mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 07:38:49 -05:00
Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code uses a 255 byte buffer for it! Modified now to use the full buffer size.
This commit is contained in:
parent
fea5ddf585
commit
6dbfce1031
8
CHANGES
8
CHANGES
@ -8,6 +8,14 @@
|
||||
|
||||
|
||||
|
||||
Daniel (16 December 2005)
|
||||
- Jean Jacques Drouin pointed out that you could only have a user name or
|
||||
password of 127 bytes or less embedded in a URL, where actually the code
|
||||
uses a 255 byte buffer for it! Modified now to use the full buffer size.
|
||||
|
||||
Daniel (12 December 2005)
|
||||
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
|
||||
|
||||
Version 7.15.1 (7 December 2005)
|
||||
|
||||
Daniel (6 December 2005)
|
||||
|
@ -15,14 +15,16 @@ This release includes the following changes:
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o
|
||||
o supports name and passwords up to 255 bytes long, embedded in URLs
|
||||
o the HTTP_ONLY define disables the TFTP support
|
||||
|
||||
Other curl-related news since the previous public release:
|
||||
|
||||
o
|
||||
o http://curl.hkmirror.org/ is a new curl web mirror in Hong Kong
|
||||
|
||||
This release would not have looked like this without help, code, reports and
|
||||
advice from friends like these:
|
||||
|
||||
Dov Murik, Jean Jacques Drouin
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
@ -3166,12 +3166,13 @@ static CURLcode CreateConnection(struct SessionHandle *data,
|
||||
|
||||
if(*userpass != ':') {
|
||||
/* the name is given, get user+password */
|
||||
sscanf(userpass, "%127[^:@]:%127[^@]",
|
||||
sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
|
||||
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
|
||||
user, passwd);
|
||||
}
|
||||
else
|
||||
/* no name given, get the password only */
|
||||
sscanf(userpass, ":%127[^@]", passwd);
|
||||
sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
|
||||
|
||||
if(user[0]) {
|
||||
char *newname=curl_unescape(user, 0);
|
||||
|
Loading…
Reference in New Issue
Block a user