From ddac43b38e3fd923b71554126652b05e034d6900 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 21 Apr 2013 18:29:33 +0100
Subject: [PATCH] url: Fixed missing length check in parse_proxy()

Commit 11332577b3cb removed the length check that was performed by the
old scanf() code.
---
 lib/url.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/url.c b/lib/url.c
index 50b00e783..b43829220 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4208,7 +4208,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
          username or password with reserved characters like ':' in
          them. */
       Curl_safefree(conn->proxyuser);
-      if(proxyuser)
+      if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
         conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
       else
         conn->proxyuser = strdup("");
@@ -4217,7 +4217,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
         res = CURLE_OUT_OF_MEMORY;
       else {
         Curl_safefree(conn->proxypasswd);
-        if(proxypasswd)
+        if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
           conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
         else
           conn->proxypasswd = strdup("");