cURL / Mailing Lists / curl-library / Single Mail


Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: <>
Date: Mon, 31 Mar 2014 16:16:31 -0700

I didn't really want to spam the list over something this pedantic, but your patch has a comment typo:

#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login creditials per request
                                          as opposed to per connection */

"creditials" should be "credentials". Sadly, this would make the line longer than 80 characters, and moving "request" to the next line would blow past the 80 limit on that line, too. Change "as opposed to" to "instead of".

Also, I had to modify this patch's url.c change to get it to apply to 7.33.0. Does this look right?

      if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
         ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) {

List admin:
Received on 2014-04-01