* \___|\___/|_| \_\_____| | |
* | |
* Copyright (C) Daniel Stenberg, <[email protected]>, et al. | |
* | |
* This software is licensed as described in the file COPYING, which |
NewerOlder