From 679654bd47b401a1463bbaefac097d1212ea2ba9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 17 Oct 2003 09:28:00 +0000 Subject: [PATCH] o the name and password arrays are 256 bytes, so let's accept that lengthy input o have ->passwd and ->name be NULL if no name/passwd was given o only set default user+password for FTP if no userpwd was given --- lib/url.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/lib/url.c b/lib/url.c index 7271af1da..b4cfc798e 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2119,7 +2119,9 @@ static CURLcode CreateConnection(struct SessionHandle *data, char proxyuser[MAX_CURL_USER_LENGTH]=""; char proxypasswd[MAX_CURL_PASSWORD_LENGTH]=""; - sscanf(data->set.proxyuserpwd, "%127[^:]:%127[^\n]", + sscanf(data->set.proxyuserpwd, + "%" MAX_CURL_USER_LENGTH_TXT "[^:]:" + "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]", proxyuser, proxypasswd); conn->proxyuser = strdup(proxyuser); @@ -2730,7 +2732,9 @@ static CURLcode CreateConnection(struct SessionHandle *data, */ if (data->set.userpwd != NULL) { /* the name is given, get user+password */ - sscanf(data->set.userpwd, "%127[^:]:%127[^\n]", + sscanf(data->set.userpwd, + "%" MAX_CURL_USER_LENGTH_TXT "[^:]:" + "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]", user, passwd); } @@ -2745,18 +2749,19 @@ static CURLcode CreateConnection(struct SessionHandle *data, } /* If our protocol needs a password and we have none, use the defaults */ - if ( (conn->protocol & (PROT_FTP|PROT_HTTP)) && + if ( (conn->protocol & PROT_FTP) && !conn->bits.user_passwd) { - strcpy(user, CURL_DEFAULT_USER); - strcpy(passwd, CURL_DEFAULT_PASSWORD); + conn->user = strdup(CURL_DEFAULT_USER); + conn->passwd = strdup(CURL_DEFAULT_PASSWORD); /* This is the default password, so DON'T set conn->bits.user_passwd */ } - - /* store user + password */ - conn->user = strdup(user); - conn->passwd = strdup(passwd); + else { + /* store user + password */ + conn->user = user[0]?strdup(user):NULL; + conn->passwd = passwd[0]?strdup(passwd):NULL; + } /************************************************************* * Check the current list of connections to see if we can @@ -2817,8 +2822,8 @@ static CURLcode CreateConnection(struct SessionHandle *data, otherwise */ conn->maxdownload = -1; /* might have been used previously! */ - free(old_conn->user); - free(old_conn->passwd); + Curl_safefree(old_conn->user); + Curl_safefree(old_conn->passwd); Curl_safefree(old_conn->proxyuser); Curl_safefree(old_conn->proxypasswd);