aboutsummaryrefslogtreecommitdiff
path: root/lib/README.pingpong
diff options
context:
space:
mode:
authorJonathan Nieder <jrnieder@gmail.com>2013-08-19 01:36:46 -0700
committerDaniel Stenberg <daniel@haxx.se>2013-08-20 11:16:38 +0200
commit2f1a0bc0bf36c5ad0f8755d9c7553e1f5729af43 (patch)
treef06bad1760fc484b22732c0a60a97a7d888dd598 /lib/README.pingpong
parent09ddb1d61cdb9ee11ebf481b29dac1be8f0ab848 (diff)
url: handle arbitrary-length username and password before '@'
libcurl quietly truncates usernames, passwords, and options from before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters to fit in fixed-size buffers on the stack. Allocate a buffer large enough to fit the parsed fields on the fly instead to support longer passwords. After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH left, so stop defining that constant while at it. The hardcoded max username and password length constants, on the other hand, are still used in HTTP proxy credential handling (which this patch doesn't touch). Reported-by: Colby Ranger
Diffstat (limited to 'lib/README.pingpong')
0 files changed, 0 insertions, 0 deletions