aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES8
-rw-r--r--RELEASE-NOTES6
-rw-r--r--lib/url.c5
3 files changed, 15 insertions, 4 deletions
diff --git a/CHANGES b/CHANGES
index 5a8496d6f..c98d4707e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,14 @@
+Daniel (16 December 2005)
+- Jean Jacques Drouin pointed out that you could only have a user name or
+ password of 127 bytes or less embedded in a URL, where actually the code
+ uses a 255 byte buffer for it! Modified now to use the full buffer size.
+
+Daniel (12 December 2005)
+- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
+
Version 7.15.1 (7 December 2005)
Daniel (6 December 2005)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index bbbda0fe4..503ec75b1 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -15,14 +15,16 @@ This release includes the following changes:
This release includes the following bugfixes:
- o
+ o supports name and passwords up to 255 bytes long, embedded in URLs
+ o the HTTP_ONLY define disables the TFTP support
Other curl-related news since the previous public release:
- o
+ o http://curl.hkmirror.org/ is a new curl web mirror in Hong Kong
This release would not have looked like this without help, code, reports and
advice from friends like these:
+ Dov Murik, Jean Jacques Drouin
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/url.c b/lib/url.c
index 3715b10ca..781d1d11d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3166,12 +3166,13 @@ static CURLcode CreateConnection(struct SessionHandle *data,
if(*userpass != ':') {
/* the name is given, get user+password */
- sscanf(userpass, "%127[^:@]:%127[^@]",
+ sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+ "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
user, passwd);
}
else
/* no name given, get the password only */
- sscanf(userpass, ":%127[^@]", passwd);
+ sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
if(user[0]) {
char *newname=curl_unescape(user, 0);