summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2020-05-25 15:38:36 +0200
committerDaniel Stenberg <daniel@haxx.se>2020-05-25 23:08:57 +0200
commitad829b21ae9e0f11a821a0a98a1aaab161efa9a2 (patch)
tree43914a76da27ebdeae8863653f9012d27c242036 /lib
parent96f52abf809fc3f20eaa5ee9e4a4382e85520876 (diff)
downloadcurl-ad829b21ae9e0f11a821a0a98a1aaab161efa9a2.tar.gz
url: accept "any length" credentials for proxy auth
They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
Diffstat (limited to 'lib')
-rw-r--r--lib/escape.c9
-rw-r--r--lib/url.c24
-rw-r--r--lib/urldata.h11
3 files changed, 14 insertions, 30 deletions
diff --git a/lib/escape.c b/lib/escape.c
index 97352a91d..f3c558ed0 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -134,12 +134,17 @@ CURLcode Curl_urldecode(struct Curl_easy *data,
char **ostring, size_t *olen,
bool reject_ctrl)
{
- size_t alloc = (length?length:strlen(string)) + 1;
- char *ns = malloc(alloc);
+ size_t alloc;
+ char *ns;
size_t strindex = 0;
unsigned long hex;
CURLcode result = CURLE_OK;
+ DEBUGASSERT(string);
+
+ alloc = (length?length:strlen(string)) + 1;
+ ns = malloc(alloc);
+
if(!ns)
return CURLE_OUT_OF_MEMORY;
diff --git a/lib/url.c b/lib/url.c
index 0173dc88a..9c6712c0e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2355,24 +2355,14 @@ static CURLcode parse_proxy(struct Curl_easy *data,
static CURLcode parse_proxy_auth(struct Curl_easy *data,
struct connectdata *conn)
{
- char proxyuser[MAX_CURL_USER_LENGTH]="";
- char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
- CURLcode result;
-
- if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
- strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
- MAX_CURL_USER_LENGTH);
- proxyuser[MAX_CURL_USER_LENGTH-1] = '\0'; /*To be on safe side*/
- }
- if(data->set.str[STRING_PROXYPASSWORD] != NULL) {
- strncpy(proxypasswd, data->set.str[STRING_PROXYPASSWORD],
- MAX_CURL_PASSWORD_LENGTH);
- proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
- }
+ char *proxyuser = data->set.str[STRING_PROXYUSERNAME];
+ char *proxypasswd = data->set.str[STRING_PROXYPASSWORD];
+ CURLcode result = CURLE_OK;
- result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
- FALSE);
- if(!result)
+ if(proxyuser)
+ result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
+ FALSE);
+ if(!result && proxypasswd)
result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd,
NULL, FALSE);
return result;
diff --git a/lib/urldata.h b/lib/urldata.h
index 38c40f594..f31fd6df9 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1228,17 +1228,6 @@ typedef enum {
RTSPREQ_LAST /* last in list */
} Curl_RtspReq;
-/*
- * Values that are generated, temporary or calculated internally for a
- * "session handle" must be defined within the 'struct UrlState'. This struct
- * will be used within the Curl_easy struct. When the 'Curl_easy'
- * struct is cloned, this data MUST NOT be copied.
- *
- * Remember that any "state" information goes globally for the curl handle.
- * Session-data MUST be put in the connectdata struct and here. */
-#define MAX_CURL_USER_LENGTH 256
-#define MAX_CURL_PASSWORD_LENGTH 256
-
struct auth {
unsigned long want; /* Bitmask set to the authentication methods wanted by
app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */