aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-04-24 15:33:57 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-05-01 22:55:29 +0200
commit94460878cc634b590a7282e3fe60ceafb62d141a (patch)
treed88c6e5376b72d168c39d309b21930b9add280f1
parent35311b22b92475a3a0ac65b13e0fce6ed85b060b (diff)
http: use private user:password output buffer
Don't clobber the receive buffer.
-rw-r--r--lib/http.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/lib/http.c b/lib/http.c
index 22d454709..04bcbae0d 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -285,6 +285,7 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
const char *user;
const char *pwd;
CURLcode result;
+ char *out;
if(proxy) {
userp = &conn->allocptr.proxyuserpwd;
@@ -297,27 +298,32 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
pwd = conn->passwd;
}
- snprintf(data->state.buffer, CURL_BUFSIZE(data->set.buffer_size),
- "%s:%s", user, pwd);
+ out = aprintf("%s:%s", user, pwd);
+ if(!out)
+ return CURLE_OUT_OF_MEMORY;
- result = Curl_base64_encode(data,
- data->state.buffer, strlen(data->state.buffer),
- &authorization, &size);
+ result = Curl_base64_encode(data, out, strlen(out), &authorization, &size);
if(result)
- return result;
+ goto fail;
- if(!authorization)
- return CURLE_REMOTE_ACCESS_DENIED;
+ if(!authorization) {
+ result = CURLE_REMOTE_ACCESS_DENIED;
+ goto fail;
+ }
free(*userp);
*userp = aprintf("%sAuthorization: Basic %s\r\n",
proxy ? "Proxy-" : "",
authorization);
free(authorization);
- if(!*userp)
- return CURLE_OUT_OF_MEMORY;
+ if(!*userp) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
+ }
- return CURLE_OK;
+ fail:
+ free(out);
+ return result;
}
/* pickoneauth() selects the most favourable authentication method from the