aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2005-12-16 14:52:16 +0000
committerDaniel Stenberg <daniel@haxx.se>2005-12-16 14:52:16 +0000
commit6dbfce1031a8dd177772e2ee356c712b2454f794 (patch)
tree821846dad2e2d9de78be76f3d2a2307583abc65c /lib
parentfea5ddf585953f89fc51e861e758765420ffb0f4 (diff)
Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code uses a 255 byte buffer for it! Modified now to use the full buffer size.
Diffstat (limited to 'lib')
-rw-r--r--lib/url.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/url.c b/lib/url.c
index 3715b10ca..781d1d11d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3166,12 +3166,13 @@ static CURLcode CreateConnection(struct SessionHandle *data,
if(*userpass != ':') {
/* the name is given, get user+password */
- sscanf(userpass, "%127[^:@]:%127[^@]",
+ sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+ "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
user, passwd);
}
else
/* no name given, get the password only */
- sscanf(userpass, ":%127[^@]", passwd);
+ sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
if(user[0]) {
char *newname=curl_unescape(user, 0);