url: Added bounds checking to parse_login_details()

Added bounds checking when searching for the separator characters within the login string as this string may not be NULL terminated (For example it is the login part of a URL). We do this in preference to allocating a new string to copy the login details into which could then be passed to parse_login_details() for performance reasons.
author: Steve Holme <steve_holme@hotmail.com> 2013-04-19 19:37:55 +0100
committer: Steve Holme <steve_holme@hotmail.com> 2013-04-19 19:37:55 +0100
commit: 49184c37233c2cf27b79ebcd29fb8a4f5fb2e1ed (patch)
tree: 4d63355a42ca46e2fd1d881d3ae03fd3cdbbcd10
parent: cc7f6a2ddfa2978fe0cf8b2249ba278ce9122d0d (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/url.c b/lib/url.c
index bd07059bc..3563f0853 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4482,13 +4482,23 @@ static CURLcode parse_login_details(const char *login, const size_t len,
   size_t olen;
 
   /* Attempt to find the password separator */
-  if(passwdp)
+  if(passwdp) {
     psep = strchr(login, ':');
 
+    /* Within the constraint of the login string */
+    if(psep >= login + len)
+      psep = NULL;
+  }
+
   /* Attempt to find the options separator */
-  if(optionsp)
+  if(optionsp) {
     osep = strchr(login, ';');
 
+    /* Within the constraint of the login string */
+    if(osep >= login + len)
+      osep = NULL;
+  }
+
   /* Calculate the portion lengths */
   ulen = (psep ?
           (size_t)(osep && psep > osep ? osep - login : psep - login) :
author	Steve Holme <steve_holme@hotmail.com>	2013-04-19 19:37:55 +0100
committer	Steve Holme <steve_holme@hotmail.com>	2013-04-19 19:37:55 +0100
commit	49184c37233c2cf27b79ebcd29fb8a4f5fb2e1ed (patch)
tree	4d63355a42ca46e2fd1d881d3ae03fd3cdbbcd10
parent	cc7f6a2ddfa2978fe0cf8b2249ba278ce9122d0d (diff)