cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1251 Form boundary string should be truly random

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Tue, 25 Jun 2013 06:15:22 +0000

You're right, I made it use 48 bits just because that's the length we used before. I'll make it use all 64 instead.

And yes, the digest_md5 usage may indeed have some security impact but I haven't yet given that any deeper thoughts.

---
** [bugs:#1251] Form boundary string should be truly random**
**Status:** open
**Created:** Mon Jun 24, 2013 11:24 AM UTC by Floris
**Last Updated:** Mon Jun 24, 2013 11:42 PM UTC
**Owner:** Daniel Stenberg
The use of predicatable pseudo-random numbers to generate the multipart/form boundary can lead to security issues in software using libcurl.
See: http://localhost.re/p/solusvm-whmcs-module-316-vulnerability
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2013-06-25

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET