Hi,

I use curl in my backup scripts to upload an encrypted tarball to an ftp server.
 The tarball gets piped in on stdin, so it's not useful to use -K - to set the
ftp username and password. There's a single config file for the whole
collection of scripts that do the work, so it's not convenient to keep the
username:password in a separate file that curl can parse.

So, here's a simple patch that wipes out the username:password argument after
it's been copied by the strdup in GetStr.

I know that nextarg isn't only coming from argv[], but because of the strdup, I
don't think that this is a big problem.

Thanks a lot,

Jamie

(apologies if my mailer fubars the diff)

*** /home/jaq/src/curl/curl-7.10.2.orig/src/main.c Sat Nov 16 01:15:28 2002
--- /home/jaq/src/curl/curl-7.10.2/src/main.c Mon Jan 13 18:08:50 2003
***************
*** 1616,1621 ****
--- 1616,1631 ----
      case 'u':
        /* user:password */
        GetStr(&config->userpwd, nextarg);
+ /* now that GetStr has copied the contents of nextarg, wipe the next
+ * argument out so that the username:password isn't displayed in the
+ * system process list */
+ if (nextarg) {
+ size_t len;
+
+ len = strlen(nextarg);
+ while (len)
+ nextarg[--len] = ' ';
+ }
        break;
      case 'U':
        /* Proxy user:password */

-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Received on 2003-01-13