diff options
| author | Jonathan Nieder <jrnieder@gmail.com> | 2013-08-19 00:48:24 -0700 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2013-08-20 11:16:38 +0200 |
| commit | 36585b539543ca4471ab19c0d738a6e52a827aee (patch) | |
| tree | 484200dc1e4360b2d5c4bb0b40743963660b4ae2 /tests/unit/unit1304.c | |
| parent | 11baffbff67eae225f63fc684d80ce52a79c8ac5 (diff) | |
netrc: handle longer username and password
libcurl truncates usernames and passwords it reads from .netrc to
LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
the user, to ensure the values returned from Curl_parsenetrc fit in a
caller-provided buffer.
Fix the interface by passing back dynamically allocated buffers
allocated to fit the user's input. The parser still relies on a
256-character buffer to read each line, though.
So now you can include an ~246-character password in your .netrc,
instead of the previous limit of 63 characters.
Reported-by: Colby Ranger
Diffstat (limited to 'tests/unit/unit1304.c')
| -rw-r--r-- | tests/unit/unit1304.c | 53 |
1 files changed, 31 insertions, 22 deletions
diff --git a/tests/unit/unit1304.c b/tests/unit/unit1304.c index 8ddd8caee..9242e800d 100644 --- a/tests/unit/unit1304.c +++ b/tests/unit/unit1304.c @@ -23,14 +23,14 @@ #include "netrc.h" -static char login[LOGINSIZE]; -static char password[PASSWORDSIZE]; +static char *login; +static char *password; static char filename[64]; static CURLcode unit_setup(void) { - password[0] = 0; - login[0] = 0; + password = strdup(""); + login = strdup(""); return CURLE_OK; } @@ -47,7 +47,7 @@ UNITTEST_START /* * Test a non existent host in our netrc file. */ - result = Curl_parsenetrc("test.example.com", login, password, filename); + result = Curl_parsenetrc("test.example.com", &login, &password, filename); fail_unless(result == 1, "Host not found should return 1"); fail_unless(password[0] == 0, "password should not have been changed"); fail_unless(login[0] == 0, "login should not have been changed"); @@ -55,8 +55,9 @@ UNITTEST_START /* * Test a non existent login in our netrc file. */ - memcpy(login, "me", 2); - result = Curl_parsenetrc("example.com", login, password, filename); + free(login); + login = strdup("me"); + result = Curl_parsenetrc("example.com", &login, &password, filename); fail_unless(result == 0, "Host should be found"); fail_unless(password[0] == 0, "password should not have been changed"); fail_unless(strncmp(login, "me", 2) == 0, "login should not have been changed"); @@ -64,8 +65,9 @@ UNITTEST_START /* * Test a non existent login and host in our netrc file. */ - memcpy(login, "me", 2); - result = Curl_parsenetrc("test.example.com", login, password, filename); + free(login); + login = strdup("me"); + result = Curl_parsenetrc("test.example.com", &login, &password, filename); fail_unless(result == 1, "Host should be found"); fail_unless(password[0] == 0, "password should not have been changed"); fail_unless(strncmp(login, "me", 2) == 0, "login should not have been changed"); @@ -74,8 +76,9 @@ UNITTEST_START * Test a non existent login (substring of an existing one) in our * netrc file. */ - memcpy(login, "admi", 4); - result = Curl_parsenetrc("example.com", login, password, filename); + free(login); + login = strdup("admi"); + result = Curl_parsenetrc("example.com", &login, &password, filename); fail_unless(result == 0, "Host should be found"); fail_unless(password[0] == 0, "password should not have been changed"); fail_unless(strncmp(login, "admi", 4) == 0, "login should not have been changed"); @@ -84,8 +87,9 @@ UNITTEST_START * Test a non existent login (superstring of an existing one) * in our netrc file. */ - memcpy(login, "adminn", 6); - result = Curl_parsenetrc("example.com", login, password, filename); + free(login); + login = strdup("adminn"); + result = Curl_parsenetrc("example.com", &login, &password, filename); fail_unless(result == 0, "Host should be found"); fail_unless(password[0] == 0, "password should not have been changed"); fail_unless(strncmp(login, "adminn", 6) == 0, "login should not have been changed"); @@ -94,8 +98,9 @@ UNITTEST_START * Test for the first existing host in our netrc file * with login[0] = 0. */ - login[0] = 0; - result = Curl_parsenetrc("example.com", login, password, filename); + free(login); + login = strdup(""); + result = Curl_parsenetrc("example.com", &login, &password, filename); fail_unless(result == 0, "Host should have been found"); fail_unless(strncmp(password, "passwd", 6) == 0, "password should be 'passwd'"); @@ -105,8 +110,9 @@ UNITTEST_START * Test for the first existing host in our netrc file * with login[0] != 0. */ - password[0] = 0; - result = Curl_parsenetrc("example.com", login, password, filename); + free(password); + password = strdup(""); + result = Curl_parsenetrc("example.com", &login, &password, filename); fail_unless(result == 0, "Host should have been found"); fail_unless(strncmp(password, "passwd", 6) == 0, "password should be 'passwd'"); @@ -116,9 +122,11 @@ UNITTEST_START * Test for the second existing host in our netrc file * with login[0] = 0. */ - password[0] = 0; - login[0] = 0; - result = Curl_parsenetrc("curl.example.com", login, password, filename); + free(password); + password = strdup(""); + free(login); + login = strdup(""); + result = Curl_parsenetrc("curl.example.com", &login, &password, filename); fail_unless(result == 0, "Host should have been found"); fail_unless(strncmp(password, "none", 4) == 0, "password should be 'none'"); @@ -128,8 +136,9 @@ UNITTEST_START * Test for the second existing host in our netrc file * with login[0] != 0. */ - password[0] = 0; - result = Curl_parsenetrc("curl.example.com", login, password, filename); + free(password); + password = strdup(""); + result = Curl_parsenetrc("curl.example.com", &login, &password, filename); fail_unless(result == 0, "Host should have been found"); fail_unless(strncmp(password, "none", 4) == 0, "password should be 'none'"); |