mirror of
https://github.com/moparisthebest/curl
synced 2024-11-16 14:35:03 -05:00
url: accept "any length" credentials for proxy auth
They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
This commit is contained in:
parent
96f52abf80
commit
ad829b21ae
@ -134,12 +134,17 @@ CURLcode Curl_urldecode(struct Curl_easy *data,
|
|||||||
char **ostring, size_t *olen,
|
char **ostring, size_t *olen,
|
||||||
bool reject_ctrl)
|
bool reject_ctrl)
|
||||||
{
|
{
|
||||||
size_t alloc = (length?length:strlen(string)) + 1;
|
size_t alloc;
|
||||||
char *ns = malloc(alloc);
|
char *ns;
|
||||||
size_t strindex = 0;
|
size_t strindex = 0;
|
||||||
unsigned long hex;
|
unsigned long hex;
|
||||||
CURLcode result = CURLE_OK;
|
CURLcode result = CURLE_OK;
|
||||||
|
|
||||||
|
DEBUGASSERT(string);
|
||||||
|
|
||||||
|
alloc = (length?length:strlen(string)) + 1;
|
||||||
|
ns = malloc(alloc);
|
||||||
|
|
||||||
if(!ns)
|
if(!ns)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
|
20
lib/url.c
20
lib/url.c
@ -2355,24 +2355,14 @@ static CURLcode parse_proxy(struct Curl_easy *data,
|
|||||||
static CURLcode parse_proxy_auth(struct Curl_easy *data,
|
static CURLcode parse_proxy_auth(struct Curl_easy *data,
|
||||||
struct connectdata *conn)
|
struct connectdata *conn)
|
||||||
{
|
{
|
||||||
char proxyuser[MAX_CURL_USER_LENGTH]="";
|
char *proxyuser = data->set.str[STRING_PROXYUSERNAME];
|
||||||
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
|
char *proxypasswd = data->set.str[STRING_PROXYPASSWORD];
|
||||||
CURLcode result;
|
CURLcode result = CURLE_OK;
|
||||||
|
|
||||||
if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
|
|
||||||
strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
|
|
||||||
MAX_CURL_USER_LENGTH);
|
|
||||||
proxyuser[MAX_CURL_USER_LENGTH-1] = '\0'; /*To be on safe side*/
|
|
||||||
}
|
|
||||||
if(data->set.str[STRING_PROXYPASSWORD] != NULL) {
|
|
||||||
strncpy(proxypasswd, data->set.str[STRING_PROXYPASSWORD],
|
|
||||||
MAX_CURL_PASSWORD_LENGTH);
|
|
||||||
proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
|
|
||||||
}
|
|
||||||
|
|
||||||
|
if(proxyuser)
|
||||||
result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
|
result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
|
||||||
FALSE);
|
FALSE);
|
||||||
if(!result)
|
if(!result && proxypasswd)
|
||||||
result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd,
|
result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd,
|
||||||
NULL, FALSE);
|
NULL, FALSE);
|
||||||
return result;
|
return result;
|
||||||
|
@ -1228,17 +1228,6 @@ typedef enum {
|
|||||||
RTSPREQ_LAST /* last in list */
|
RTSPREQ_LAST /* last in list */
|
||||||
} Curl_RtspReq;
|
} Curl_RtspReq;
|
||||||
|
|
||||||
/*
|
|
||||||
* Values that are generated, temporary or calculated internally for a
|
|
||||||
* "session handle" must be defined within the 'struct UrlState'. This struct
|
|
||||||
* will be used within the Curl_easy struct. When the 'Curl_easy'
|
|
||||||
* struct is cloned, this data MUST NOT be copied.
|
|
||||||
*
|
|
||||||
* Remember that any "state" information goes globally for the curl handle.
|
|
||||||
* Session-data MUST be put in the connectdata struct and here. */
|
|
||||||
#define MAX_CURL_USER_LENGTH 256
|
|
||||||
#define MAX_CURL_PASSWORD_LENGTH 256
|
|
||||||
|
|
||||||
struct auth {
|
struct auth {
|
||||||
unsigned long want; /* Bitmask set to the authentication methods wanted by
|
unsigned long want; /* Bitmask set to the authentication methods wanted by
|
||||||
app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
|
app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
|
||||||
|
@ -139,6 +139,7 @@ test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
|
|||||||
test1168 \
|
test1168 \
|
||||||
\
|
\
|
||||||
test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 \
|
test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 \
|
||||||
|
test1178 \
|
||||||
\
|
\
|
||||||
test1190 test1191 test1192 test1193 test1194 test1195 test1196 \
|
test1190 test1191 test1192 test1193 test1194 test1195 test1196 \
|
||||||
\
|
\
|
||||||
|
55
tests/data/test1178
Normal file
55
tests/data/test1178
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
HTTP
|
||||||
|
HTTP GET
|
||||||
|
HTTP proxy
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<data>
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake swsclose
|
||||||
|
Content-Type: text/html
|
||||||
|
Funny-head: yesyes
|
||||||
|
|
||||||
|
</data>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
http
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
HTTP proxy auth with credentials longer than 256 bytes
|
||||||
|
</name>
|
||||||
|
# 400 x 'A' : 600 x 'B' ...
|
||||||
|
<command>
|
||||||
|
http://%HOSTIP:%HTTPPORT/we/want/that/page/1178 -x http://%HOSTIP:%HTTPPORT -U AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
|
||||||
|
</command>
|
||||||
|
<features>
|
||||||
|
proxy
|
||||||
|
</features>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<strip>
|
||||||
|
^User-Agent:.*
|
||||||
|
</strip>
|
||||||
|
<protocol>
|
||||||
|
GET http://%HOSTIP:%HTTPPORT/we/want/that/page/1178 HTTP/1.1
|
||||||
|
Host: %HOSTIP:%HTTPPORT
|
||||||
|
Proxy-Authorization: Basic QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTpCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkI=
|
||||||
|
Accept: */*
|
||||||
|
Proxy-Connection: Keep-Alive
|
||||||
|
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
Loading…
Reference in New Issue
Block a user