Apply memory leak and CVE-2023-38545 patches

depler / curl-impersonate-win

A special build of curl for Windows that can impersonate Chrome and Safari

131 stars 33 forks source link

Apply memory leak and CVE-2023-38545 patches #20

Open gsemac opened 3 months ago

gsemac commented 3 months ago

I've applied the memory leak fix and CVE-2023-38545 patches from the main curl-impersonate repository.

I haven't applied the new BoringSSL patches though, because they pertain to a newer version of BoringSSL that I was struggling to get to compile with the current build configuration.

simonsww commented 2 months ago

Hello, is there any progress? Thank you.

gsemac commented 2 months ago

I haven't made any further attempts to upgrade BoringSSL.

The main curl-impersonate repository is using commit google/boringssl@1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc, but updating this repository to the same commit breaks the build process because of compiler intrinsics that aren't implemented by GCC. Maybe someone else is able to find a way to get it to build.

simonsww commented 2 months ago

I don't know if the content in this link is helpful, thank you。 https://github.com/yifeikong/curl-impersonate/blob/main/win/build.sh