diff options
| author | Jonathan Nieder <jrnieder@gmail.com> | 2013-08-19 00:48:24 -0700 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2013-08-20 11:16:38 +0200 |
| commit | 36585b539543ca4471ab19c0d738a6e52a827aee (patch) | |
| tree | 484200dc1e4360b2d5c4bb0b40743963660b4ae2 /lib/netrc.c | |
| parent | 11baffbff67eae225f63fc684d80ce52a79c8ac5 (diff) | |
netrc: handle longer username and password
libcurl truncates usernames and passwords it reads from .netrc to
LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
the user, to ensure the values returned from Curl_parsenetrc fit in a
caller-provided buffer.
Fix the interface by passing back dynamically allocated buffers
allocated to fit the user's input. The parser still relies on a
256-character buffer to read each line, though.
So now you can include an ~246-character password in your .netrc,
instead of the previous limit of 63 characters.
Reported-by: Colby Ranger
Diffstat (limited to 'lib/netrc.c')
| -rw-r--r-- | lib/netrc.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/lib/netrc.c b/lib/netrc.c index 2c5942afc..f51fdf340 100644 --- a/lib/netrc.c +++ b/lib/netrc.c @@ -52,13 +52,13 @@ enum host_lookup_state { * @unittest: 1304 */ int Curl_parsenetrc(const char *host, - char *login, - char *password, + char **loginp, + char **passwordp, char *netrcfile) { FILE *file; int retcode=1; - int specific_login = (login[0] != 0); + int specific_login = (**loginp != 0); char *home = NULL; bool home_alloc = FALSE; bool netrc_alloc = FALSE; @@ -109,7 +109,7 @@ int Curl_parsenetrc(const char *host, tok=strtok_r(netrcbuffer, " \t\n", &tok_buf); while(!done && tok) { - if(login[0] && password[0]) { + if(**loginp && **passwordp) { done=TRUE; break; } @@ -138,16 +138,22 @@ int Curl_parsenetrc(const char *host, /* we are now parsing sub-keywords concerning "our" host */ if(state_login) { if(specific_login) { - state_our_login = Curl_raw_equal(login, tok); + state_our_login = Curl_raw_equal(*loginp, tok); } else { - strncpy(login, tok, LOGINSIZE-1); + free(*loginp); + *loginp = strdup(tok); + if(!*loginp) + return -1; /* allocation failed */ } state_login=0; } else if(state_password) { if(state_our_login || !specific_login) { - strncpy(password, tok, PASSWORDSIZE-1); + free(*passwordp); + *passwordp = strdup(tok); + if(!*passwordp) + return -1; /* allocation failed */ } state_password=0; } |