curl: make checkpasswd use dynbuf

Closes #5952

1 files changed, 8 insertions, 15 deletions

diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 84d7321bf..03cd44fee 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -413,6 +413,7 @@ ParameterError str2offset(curl_off_t *val, const char *str)
   return PARAM_BAD_NUMERIC;
 }
 
+#define MAX_USERPWDLENGTH (100*1024)
 static CURLcode checkpasswd(const char *kind, /* for what purpose */
                             const size_t i,   /* operation index */
                             const bool last,  /* TRUE if last operation */
@@ -432,12 +433,11 @@ static CURLcode checkpasswd(const char *kind, /* for what purpose */
 
   if(!psep && **userpwd != ';') {
     /* no password present, prompt for one */
-    char passwd[256] = "";
+    char passwd[2048] = "";
     char prompt[256];
-    size_t passwdlen;
-    size_t userlen = strlen(*userpwd);
-    char *passptr;
+    struct curlx_dynbuf dyn;
 
+    curlx_dyn_init(&dyn, MAX_USERPWDLENGTH);
     if(osep)
       *osep = '\0';
 
@@ -453,22 +453,15 @@ static CURLcode checkpasswd(const char *kind, /* for what purpose */
 
     /* get password */
     getpass_r(prompt, passwd, sizeof(passwd));
-    passwdlen = strlen(passwd);
-
     if(osep)
       *osep = ';';
 
-    /* extend the allocated memory area to fit the password too */
-    passptr = realloc(*userpwd,
-                      passwdlen + 1 + /* an extra for the colon */
-                      userlen + 1);   /* an extra for the zero */
-    if(!passptr)
+    if(curlx_dyn_addf(&dyn, "%s:%s", *userpwd, passwd))
       return CURLE_OUT_OF_MEMORY;
 
-    /* append the password separated with a colon */
-    passptr[userlen] = ':';
-    memcpy(&passptr[userlen + 1], passwd, passwdlen + 1);
-    *userpwd = passptr;
+    /* return the new string */
+    free(*userpwd);
+    *userpwd = curlx_dyn_ptr(&dyn);
   }
 
   return CURLE_OK;