diff --git a/lib/ftp.c b/lib/ftp.c index cc9b2dbcf..118216c09 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -409,9 +409,9 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) /* get some initial data into the ftp struct */ ftp->bytecountp = &conn->bytecount; - /* no need to duplicate them, the data struct won't change */ - ftp->user = data->state.user; - ftp->passwd = data->state.passwd; + /* no need to duplicate them, this connectdata struct won't change */ + ftp->user = conn->user; + ftp->passwd = conn->passwd; ftp->response_time = 3600; /* set default response time-out */ if (data->set.tunnel_thru_httpproxy) { diff --git a/lib/http.c b/lib/http.c index d710ff5f4..661ccd7d6 100644 --- a/lib/http.c +++ b/lib/http.c @@ -650,8 +650,7 @@ static CURLcode Curl_output_basic(struct connectdata *conn) char *authorization; struct SessionHandle *data=conn->data; - sprintf(data->state.buffer, "%s:%s", - data->state.user, data->state.passwd); + sprintf(data->state.buffer, "%s:%s", conn->user, conn->passwd); if(Curl_base64_encode(data->state.buffer, strlen(data->state.buffer), &authorization) >= 0) { if(conn->allocptr.userpwd) diff --git a/lib/http_digest.c b/lib/http_digest.c index 51bcb8450..1e1c6826d 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -154,18 +154,18 @@ CURLcode Curl_output_digest(struct connectdata *conn, if(data->state.digest.algo == CURLDIGESTALGO_MD5SESS) { md5this = (unsigned char *) aprintf("%s:%s:%s:%s:%s", - data->state.user, + conn->user, data->state.digest.realm, - data->state.passwd, + conn->passwd, data->state.digest.nonce, data->state.digest.cnonce); } else { md5this = (unsigned char *) aprintf("%s:%s:%s", - data->state.user, + conn->user, data->state.digest.realm, - data->state.passwd); + conn->passwd); } Curl_md5it(md5buf, md5this); free(md5this); /* free this again */ @@ -202,7 +202,7 @@ CURLcode Curl_output_digest(struct connectdata *conn, "nonce=\"%s\", " "uri=\"%s\", " "response=\"%s\"\r\n", - data->state.user, + conn->user, data->state.digest.realm, data->state.digest.nonce, uripath, /* this is the PATH part of the URL */ diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index c7c5c9eed..258e45101 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -271,7 +271,6 @@ static void mkhash(char *password, /* this is for creating ntlm header output */ CURLcode Curl_output_ntlm(struct connectdata *conn) { - struct SessionHandle *data=conn->data; const char *domain=""; /* empty */ const char *host=""; /* empty */ int domlen=strlen(domain); @@ -339,6 +338,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) size = Curl_base64_encode(ntlm, size, &base64); if(size >0 ) { + if(conn->allocptr.userpwd) + free(conn->allocptr.userpwd); conn->allocptr.userpwd = aprintf("Authorization: NTLM %s\r\n", base64); free(base64); @@ -377,20 +378,20 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) const char *user; int userlen; - user = strchr(data->state.user, '\\'); + user = strchr(conn->user, '\\'); if(!user) - user = strchr(data->state.user, '/'); + user = strchr(conn->user, '/'); if (user) { - domain = data->state.user; + domain = conn->user; domlen = user - domain; user++; } else - user = data->state.user; + user = conn->user; userlen = strlen(user); - mkhash(data->state.passwd, &conn->ntlm.nonce[0], lmresp + mkhash(conn->passwd, &conn->ntlm.nonce[0], lmresp #ifdef USE_NTRESPONSES , ntresp #endif @@ -510,6 +511,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn) size = Curl_base64_encode(ntlm, size, &base64); if(size >0 ) { + if(conn->allocptr.userpwd) + free(conn->allocptr.userpwd); conn->allocptr.userpwd = aprintf("Authorization: NTLM %s\r\n", base64); free(base64); diff --git a/lib/krb4.c b/lib/krb4.c index 6c91e2fb9..b80ea390e 100644 --- a/lib/krb4.c +++ b/lib/krb4.c @@ -322,7 +322,7 @@ CURLcode Curl_krb_kauth(struct connectdata *conn) save = Curl_set_command_prot(conn, prot_private); - result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->data->state.user); + result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->user); if(result) return result; diff --git a/lib/ldap.c b/lib/ldap.c index 011996734..2228d5bc7 100644 --- a/lib/ldap.c +++ b/lib/ldap.c @@ -178,8 +178,8 @@ CURLcode Curl_ldap(struct connectdata *conn) status = CURLE_COULDNT_CONNECT; } else { rc = ldap_simple_bind_s(server, - conn->bits.user_passwd?data->state.user:NULL, - conn->bits.user_passwd?data->state.passwd:NULL); + conn->bits.user_passwd?conn->user:NULL, + conn->bits.user_passwd?conn->passwd:NULL); if (rc != 0) { failf(data, "LDAP: %s", ldap_err2string(rc)); status = CURLE_LDAP_CANNOT_BIND; diff --git a/lib/telnet.c b/lib/telnet.c index e345caaa3..cb6e3ed58 100644 --- a/lib/telnet.c +++ b/lib/telnet.c @@ -756,7 +756,7 @@ static int check_telnet_options(struct connectdata *conn) if(conn->bits.user_passwd) { char *buf = malloc(256); - sprintf(buf, "USER,%s", data->state.user); + sprintf(buf, "USER,%s", conn->user); tn->telnet_vars = curl_slist_append(tn->telnet_vars, buf); tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES; diff --git a/lib/url.c b/lib/url.c index 3b6a73b90..5a91b8c03 100644 --- a/lib/url.c +++ b/lib/url.c @@ -1252,6 +1252,11 @@ CURLcode Curl_disconnect(struct connectdata *conn) if(-1 != conn->firstsocket) sclose(conn->firstsocket); + if(conn->user) + free(conn->user); + if(conn->passwd) + free(conn->passwd); + if(conn->allocptr.proxyuserpwd) free(conn->allocptr.proxyuserpwd); if(conn->allocptr.uagent) @@ -1358,8 +1363,8 @@ ConnectionExists(struct SessionHandle *data, if(needle->protocol & PROT_FTP) { /* This is FTP, verify that we're using the same name and password as well */ - if(!strequal(needle->data->state.user, check->proto.ftp->user) || - !strequal(needle->data->state.passwd, check->proto.ftp->passwd)) { + if(!strequal(needle->user, check->user) || + !strequal(needle->passwd, check->passwd)) { /* one of them was different */ continue; } @@ -1840,6 +1845,11 @@ static CURLcode CreateConnection(struct SessionHandle *data, unsigned int prev_alarm=0; #endif char endbracket; + char user[MAX_CURL_USER_LENGTH]; + char passwd[MAX_CURL_PASSWORD_LENGTH]; + bool passwdgiven=FALSE; /* set TRUE if an application-provided password has + been set */ + #ifdef HAVE_SIGACTION struct sigaction keep_sigact; /* store the old struct here */ @@ -2590,8 +2600,8 @@ static CURLcode CreateConnection(struct SessionHandle *data, * * Outputs: (almost :- all currently undefined) * conn->bits.user_passwd - non-zero if non-default passwords exist - * conn->state.user - non-zero length if defined - * conn->state.passwd - ditto + * conn->user - non-zero length if defined + * conn->passwd - ditto * conn->hostname - remove user name and password */ @@ -2602,8 +2612,8 @@ static CURLcode CreateConnection(struct SessionHandle *data, * We need somewhere to put the embedded details, so do that first. */ - data->state.user[0] =0; /* to make everything well-defined */ - data->state.passwd[0]=0; + user[0] =0; /* to make everything well-defined */ + passwd[0]=0; if (conn->protocol & (PROT_FTP|PROT_HTTP)) { /* This is a FTP or HTTP URL, we will now try to extract the possible @@ -2630,31 +2640,31 @@ static CURLcode CreateConnection(struct SessionHandle *data, if(*userpass != ':') { /* the name is given, get user+password */ sscanf(userpass, "%127[^:@]:%127[^@]", - data->state.user, data->state.passwd); + user, passwd); } else /* no name given, get the password only */ - sscanf(userpass, ":%127[^@]", data->state.passwd); + sscanf(userpass, ":%127[^@]", passwd); - if(data->state.user[0]) { - char *newname=curl_unescape(data->state.user, 0); - if(strlen(newname) < sizeof(data->state.user)) { - strcpy(data->state.user, newname); + if(user[0]) { + char *newname=curl_unescape(user, 0); + if(strlen(newname) < sizeof(user)) { + strcpy(user, newname); } /* if the new name is longer than accepted, then just use the unconverted name, it'll be wrong but what the heck */ free(newname); } - if (data->state.passwd[0]) { + if (passwd[0]) { /* we have a password found in the URL, decode it! */ - char *newpasswd=curl_unescape(data->state.passwd, 0); - if(strlen(newpasswd) < sizeof(data->state.passwd)) { - strcpy(data->state.passwd, newpasswd); + char *newpasswd=curl_unescape(passwd, 0); + if(strlen(newpasswd) < sizeof(passwd)) { + strcpy(passwd, newpasswd); } free(newpasswd); /* we have set the password */ - data->state.passwdgiven = TRUE; + passwdgiven = TRUE; } } } @@ -2673,35 +2683,35 @@ static CURLcode CreateConnection(struct SessionHandle *data, if(*data->set.userpwd != ':') { /* the name is given, get user+password */ sscanf(data->set.userpwd, "%127[^:]:%127[^\n]", - data->state.user, data->state.passwd); + user, passwd); if(strchr(data->set.userpwd, ':')) /* a colon means the password was given, even if blank */ - data->state.passwdgiven = TRUE; + passwdgiven = TRUE; } else /* no name given, starts with a colon, get the password only */ - sscanf(data->set.userpwd+1, "%127[^\n]", data->state.passwd); + sscanf(data->set.userpwd+1, "%127[^\n]", passwd); } if ((data->set.use_netrc != CURL_NETRC_IGNORED) && - !data->state.passwdgiven) { /* need passwd */ + !passwdgiven) { /* need passwd */ if(Curl_parsenetrc(conn->hostname, - data->state.user, - data->state.passwd)) { + user, + passwd)) { infof(data, "Couldn't find host %s in the .netrc file, using defaults", conn->hostname); } else { conn->bits.user_passwd = 1; /* enable user+password */ - data->state.passwdgiven = TRUE; + passwdgiven = TRUE; } } /* if we have a user but no password, ask for one */ - if(conn->bits.user_passwd && !data->state.passwdgiven ) { + if(conn->bits.user_passwd && !passwdgiven ) { if(data->set.fpasswd(data->set.passwd_client, - "password:", data->state.passwd, - sizeof(data->state.passwd))) + "password:", passwd, + sizeof(passwd))) return CURLE_BAD_PASSWORD_ENTERED; } @@ -2710,14 +2720,18 @@ static CURLcode CreateConnection(struct SessionHandle *data, /* If our protocol needs a password and we have none, use the defaults */ if ( (conn->protocol & (PROT_FTP|PROT_HTTP)) && !conn->bits.user_passwd && - !data->state.passwdgiven) { + !passwdgiven) { - strcpy(data->state.user, CURL_DEFAULT_USER); - strcpy(data->state.passwd, CURL_DEFAULT_PASSWORD); + strcpy(user, CURL_DEFAULT_USER); + strcpy(passwd, CURL_DEFAULT_PASSWORD); /* This is the default password, so DON'T set conn->bits.user_passwd */ } + /* store user + password */ + conn->user = strdup(user); + conn->passwd = strdup(passwd); + /************************************************************* * Check the current list of connections to see if we can * re-use an already existing one or if we have to create a @@ -2777,6 +2791,9 @@ static CURLcode CreateConnection(struct SessionHandle *data, otherwise */ conn->maxdownload = -1; /* might have been used previously! */ + free(old_conn->user); + free(old_conn->passwd); + free(old_conn); /* we don't need this anymore */ /*