/Libcurl

How I Made A Heap Overflow in Curl

- Daniel Stenberg tl;dr: Daniel discusses a significant security flaw in curl, which he describes as the "worst security problem found in curl in a long time." The vulnerability stems from a heap overflow issue related to how curl handles SOCKS5 proxy connections with overly long hostnames. Daniel explains the technical intricacies of the flaw, its origins, and the subsequent fix.

featured in #456

Faster Base64 In Curl

- Daniel Stenberg tl;dr: "This adventure started with an issue where a user pointed out that the libcurl function for base64 encoding actually would allocate a few bytes too many at times. That turned out to be true and we fixed it fairly quickly. As I glanced at that base64 encoder function that was still loaded and showing in my editor window, it struck me that it really was not written in an optimal way."

featured in #373

HTTP://HTTP://HTTP://@HTTP://HTTP://?HTTP://#HTTP://

- Daniel Stenberg tl;dr: "If you throw the above mentioned URL on any random URL parser they may reject it, like the Twitter parser didn’t seem to think it was a URL, or they might come to a different conclusion about the different parts than curl does. In fact, it is likely that they will not do exactly as curl does."

featured in #351

Curl Dash-Dash-Json

- Daniel Stenberg tl;dr:  “This is a new option that basically works as an alias, or shortcut, to sending JSON to an endpoint.”

featured in #289

No Easter Eggs in Curl

- Daniel Stenberg tl;dr: "Easter eggs are unexpected or undocumented feature in a piece of computer software, included as a joke or bonus" and, among the enthusiast community, "people seem to generally like this concept in software and devices." Dan explains why he's against adding them into Curl.

featured in #275

Common Mistakes When Using Libcurl

- Daniel Stenberg tl;dr: "Here’s my collection of 15 of the most common mistakes and issues people will run into when writing applications and services that use libcurl."

featured in #255