diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-05-13 00:52:34 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-05-13 08:02:42 +0200 |
commit | e1f3f3a14f678a8469ffd2d032fa1a237a6aad98 (patch) | |
tree | f8a1cb5042189e31cf87203947b9b177aa3739c1 | |
parent | 3ff89286a99b41f8b63a0ac9c55f6383e9f3bc53 (diff) |
url: reject too long input when parsing credentials
Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.
Reported-by: Thomas Bouzerar
Closes #5383
-rw-r--r-- | lib/url.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -2586,6 +2586,12 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len, size_t plen; size_t olen; + /* the input length check is because this is called directcly from setopt + and isn't going through the regular string length check */ + size_t llen = strlen(login); + if(llen > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; + /* Attempt to find the password separator */ if(passwdp) { psep = strchr(login, ':'); |