Jean Jacques Drouin pointed out that you could only have a user name or

password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
This commit is contained in:
Daniel Stenberg 2005-12-16 14:52:16 +00:00
parent fea5ddf585
commit 6dbfce1031
3 changed files with 15 additions and 4 deletions

View File

@ -8,6 +8,14 @@
Daniel (16 December 2005)
- Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
Daniel (12 December 2005)
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
Version 7.15.1 (7 December 2005) Version 7.15.1 (7 December 2005)
Daniel (6 December 2005) Daniel (6 December 2005)

View File

@ -15,14 +15,16 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o o supports name and passwords up to 255 bytes long, embedded in URLs
o the HTTP_ONLY define disables the TFTP support
Other curl-related news since the previous public release: Other curl-related news since the previous public release:
o o http://curl.hkmirror.org/ is a new curl web mirror in Hong Kong
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
Dov Murik, Jean Jacques Drouin
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

View File

@ -3166,12 +3166,13 @@ static CURLcode CreateConnection(struct SessionHandle *data,
if(*userpass != ':') { if(*userpass != ':') {
/* the name is given, get user+password */ /* the name is given, get user+password */
sscanf(userpass, "%127[^:@]:%127[^@]", sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
user, passwd); user, passwd);
} }
else else
/* no name given, get the password only */ /* no name given, get the password only */
sscanf(userpass, ":%127[^@]", passwd); sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
if(user[0]) { if(user[0]) {
char *newname=curl_unescape(user, 0); char *newname=curl_unescape(user, 0);