url: reject too long input when parsing credentialsbagder/too-login-creds

Since input passed to libcurl with CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD circumvents the regular string length check we have in Curl_setstropt(), the input length limit is enforced in Curl_parse_login_details too, separately.
author: Daniel Stenberg <daniel@haxx.se> 2020-05-13 00:52:34 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2020-05-13 00:55:24 +0200
commit: 73d5d22134c91afba685e158e10776e4bf507982 (patch)
tree: f8a1cb5042189e31cf87203947b9b177aa3739c1
parent: 3ff89286a99b41f8b63a0ac9c55f6383e9f3bc53 (diff)
download: curl-bagder/too-login-creds.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/url.c b/lib/url.c
index d0e60d2ea..ce94bac05 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2586,6 +2586,12 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len,
   size_t plen;
   size_t olen;
 
+  /* the input length check is because this is called directcly from setopt
+     and isn't going through the regular string length check */
+  size_t llen = strlen(login);
+  if(llen > CURL_MAX_INPUT_LENGTH)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
   /* Attempt to find the password separator */
   if(passwdp) {
     psep = strchr(login, ':');
author	Daniel Stenberg <daniel@haxx.se>	2020-05-13 00:52:34 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2020-05-13 00:55:24 +0200
commit	73d5d22134c91afba685e158e10776e4bf507982 (patch)
tree	f8a1cb5042189e31cf87203947b9b177aa3739c1
parent	3ff89286a99b41f8b63a0ac9c55f6383e9f3bc53 (diff)
download	curl-bagder/too-login-creds.tar.gz