From a1679498481de5b83532042d1b5bbd269b277a82 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 11 Sep 2020 11:20:07 +0200 Subject: [PATCH] curl: make checkpasswd use dynbuf Closes #5952 --- src/tool_paramhlp.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c index 84d7321bf..03cd44fee 100644 --- a/src/tool_paramhlp.c +++ b/src/tool_paramhlp.c @@ -413,6 +413,7 @@ ParameterError str2offset(curl_off_t *val, const char *str) return PARAM_BAD_NUMERIC; } +#define MAX_USERPWDLENGTH (100*1024) static CURLcode checkpasswd(const char *kind, /* for what purpose */ const size_t i, /* operation index */ const bool last, /* TRUE if last operation */ @@ -432,12 +433,11 @@ static CURLcode checkpasswd(const char *kind, /* for what purpose */ if(!psep && **userpwd != ';') { /* no password present, prompt for one */ - char passwd[256] = ""; + char passwd[2048] = ""; char prompt[256]; - size_t passwdlen; - size_t userlen = strlen(*userpwd); - char *passptr; + struct curlx_dynbuf dyn; + curlx_dyn_init(&dyn, MAX_USERPWDLENGTH); if(osep) *osep = '\0'; @@ -453,22 +453,15 @@ static CURLcode checkpasswd(const char *kind, /* for what purpose */ /* get password */ getpass_r(prompt, passwd, sizeof(passwd)); - passwdlen = strlen(passwd); - if(osep) *osep = ';'; - /* extend the allocated memory area to fit the password too */ - passptr = realloc(*userpwd, - passwdlen + 1 + /* an extra for the colon */ - userlen + 1); /* an extra for the zero */ - if(!passptr) + if(curlx_dyn_addf(&dyn, "%s:%s", *userpwd, passwd)) return CURLE_OUT_OF_MEMORY; - /* append the password separated with a colon */ - passptr[userlen] = ':'; - memcpy(&passptr[userlen + 1], passwd, passwdlen + 1); - *userpwd = passptr; + /* return the new string */ + free(*userpwd); + *userpwd = curlx_dyn_ptr(&dyn); } return CURLE_OK;