Jean Jacques Drouin pointed out that you could only have a user name or

password of 127 bytes or less embedded in a URL, where actually the code uses a 255 byte buffer for it! Modified now to use the full buffer size.
author: Daniel Stenberg <daniel@haxx.se> 2005-12-16 14:52:16 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2005-12-16 14:52:16 +0000
commit: 6dbfce1031a8dd177772e2ee356c712b2454f794 (patch)
tree: 821846dad2e2d9de78be76f3d2a2307583abc65c /lib/url.c
parent: fea5ddf585953f89fc51e861e758765420ffb0f4 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/url.c b/lib/url.c
index 3715b10ca..781d1d11d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3166,12 +3166,13 @@ static CURLcode CreateConnection(struct SessionHandle *data,
 
         if(*userpass != ':') {
           /* the name is given, get user+password */
-          sscanf(userpass, "%127[^:@]:%127[^@]",
+          sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+                 "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
                  user, passwd);
         }
         else
           /* no name given, get the password only */
-          sscanf(userpass, ":%127[^@]", passwd);
+          sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
 
         if(user[0]) {
           char *newname=curl_unescape(user, 0);
author	Daniel Stenberg <daniel@haxx.se>	2005-12-16 14:52:16 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2005-12-16 14:52:16 +0000
commit	6dbfce1031a8dd177772e2ee356c712b2454f794 (patch)
tree	821846dad2e2d9de78be76f3d2a2307583abc65c /lib/url.c
parent	fea5ddf585953f89fc51e861e758765420ffb0f4 (diff)