From 169fedbdce93ecf14befb6e0e1ce6a2d480252a3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 14 Dec 2013 22:39:27 +0100 Subject: login options: remove the ;[options] support from CURLOPT_USERPWD To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg --- lib/url.c | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) (limited to 'lib/url.c') diff --git a/lib/url.c b/lib/url.c index 7536877ba..5903628c9 100644 --- a/lib/url.c +++ b/lib/url.c @@ -299,13 +299,11 @@ static CURLcode setstropt(char **charp, char *s) return CURLE_OK; } -static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, - char **optionsp) +static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) { CURLcode result = CURLE_OK; char *user = NULL; char *passwd = NULL; - char *options = NULL; /* Parse the login details if specified. It not then we treat NULL as a hint to clear the existing data */ @@ -313,7 +311,7 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, result = parse_login_details(option, strlen(option), (userp ? &user : NULL), (passwdp ? &passwd : NULL), - (optionsp ? &options : NULL)); + NULL); } if(!result) { @@ -335,12 +333,6 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, Curl_safefree(*passwdp); *passwdp = passwd; } - - /* Store the options part of option if required */ - if(optionsp) { - Curl_safefree(*optionsp); - *optionsp = options; - } } return result; @@ -1553,12 +1545,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, case CURLOPT_USERPWD: /* - * user:password;options to use in the operation + * user:password to use in the operation */ result = setstropt_userpwd(va_arg(param, char *), &data->set.str[STRING_USERNAME], - &data->set.str[STRING_PASSWORD], - &data->set.str[STRING_OPTIONS]); + &data->set.str[STRING_PASSWORD]); break; case CURLOPT_USERNAME: @@ -1577,7 +1568,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, va_arg(param, char *)); break; - case CURLOPT_OPTIONS: + case CURLOPT_LOGIN_OPTIONS: /* * authentication options to use in the operation */ @@ -1662,7 +1653,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, */ result = setstropt_userpwd(va_arg(param, char *), &data->set.str[STRING_PROXYUSERNAME], - &data->set.str[STRING_PROXYPASSWORD], NULL); + &data->set.str[STRING_PROXYPASSWORD]); break; case CURLOPT_PROXYUSERNAME: /* -- cgit v1.2.3