mirror of
https://github.com/moparisthebest/curl
synced 2024-11-10 11:35:07 -05:00
36585b5395
libcurl truncates usernames and passwords it reads from .netrc to LOGINSIZE and PASSWORDSIZE (64) characters without any indication to the user, to ensure the values returned from Curl_parsenetrc fit in a caller-provided buffer. Fix the interface by passing back dynamically allocated buffers allocated to fit the user's input. The parser still relies on a 256-character buffer to read each line, though. So now you can include an ~246-character password in your .netrc, instead of the previous limit of 63 characters. Reported-by: Colby Ranger
152 lines
5.2 KiB
C
152 lines
5.2 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
#include "curlcheck.h"
|
|
|
|
#include "netrc.h"
|
|
|
|
static char *login;
|
|
static char *password;
|
|
static char filename[64];
|
|
|
|
static CURLcode unit_setup(void)
|
|
{
|
|
password = strdup("");
|
|
login = strdup("");
|
|
return CURLE_OK;
|
|
}
|
|
|
|
static void unit_stop(void)
|
|
{
|
|
}
|
|
|
|
UNITTEST_START
|
|
int result;
|
|
|
|
static const char* filename1 = "log/netrc1304";
|
|
memcpy(filename, filename1, strlen(filename1));
|
|
|
|
/*
|
|
* Test a non existent host in our netrc file.
|
|
*/
|
|
result = Curl_parsenetrc("test.example.com", &login, &password, filename);
|
|
fail_unless(result == 1, "Host not found should return 1");
|
|
fail_unless(password[0] == 0, "password should not have been changed");
|
|
fail_unless(login[0] == 0, "login should not have been changed");
|
|
|
|
/*
|
|
* Test a non existent login in our netrc file.
|
|
*/
|
|
free(login);
|
|
login = strdup("me");
|
|
result = Curl_parsenetrc("example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should be found");
|
|
fail_unless(password[0] == 0, "password should not have been changed");
|
|
fail_unless(strncmp(login, "me", 2) == 0, "login should not have been changed");
|
|
|
|
/*
|
|
* Test a non existent login and host in our netrc file.
|
|
*/
|
|
free(login);
|
|
login = strdup("me");
|
|
result = Curl_parsenetrc("test.example.com", &login, &password, filename);
|
|
fail_unless(result == 1, "Host should be found");
|
|
fail_unless(password[0] == 0, "password should not have been changed");
|
|
fail_unless(strncmp(login, "me", 2) == 0, "login should not have been changed");
|
|
|
|
/*
|
|
* Test a non existent login (substring of an existing one) in our
|
|
* netrc file.
|
|
*/
|
|
free(login);
|
|
login = strdup("admi");
|
|
result = Curl_parsenetrc("example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should be found");
|
|
fail_unless(password[0] == 0, "password should not have been changed");
|
|
fail_unless(strncmp(login, "admi", 4) == 0, "login should not have been changed");
|
|
|
|
/*
|
|
* Test a non existent login (superstring of an existing one)
|
|
* in our netrc file.
|
|
*/
|
|
free(login);
|
|
login = strdup("adminn");
|
|
result = Curl_parsenetrc("example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should be found");
|
|
fail_unless(password[0] == 0, "password should not have been changed");
|
|
fail_unless(strncmp(login, "adminn", 6) == 0, "login should not have been changed");
|
|
|
|
/*
|
|
* Test for the first existing host in our netrc file
|
|
* with login[0] = 0.
|
|
*/
|
|
free(login);
|
|
login = strdup("");
|
|
result = Curl_parsenetrc("example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should have been found");
|
|
fail_unless(strncmp(password, "passwd", 6) == 0,
|
|
"password should be 'passwd'");
|
|
fail_unless(strncmp(login, "admin", 5) == 0, "login should be 'admin'");
|
|
|
|
/*
|
|
* Test for the first existing host in our netrc file
|
|
* with login[0] != 0.
|
|
*/
|
|
free(password);
|
|
password = strdup("");
|
|
result = Curl_parsenetrc("example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should have been found");
|
|
fail_unless(strncmp(password, "passwd", 6) == 0,
|
|
"password should be 'passwd'");
|
|
fail_unless(strncmp(login, "admin", 5) == 0, "login should be 'admin'");
|
|
|
|
/*
|
|
* Test for the second existing host in our netrc file
|
|
* with login[0] = 0.
|
|
*/
|
|
free(password);
|
|
password = strdup("");
|
|
free(login);
|
|
login = strdup("");
|
|
result = Curl_parsenetrc("curl.example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should have been found");
|
|
fail_unless(strncmp(password, "none", 4) == 0,
|
|
"password should be 'none'");
|
|
fail_unless(strncmp(login, "none", 4) == 0, "login should be 'none'");
|
|
|
|
/*
|
|
* Test for the second existing host in our netrc file
|
|
* with login[0] != 0.
|
|
*/
|
|
free(password);
|
|
password = strdup("");
|
|
result = Curl_parsenetrc("curl.example.com", &login, &password, filename);
|
|
fail_unless(result == 0, "Host should have been found");
|
|
fail_unless(strncmp(password, "none", 4) == 0,
|
|
"password should be 'none'");
|
|
fail_unless(strncmp(login, "none", 4) == 0, "login should be 'none'");
|
|
|
|
/* TODO:
|
|
* Test over the size limit password / login!
|
|
* Test files with a bad format
|
|
*/
|
|
UNITTEST_STOP
|