netrc quoting passwords with spaces are not handled properly #8908
Comments
|
According to whom? some sources clearly say passwords in .netrc cannot have space. The .netrc format is wonderfully weakly specified (== not at all). |
|
commandline ftp , perl and wget (which I am using since ages) seem to support it well at least unofficially: |
|
I suppose the worst thing is that if we introduce this way of accepting quoted strings, we risk breaking existing scripts/command lines out there that rely on the existing parsing logic. Someone on IRC the other day used another tool (fetchmail iirc) that accepts double-quotes as escape letters in .netrc files, making All in all, it seems more or less impossible to make a single netrc parser that supports all of these different flavors and dialects. Quite annoying. |
The .netrc parser now accepts strings within double-quotes in order to deal with for example passwords containing white space - which previously was not possible. A password that starts with a double-quote also ends with one, and double-quotes themselves are escaped with backslashes, like \". It also supports \n, \r and \t for newine, carriage return and tabs respectively. If the password does not start with a double quote, it will end at first whitespace and no escaping is performed. WARNING: this change is not entirely backwards compatible. If anyone previously used a double-quote as the first letter of their password, the parser will now get it differently compared to before. This is highly unfortunate but hard to avoid. Reported-by: ImpatientHippo on GitHub Fixes #8908
The .netrc parser now accepts strings within double-quotes in order to deal with for example passwords containing white space - which previously was not possible. A password that starts with a double-quote also ends with one, and double-quotes themselves are escaped with backslashes, like \". It also supports \n, \r and \t for newline, carriage return and tabs respectively. If the password does not start with a double quote, it will end at first white space and no escaping is performed. WARNING: this change is not entirely backwards compatible. If anyone previously used a double-quote as the first letter of their password, the parser will now get it differently compared to before. This is highly unfortunate but hard to avoid. Reported-by: ImpatientHippo on GitHub Fixes #8908
The .netrc parser now accepts strings within double-quotes in order to deal with for example passwords containing white space - which previously was not possible. A password that starts with a double-quote also ends with one, and double-quotes themselves are escaped with backslashes, like \". It also supports \n, \r and \t for newline, carriage return and tabs respectively. If the password does not start with a double quote, it will end at first white space and no escaping is performed. WARNING: this change is not entirely backwards compatible. If anyone previously used a double-quote as the first letter of their password, the parser will now get it differently compared to before. This is highly unfortunate but hard to avoid. Reported-by: ImpatientHippo on GitHub Fixes #8908 Closes #8937
.netrc contains
machine somehost login user password "super secret"curl http://somehostshould send Auth Header
Authorization: Basic base64(user:super secret)but it sends:
Authorization: Basic base64(user:"super)Happens on ubuntu 22.04 curl 7.81.0
The text was updated successfully, but these errors were encountered: