url: accept "any length" credentials for proxy auth

They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
author: Daniel Stenberg <daniel@haxx.se> 2020-05-25 15:38:36 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2020-05-25 23:08:57 +0200
commit: ad829b21ae9e0f11a821a0a98a1aaab161efa9a2 (patch)
tree: 43914a76da27ebdeae8863653f9012d27c242036 /lib/escape.c
parent: 96f52abf809fc3f20eaa5ee9e4a4382e85520876 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/escape.c b/lib/escape.c
index 97352a91d..f3c558ed0 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -134,12 +134,17 @@ CURLcode Curl_urldecode(struct Curl_easy *data,
                         char **ostring, size_t *olen,
                         bool reject_ctrl)
 {
-  size_t alloc = (length?length:strlen(string)) + 1;
-  char *ns = malloc(alloc);
+  size_t alloc;
+  char *ns;
   size_t strindex = 0;
   unsigned long hex;
   CURLcode result = CURLE_OK;
 
+  DEBUGASSERT(string);
+
+  alloc = (length?length:strlen(string)) + 1;
+  ns = malloc(alloc);
+
   if(!ns)
     return CURLE_OUT_OF_MEMORY;
author	Daniel Stenberg <daniel@haxx.se>	2020-05-25 15:38:36 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2020-05-25 23:08:57 +0200
commit	ad829b21ae9e0f11a821a0a98a1aaab161efa9a2 (patch)
tree	43914a76da27ebdeae8863653f9012d27c242036 /lib/escape.c
parent	96f52abf809fc3f20eaa5ee9e4a4382e85520876 (diff)