diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2003-10-17 09:28:00 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2003-10-17 09:28:00 +0000 |
| commit | 679654bd47b401a1463bbaefac097d1212ea2ba9 (patch) | |
| tree | d8c3b930232b5fb7f0c39eb37bbc2d20e0fc4825 | |
| parent | 9e3f54431d8fd1873a05f5b99de5296b285a77b8 (diff) | |
o the name and password arrays are 256 bytes, so let's accept that lengthy
input
o have ->passwd and ->name be NULL if no name/passwd was given
o only set default user+password for FTP if no userpwd was given
| -rw-r--r-- | lib/url.c | 27 |
1 files changed, 16 insertions, 11 deletions
@@ -2119,7 +2119,9 @@ static CURLcode CreateConnection(struct SessionHandle *data, char proxyuser[MAX_CURL_USER_LENGTH]=""; char proxypasswd[MAX_CURL_PASSWORD_LENGTH]=""; - sscanf(data->set.proxyuserpwd, "%127[^:]:%127[^\n]", + sscanf(data->set.proxyuserpwd, + "%" MAX_CURL_USER_LENGTH_TXT "[^:]:" + "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]", proxyuser, proxypasswd); conn->proxyuser = strdup(proxyuser); @@ -2730,7 +2732,9 @@ static CURLcode CreateConnection(struct SessionHandle *data, */ if (data->set.userpwd != NULL) { /* the name is given, get user+password */ - sscanf(data->set.userpwd, "%127[^:]:%127[^\n]", + sscanf(data->set.userpwd, + "%" MAX_CURL_USER_LENGTH_TXT "[^:]:" + "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]", user, passwd); } @@ -2745,18 +2749,19 @@ static CURLcode CreateConnection(struct SessionHandle *data, } /* If our protocol needs a password and we have none, use the defaults */ - if ( (conn->protocol & (PROT_FTP|PROT_HTTP)) && + if ( (conn->protocol & PROT_FTP) && !conn->bits.user_passwd) { - strcpy(user, CURL_DEFAULT_USER); - strcpy(passwd, CURL_DEFAULT_PASSWORD); + conn->user = strdup(CURL_DEFAULT_USER); + conn->passwd = strdup(CURL_DEFAULT_PASSWORD); /* This is the default password, so DON'T set conn->bits.user_passwd */ } - - /* store user + password */ - conn->user = strdup(user); - conn->passwd = strdup(passwd); + else { + /* store user + password */ + conn->user = user[0]?strdup(user):NULL; + conn->passwd = passwd[0]?strdup(passwd):NULL; + } /************************************************************* * Check the current list of connections to see if we can @@ -2817,8 +2822,8 @@ static CURLcode CreateConnection(struct SessionHandle *data, otherwise */ conn->maxdownload = -1; /* might have been used previously! */ - free(old_conn->user); - free(old_conn->passwd); + Curl_safefree(old_conn->user); + Curl_safefree(old_conn->passwd); Curl_safefree(old_conn->proxyuser); Curl_safefree(old_conn->proxypasswd); |