Jean Jacques Drouin pointed out that you could only have a user name or

password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
This commit is contained in:
Daniel Stenberg 2005-12-16 14:52:16 +00:00
parent fea5ddf585
commit 6dbfce1031
3 changed files with 15 additions and 4 deletions

View File

@ -8,6 +8,14 @@
Daniel (16 December 2005)
- Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
Daniel (12 December 2005)
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
Version 7.15.1 (7 December 2005)
Daniel (6 December 2005)

View File

@ -15,14 +15,16 @@ This release includes the following changes:
This release includes the following bugfixes:
o
o supports name and passwords up to 255 bytes long, embedded in URLs
o the HTTP_ONLY define disables the TFTP support
Other curl-related news since the previous public release:
o
o http://curl.hkmirror.org/ is a new curl web mirror in Hong Kong
This release would not have looked like this without help, code, reports and
advice from friends like these:
Dov Murik, Jean Jacques Drouin
Thanks! (and sorry if I forgot to mention someone)

View File

@ -3166,12 +3166,13 @@ static CURLcode CreateConnection(struct SessionHandle *data,
if(*userpass != ':') {
/* the name is given, get user+password */
sscanf(userpass, "%127[^:@]:%127[^@]",
sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
user, passwd);
}
else
/* no name given, get the password only */
sscanf(userpass, ":%127[^@]", passwd);
sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);
if(user[0]) {
char *newname=curl_unescape(user, 0);