diff options
Diffstat (limited to 'lib/url.c')
| -rw-r--r-- | lib/url.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -2586,6 +2586,12 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len, size_t plen; size_t olen; + /* the input length check is because this is called directcly from setopt + and isn't going through the regular string length check */ + size_t llen = strlen(login); + if(llen > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; + /* Attempt to find the password separator */ if(passwdp) { psep = strchr(login, ':'); |