Haxx ad

curl's project page on


cURL > Mailing List > Monthly Index > Single Mail

curl-users Mailing List Archives

[ Bug#178473: curl: local user information leak]

From: Domenico Andreoli <>
Date: Mon, 27 Jan 2003 17:54:35 +0100

hi Daniel, hi all

Martin Godisch reported this issue for curl.

as always, full debian report is available at


----- Forwarded message from Martin Godisch <> -----

Date: Sun, 26 Jan 2003 15:41:05 +0100
From: Martin Godisch <>
To: Debian Bug Tracking System <>
Reply-To: Martin Godisch <>,
Subject: Bug#178473: curl: local user information leak

Package: curl
Version: 7.9.5-1
Severity: important
Tags: security

Passwords given to option -U are visible in the ps tree:

carlos:~/>curl -U user:pass some_url &; ps ax | grep curl | grep -v grep
[1] 26106
26106 pts/0 S 0:00 curl -U user:pass some_url

I suggest doing some kind of memset(optarg, '*', strlen(optarg)); when
curl parses its command line arguments.

Kind regards,



----- End forwarded message -----

-----[ Domenico Andreoli, aka cavok
   ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
Received on 2003-01-27

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET