to be fair, if you have ever used the curl C api, you can see why there are 25 years of CVEs, and not 25 years of reliable secure bug free networking (not that its possible).
I love C as much as the next guy, hell, I even write it for fun when I'm feeling down -- but the one thing I won't do, beyond a little "i wrote an http 1.0 server in C" joke project, is networking.
Keep your C offline. If I do networking, it has to be modern C++ with static analyzers, good practices, boost asio, unit testing, and sanitizers, or just Rust, Erlang/Elixir, or whatever other non-C language.
Ive never seen a library get as abused and misused as Curl in source code - well maybe zlib. I think it's great that curl exists, and Im glad its so old that the bugs are mostly worked out, but writing a subset of curl that doesnt have a million issues in a weekend is not so unrealistic.
I love C as much as the next guy, hell, I even write it for fun when I'm feeling down -- but the one thing I won't do, beyond a little "i wrote an http 1.0 server in C" joke project, is networking.
Keep your C offline. If I do networking, it has to be modern C++ with static analyzers, good practices, boost asio, unit testing, and sanitizers, or just Rust, Erlang/Elixir, or whatever other non-C language.
Ive never seen a library get as abused and misused as Curl in source code - well maybe zlib. I think it's great that curl exists, and Im glad its so old that the bugs are mostly worked out, but writing a subset of curl that doesnt have a million issues in a weekend is not so unrealistic.