mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
url: accept "any length" credentials for proxy auth
They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
This commit is contained in:
parent
96f52abf80
commit
ad829b21ae
@ -134,12 +134,17 @@ CURLcode Curl_urldecode(struct Curl_easy *data,
|
||||
char **ostring, size_t *olen,
|
||||
bool reject_ctrl)
|
||||
{
|
||||
size_t alloc = (length?length:strlen(string)) + 1;
|
||||
char *ns = malloc(alloc);
|
||||
size_t alloc;
|
||||
char *ns;
|
||||
size_t strindex = 0;
|
||||
unsigned long hex;
|
||||
CURLcode result = CURLE_OK;
|
||||
|
||||
DEBUGASSERT(string);
|
||||
|
||||
alloc = (length?length:strlen(string)) + 1;
|
||||
ns = malloc(alloc);
|
||||
|
||||
if(!ns)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
|
24
lib/url.c
24
lib/url.c
@ -2355,24 +2355,14 @@ static CURLcode parse_proxy(struct Curl_easy *data,
|
||||
static CURLcode parse_proxy_auth(struct Curl_easy *data,
|
||||
struct connectdata *conn)
|
||||
{
|
||||
char proxyuser[MAX_CURL_USER_LENGTH]="";
|
||||
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
|
||||
CURLcode result;
|
||||
char *proxyuser = data->set.str[STRING_PROXYUSERNAME];
|
||||
char *proxypasswd = data->set.str[STRING_PROXYPASSWORD];
|
||||
CURLcode result = CURLE_OK;
|
||||
|
||||
if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
|
||||
strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
|
||||
MAX_CURL_USER_LENGTH);
|
||||
proxyuser[MAX_CURL_USER_LENGTH-1] = '\0'; /*To be on safe side*/
|
||||
}
|
||||
if(data->set.str[STRING_PROXYPASSWORD] != NULL) {
|
||||
strncpy(proxypasswd, data->set.str[STRING_PROXYPASSWORD],
|
||||
MAX_CURL_PASSWORD_LENGTH);
|
||||
proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
|
||||
}
|
||||
|
||||
result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
|
||||
FALSE);
|
||||
if(!result)
|
||||
if(proxyuser)
|
||||
result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
|
||||
FALSE);
|
||||
if(!result && proxypasswd)
|
||||
result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd,
|
||||
NULL, FALSE);
|
||||
return result;
|
||||
|
@ -1228,17 +1228,6 @@ typedef enum {
|
||||
RTSPREQ_LAST /* last in list */
|
||||
} Curl_RtspReq;
|
||||
|
||||
/*
|
||||
* Values that are generated, temporary or calculated internally for a
|
||||
* "session handle" must be defined within the 'struct UrlState'. This struct
|
||||
* will be used within the Curl_easy struct. When the 'Curl_easy'
|
||||
* struct is cloned, this data MUST NOT be copied.
|
||||
*
|
||||
* Remember that any "state" information goes globally for the curl handle.
|
||||
* Session-data MUST be put in the connectdata struct and here. */
|
||||
#define MAX_CURL_USER_LENGTH 256
|
||||
#define MAX_CURL_PASSWORD_LENGTH 256
|
||||
|
||||
struct auth {
|
||||
unsigned long want; /* Bitmask set to the authentication methods wanted by
|
||||
app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
|
||||
|
@ -139,6 +139,7 @@ test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
|
||||
test1168 \
|
||||
\
|
||||
test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 \
|
||||
test1178 \
|
||||
\
|
||||
test1190 test1191 test1192 test1193 test1194 test1195 test1196 \
|
||||
\
|
||||
|
55
tests/data/test1178
Normal file
55
tests/data/test1178
Normal file
@ -0,0 +1,55 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
HTTP
|
||||
HTTP GET
|
||||
HTTP proxy
|
||||
</keywords>
|
||||
</info>
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<data>
|
||||
HTTP/1.1 200 OK
|
||||
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||
Server: test-server/fake swsclose
|
||||
Content-Type: text/html
|
||||
Funny-head: yesyes
|
||||
|
||||
</data>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
http
|
||||
</server>
|
||||
<name>
|
||||
HTTP proxy auth with credentials longer than 256 bytes
|
||||
</name>
|
||||
# 400 x 'A' : 600 x 'B' ...
|
||||
<command>
|
||||
http://%HOSTIP:%HTTPPORT/we/want/that/page/1178 -x http://%HOSTIP:%HTTPPORT -U AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
|
||||
</command>
|
||||
<features>
|
||||
proxy
|
||||
</features>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<strip>
|
||||
^User-Agent:.*
|
||||
</strip>
|
||||
<protocol>
|
||||
GET http://%HOSTIP:%HTTPPORT/we/want/that/page/1178 HTTP/1.1
|
||||
Host: %HOSTIP:%HTTPPORT
|
||||
Proxy-Authorization: Basic QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTpCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkI=
|
||||
Accept: */*
|
||||
Proxy-Connection: Keep-Alive
|
||||
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
Loading…
Reference in New Issue
Block a user