From ad829b21ae9e0f11a821a0a98a1aaab161efa9a2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 25 May 2020 15:38:36 +0200
Subject: url: accept "any length" credentials for proxy auth

They're only limited to the maximum string input restrictions, not to
256 bytes.

Added test 1178 to verify

Reported-by: Will Roberts
Fixes #5448
Closes #5449
---
 lib/escape.c  |  9 +++++++--
 lib/url.c     | 24 +++++++-----------------
 lib/urldata.h | 11 -----------
 3 files changed, 14 insertions(+), 30 deletions(-)

(limited to 'lib')

diff --git a/lib/escape.c b/lib/escape.c
index 97352a91d..f3c558ed0 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -134,12 +134,17 @@ CURLcode Curl_urldecode(struct Curl_easy *data,
                         char **ostring, size_t *olen,
                         bool reject_ctrl)
 {
-  size_t alloc = (length?length:strlen(string)) + 1;
-  char *ns = malloc(alloc);
+  size_t alloc;
+  char *ns;
   size_t strindex = 0;
   unsigned long hex;
   CURLcode result = CURLE_OK;
 
+  DEBUGASSERT(string);
+
+  alloc = (length?length:strlen(string)) + 1;
+  ns = malloc(alloc);
+
   if(!ns)
     return CURLE_OUT_OF_MEMORY;
 
diff --git a/lib/url.c b/lib/url.c
index 0173dc88a..9c6712c0e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2355,24 +2355,14 @@ static CURLcode parse_proxy(struct Curl_easy *data,
 static CURLcode parse_proxy_auth(struct Curl_easy *data,
                                  struct connectdata *conn)
 {
-  char proxyuser[MAX_CURL_USER_LENGTH]="";
-  char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
-  CURLcode result;
-
-  if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
-    strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
-            MAX_CURL_USER_LENGTH);
-    proxyuser[MAX_CURL_USER_LENGTH-1] = '\0';   /*To be on safe side*/
-  }
-  if(data->set.str[STRING_PROXYPASSWORD] != NULL) {
-    strncpy(proxypasswd, data->set.str[STRING_PROXYPASSWORD],
-            MAX_CURL_PASSWORD_LENGTH);
-    proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
-  }
+  char *proxyuser = data->set.str[STRING_PROXYUSERNAME];
+  char *proxypasswd = data->set.str[STRING_PROXYPASSWORD];
+  CURLcode result = CURLE_OK;
 
-  result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
-                          FALSE);
-  if(!result)
+  if(proxyuser)
+    result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
+                            FALSE);
+  if(!result && proxypasswd)
     result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd,
                             NULL, FALSE);
   return result;
diff --git a/lib/urldata.h b/lib/urldata.h
index 38c40f594..f31fd6df9 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1228,17 +1228,6 @@ typedef enum {
     RTSPREQ_LAST /* last in list */
 } Curl_RtspReq;
 
-/*
- * Values that are generated, temporary or calculated internally for a
- * "session handle" must be defined within the 'struct UrlState'.  This struct
- * will be used within the Curl_easy struct. When the 'Curl_easy'
- * struct is cloned, this data MUST NOT be copied.
- *
- * Remember that any "state" information goes globally for the curl handle.
- * Session-data MUST be put in the connectdata struct and here.  */
-#define MAX_CURL_USER_LENGTH 256
-#define MAX_CURL_PASSWORD_LENGTH 256
-
 struct auth {
   unsigned long want;  /* Bitmask set to the authentication methods wanted by
                           app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
-- 
cgit v1.2.3