diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2022-10-12 23:48:38 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2022-10-13 23:42:07 +0200 |
| commit | a2aa980886394db00a32d14b94e3bbbe1ea725cd (patch) | |
| tree | 33aed50c0e946d6fdd605b8ed58b7ef62f7acc8a /lib/url.c | |
| parent | 6efb6b1e772934da9f3bc0d5dba5420da14ce587 (diff) | |
| download | curl-a2aa980886394db00a32d14b94e3bbbe1ea725cd.tar.gz | |
netrc: use the URL-decoded user
When the user name is provided in the URL it is URL encoded there, but
when used for authentication the encoded version should be used.
Regression introduced after 7.83.0
Reported-by: Jonas Haag
Fixes #9709
Closes #9715
Diffstat (limited to 'lib/url.c')
| -rw-r--r-- | lib/url.c | 34 |
1 files changed, 17 insertions, 17 deletions
@@ -2089,7 +2089,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return Curl_uc_to_curlcode(uc); } - if(!data->state.aptr.user) { + if(!data->set.str[STRING_USERNAME]) { /* we don't use the URL API's URL decoder option here since it rejects control codes and we want to allow them for some schemes in the user and password fields */ @@ -2996,14 +2996,8 @@ static CURLcode override_login(struct Curl_easy *data, char **userp = &conn->user; char **passwdp = &conn->passwd; char **optionsp = &conn->options; - -#ifndef CURL_DISABLE_NETRC - if(data->set.use_netrc == CURL_NETRC_REQUIRED && data->state.aptr.user) { - Curl_safefree(*userp); - Curl_safefree(*passwdp); - Curl_safefree(data->state.aptr.user); /* disable user+password */ - } -#endif + bool netrc_user_changed = FALSE; + bool netrc_passwd_changed = FALSE; if(data->set.str[STRING_OPTIONS]) { free(*optionsp); @@ -3013,16 +3007,18 @@ static CURLcode override_login(struct Curl_easy *data, } #ifndef CURL_DISABLE_NETRC + if(data->set.use_netrc == CURL_NETRC_REQUIRED) { + Curl_safefree(*userp); + Curl_safefree(*passwdp); + } conn->bits.netrc = FALSE; if(data->set.use_netrc && !data->set.str[STRING_USERNAME]) { - bool netrc_user_changed = FALSE; - bool netrc_passwd_changed = FALSE; int ret; bool url_provided = FALSE; - if(data->state.up.user) { - /* there was a user name in the URL */ - userp = &data->state.up.user; + if(data->state.aptr.user) { + /* there was a user name in the URL. Use the URL decoded version */ + userp = &data->state.aptr.user; url_provided = TRUE; } @@ -3061,9 +3057,13 @@ static CURLcode override_login(struct Curl_easy *data, /* for updated strings, we update them in the URL */ if(*userp) { - CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); - if(result) - return result; + CURLcode result; + if(data->state.aptr.user != *userp) { + /* nothing to do then */ + result = Curl_setstropt(&data->state.aptr.user, *userp); + if(result) + return result; + } } if(data->state.aptr.user) { uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, |