Ukukhishwa okusha kungeza inketho ethi "--retry-all-errors" ukuze uzame futhi ukusebenza uma kwenzeka noma yimaphi amaphutha futhi kulungiswe ubungozi obubili:
-
Ukuba sengozini I-CVE-2020-8177 ikuvumela ukuthi ubhale phezu kwefayela lasendaweni ohlelweni lapho ufinyelela iseva elawulwa umhlaseli. Inkinga ivela kuphela lapho okukhethwa kukho okuthi “-J” (“–remote-header-name”) kanye “-i” (“—head”) kusetshenziswa kanyekanye. Inketho ethi "-J" ikuvumela ukuthi ulondoloze ifayela elinegama elishiwo kunhlokweni
"Isimo-Okuqukethwe". Uma ifayela elinegama elifanayo selivele likhona, uhlelo lwe-curl luvame ukwenqaba ukwenza ukubhala ngaphezulu, kodwa uma inketho ethi "-i" ikhona, i-logic yokuhlola iphukile futhi ifayela libhalwa ngaphezulu (isheke lenziwa esiteji. yokwamukela indikimba yempendulo, kodwa ngenketho ethi “-i” izihloko ze-HTTP ziboniswa kuqala futhi zinesikhathi sokugcinwa ngaphambi kokuba indikimba yokuphendula iqale ukucutshungulwa). Izihloko ze-HTTP kuphela ezibhalwe efayelini, kodwa iseva ingathumela idatha engaqondakali esikhundleni sezihloko futhi zizobhalwa. -
Ukuba sengozini I-CVE-2020-8169 kungase kuholele ekuvuzeni kweseva ye-DNS yamanye amaphasiwedi okufinyelela kusayithi (Basic, Digest, NTLM, njll.). Ngokusebenzisa uphawu luka-"@" kuphasiwedi, ephinde isetshenziswe njengesihlukanisi sephasiwedi ku-URL, uma ukuqondisa kabusha kwe-HTTP kuqaliswa, i-curl izothumela ingxenye yephasiwedi ngemva kophawu "@" kanye nesizinda okufanele sixazululwe. igama. Isibonelo, uma unikeza igama-mfihlo elithi "passw@rd123" kanye negama lomsebenzisi elithi "dan", i-curl izokhiqiza i-URL ethi "https://dan:passw@[i-imeyili ivikelwe]/indlela" esikhundleni sokuthi "https://dan:passw%[i-imeyili ivikelwe]/indlela" futhi izothumela isicelo sokuxazulula umsingathi "[i-imeyili ivikelwe]" esikhundleni sokuthi "example.com".Inkinga ivela uma ukusekelwa kweziqondiso kabusha ze-HTTP kunikwe amandla (kukhutshazwe nge-CURLOPT_FOLLOWLOCATION). Uma i-DNS evamile isetshenziswa, ulwazi mayelana nengxenye yephasiwedi lungatholwa umhlinzeki we-DNS kanye nomhlaseli onekhono lokuvimbela ithrafikhi yenethiwekhi yezokuthutha (ngisho noma isicelo sangempela besingese-HTTPS, njengoba ithrafikhi ye-DNS ingabethelwe). Uma i-DNS-over-HTTPS (DoH) isetshenziswa, ukuvuza kukhawulelwe ku-opharetha we-DoH.
Source: opennet.ru