From ad829b21ae9e0f11a821a0a98a1aaab161efa9a2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 25 May 2020 15:38:36 +0200 Subject: url: accept "any length" credentials for proxy auth They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449 --- lib/url.c | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) (limited to 'lib/url.c') diff --git a/lib/url.c b/lib/url.c index 0173dc88a..9c6712c0e 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2355,24 +2355,14 @@ static CURLcode parse_proxy(struct Curl_easy *data, static CURLcode parse_proxy_auth(struct Curl_easy *data, struct connectdata *conn) { - char proxyuser[MAX_CURL_USER_LENGTH]=""; - char proxypasswd[MAX_CURL_PASSWORD_LENGTH]=""; - CURLcode result; - - if(data->set.str[STRING_PROXYUSERNAME] != NULL) { - strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME], - MAX_CURL_USER_LENGTH); - proxyuser[MAX_CURL_USER_LENGTH-1] = '\0'; /*To be on safe side*/ - } - if(data->set.str[STRING_PROXYPASSWORD] != NULL) { - strncpy(proxypasswd, data->set.str[STRING_PROXYPASSWORD], - MAX_CURL_PASSWORD_LENGTH); - proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/ - } + char *proxyuser = data->set.str[STRING_PROXYUSERNAME]; + char *proxypasswd = data->set.str[STRING_PROXYPASSWORD]; + CURLcode result = CURLE_OK; - result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL, - FALSE); - if(!result) + if(proxyuser) + result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL, + FALSE); + if(!result && proxypasswd) result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd, NULL, FALSE); return result; -- cgit v1.2.3