url: Fixed missing length check in parse_proxy()

Commit 11332577b3cb removed the length check that was performed by the old scanf() code.
author: Steve Holme <steve_holme@hotmail.com> 2013-04-21 18:29:33 +0100
committer: Steve Holme <steve_holme@hotmail.com> 2013-04-21 18:29:33 +0100
commit: ddac43b38e3fd923b71554126652b05e034d6900 (patch)
tree: 54ea6cdf18097d78cd232b863cc4b4e9045739d3 /lib
parent: 416ecc15845c4e6bf7ea6359d9c63adec3385f5b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/url.c b/lib/url.c
index 50b00e783..b43829220 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4208,7 +4208,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
          username or password with reserved characters like ':' in
          them. */
       Curl_safefree(conn->proxyuser);
-      if(proxyuser)
+      if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
         conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
       else
         conn->proxyuser = strdup("");
@@ -4217,7 +4217,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
         res = CURLE_OUT_OF_MEMORY;
       else {
         Curl_safefree(conn->proxypasswd);
-        if(proxypasswd)
+        if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
           conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
         else
           conn->proxypasswd = strdup("");
author	Steve Holme <steve_holme@hotmail.com>	2013-04-21 18:29:33 +0100
committer	Steve Holme <steve_holme@hotmail.com>	2013-04-21 18:29:33 +0100
commit	ddac43b38e3fd923b71554126652b05e034d6900 (patch)
tree	54ea6cdf18097d78cd232b863cc4b4e9045739d3 /lib
parent	416ecc15845c4e6bf7ea6359d9c63adec3385f5b (diff)