curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

FW: GET http request

From: Dewancker, Bart via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 8 Sep 2020 14:29:33 +0000

Van: Dewancker, Bart
Verzonden: dinsdag 8 september 2020 12:23
Aan: Daniel Stenberg <daniel_at_haxx.se>; Erik Janssen <Erik.Janssen_at_axis.com>
Onderwerp: GET http request

Hi Daniel, Erik,

Thanks for the feedback. We use asan as an address-sanitizer.

The theory is one possible explanation, but one question to help me understand what is going wrong. As I understand it, the first request in the WireShark is sent by our video recorder. After the unauthorized response, we see in the WireShark that a second request is sent to the Axis camera. But we do not launch a second request in our video recorder. Is this second request launched by the libcurl?

I have simulated with the command line and indeed see a second request in which the url is unchanged compared to the first request. But why are we seeing the changed url in the WireShark?

[cid:image003.jpg_at_01D685FD.42CF72C0]

WireShark trace with modified url:

[cid:image002.jpg_at_01D685DA.C3BB6010]

Thanks,

Bart

-----Oorspronkelijk bericht-----
Van: Daniel Stenberg <daniel_at_haxx.se<mailto:daniel_at_haxx.se>>
Verzonden: dinsdag 8 september 2020 11:01
Aan: Dewancker, Bart via curl-library <curl-library_at_cool.haxx.se<mailto:curl-library_at_cool.haxx.se>>
CC: Dewancker, Bart <bart.dewancker_at_xtralis.com<mailto:bart.dewancker_at_xtralis.com>>
Onderwerp: [External] Re: GET http request

On Tue, 8 Sep 2020, Dewancker, Bart via curl-library wrote:

> in this second request, some extra data has been added to the url head:

> /axis-cgi/admin/10.0.0.180 (see Figure 3).Due to this extra

> information, the requested page cannot be found. We have not seen this

> behavior on Debian stretch OS with Curl version 7.52. Is this a new

> option in version 7.64 compared to version 7.52? And if so, how can we disable this option?

curl would never change the URL like that (on purpose).

Since I don't recognize this as a libcurl bug I suspect this is an issue in your code. Have you run your application with valgrind / address-sanitizer ?

A theory: the step from 7.52 to 7.64 meant switching to a curl version where we redid the URL parsing and handling so maybe a mistake from before somehow didn't have an effect until libcurl changed.

--
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/


-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

image002.jpg
image003.jpg
Received on 2020-09-08