cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Protecting against inner library security bugs

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 12 Nov 2014 00:25:08 +0100 (CET)

On Tue, 11 Nov 2014, myriachan_at_cox.net wrote:

> Does libcurl have a policy on having code to protect against bugs being
> exploited in lower-level libraries? For example, this Windows SChannel bug:

I'll just second Ray's comments in that we can't do a whole lot about bugs in
other libraries.

We do however make an effort to make libcurl safe and secure. Mostly with code
reviews, tests (involving running them with tools like valgrind) and static
code analyzers (like clang-analyzer, cppcheck and coverity).

We also have a documented process for handling discovered or suspected
security problems in curl or libcurl: http://curl.haxx.se/dev/security.html

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-11-12

This message: [ Message body ]
Next message: Steve Holme: "Compiling curl with GSS-API on Centos 5 x64"
Previous message: Ray Satiro: "Re: Protecting against inner library security bugs"
In reply to: myriachan_at_cox.net: "Protecting against inner library security bugs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]