cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Misterious URL behavior when using local variables to pass it

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Tue, 23 Nov 2010 23:07:48 -0800

On Tue, Nov 23, 2010 at 04:54:57PM -0500, Paulo Garcia wrote:
> I'm creating a C++ application (Windows 7 32 bits/VS 2010) and I'm
> having an interesting behavior.
>
> Basically I'm trying to grab files from depositfile.com directly. If I
> set my URL like this:
>
>
> char localUrl[MAX_FILEPATH];
> sprintf(localUrl,"http://depositfiles.com%s", redirection);
> curl_easy_setopt(handle, CURLOPT_URL, localUrl);
> res = curl_easy_perform(handle);
>
> I get an error "400 Bad Request".
>
> But, if I send exactly the same URL as constant, like this:
>
> curl_easy_setopt(handle, CURLOPT_URL,
> "http://depositfiles.com/en/files/6kpdasddasa3svf");
>
> I get the right page!
>
> I have checked the content of localUrl before calling the
> curl_easy_perform() function, and it is exactly the same (using
> debug).
>
> I cannot see what's wrong.
>
> Any ideas?

MAX_FILEPATH isn't a very good constant to use as the size of a URL buffer,
since it relates to the filesystem in use on the local system and has nothing
to do with URLs. It could be that the sprintf is overwriting the end of
the buffer and the last part of the buffer is being clobbered by the
time it's being used by libcurl. Try using a buffer that's known to be
large enough, and use snprintf/ _snprintf/strlcat to append the location,
checking that the operation succeeds. Enable libcurl tracing and see exactly
what URL is being requested on the way out.

Note also that creating a URL this way is unsafe in at least two ways:
the buffer could be overwritten by a long Location: string returned by
the remote server (I'm assuming that's what "redirection" holds) allowing
a stack smashing attack and possible arbitrary code execution, and the
way this code builds the string opens you to redirections to completely
different sites (e.g. if "redirection" is .badserver.biz/badfile.exe you'll
be redirected to http://depositfiles.com.badserver.biz/badfile.exe, on a
completely different domain). Please read the Security Considerations
section in the libcurl-tutorial(3) man page.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-11-24

This message: [ Message body ]
Next message: Gisle Vanem: "Re: libcurl-7.19.3-win32-ssl-msvc - release lib file is larger thandebug?"
Previous message: Dan Fandrich: "Re: App dies at curl_easy_perform (possibly related to connect.c)"
In reply to: Paulo Garcia: "Misterious URL behavior when using local variables to pass it"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]