mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
o the name and password arrays are 256 bytes, so let's accept that lengthy
input o have ->passwd and ->name be NULL if no name/passwd was given o only set default user+password for FTP if no userpwd was given
This commit is contained in:
parent
9e3f54431d
commit
679654bd47
27
lib/url.c
27
lib/url.c
@ -2119,7 +2119,9 @@ static CURLcode CreateConnection(struct SessionHandle *data,
|
||||
char proxyuser[MAX_CURL_USER_LENGTH]="";
|
||||
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
|
||||
|
||||
sscanf(data->set.proxyuserpwd, "%127[^:]:%127[^\n]",
|
||||
sscanf(data->set.proxyuserpwd,
|
||||
"%" MAX_CURL_USER_LENGTH_TXT "[^:]:"
|
||||
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]",
|
||||
proxyuser, proxypasswd);
|
||||
|
||||
conn->proxyuser = strdup(proxyuser);
|
||||
@ -2730,7 +2732,9 @@ static CURLcode CreateConnection(struct SessionHandle *data,
|
||||
*/
|
||||
if (data->set.userpwd != NULL) {
|
||||
/* the name is given, get user+password */
|
||||
sscanf(data->set.userpwd, "%127[^:]:%127[^\n]",
|
||||
sscanf(data->set.userpwd,
|
||||
"%" MAX_CURL_USER_LENGTH_TXT "[^:]:"
|
||||
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]",
|
||||
user, passwd);
|
||||
}
|
||||
|
||||
@ -2745,18 +2749,19 @@ static CURLcode CreateConnection(struct SessionHandle *data,
|
||||
}
|
||||
|
||||
/* If our protocol needs a password and we have none, use the defaults */
|
||||
if ( (conn->protocol & (PROT_FTP|PROT_HTTP)) &&
|
||||
if ( (conn->protocol & PROT_FTP) &&
|
||||
!conn->bits.user_passwd) {
|
||||
|
||||
strcpy(user, CURL_DEFAULT_USER);
|
||||
strcpy(passwd, CURL_DEFAULT_PASSWORD);
|
||||
conn->user = strdup(CURL_DEFAULT_USER);
|
||||
conn->passwd = strdup(CURL_DEFAULT_PASSWORD);
|
||||
|
||||
/* This is the default password, so DON'T set conn->bits.user_passwd */
|
||||
}
|
||||
|
||||
/* store user + password */
|
||||
conn->user = strdup(user);
|
||||
conn->passwd = strdup(passwd);
|
||||
else {
|
||||
/* store user + password */
|
||||
conn->user = user[0]?strdup(user):NULL;
|
||||
conn->passwd = passwd[0]?strdup(passwd):NULL;
|
||||
}
|
||||
|
||||
/*************************************************************
|
||||
* Check the current list of connections to see if we can
|
||||
@ -2817,8 +2822,8 @@ static CURLcode CreateConnection(struct SessionHandle *data,
|
||||
otherwise */
|
||||
conn->maxdownload = -1; /* might have been used previously! */
|
||||
|
||||
free(old_conn->user);
|
||||
free(old_conn->passwd);
|
||||
Curl_safefree(old_conn->user);
|
||||
Curl_safefree(old_conn->passwd);
|
||||
Curl_safefree(old_conn->proxyuser);
|
||||
Curl_safefree(old_conn->proxypasswd);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user