|
to be fair, if you have ever used the curl C api, you can see why there are 25 years of CVEs, and not 25 years of reliable secure bug free networking (not that its possible). I love C as much as the next guy, hell, I even write it for fun when I'm feeling down -- but the one thing I won't do, beyond a little "i wrote an http 1.0 server in C" joke project, is networking. Keep your C offline. If I do networking, it has to be modern C++ with static analyzers, good practices, boost asio, unit testing, and sanitizers, or just Rust, Erlang/Elixir, or whatever other non-C language. Ive never seen a library get as abused and misused as Curl in source code - well maybe zlib. I think it's great that curl exists, and Im glad its so old that the bugs are mostly worked out, but writing a subset of curl that doesnt have a million issues in a weekend is not so unrealistic. |
Edit: Just found this[0], hehe. :)
[0]: https://daniel.haxx.se/blog/2021/05/20/i-could-rewrite-curl/