cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: authentification fail with password larger than 127 char

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 16 Dec 2005 15:49:37 +0100 (CET)

On Fri, 16 Dec 2005, Daniel Stenberg wrote:

> Yes indeed, the current code seems to restrict the length to 127 bytes. It
> is actually a plain mistake since it keeps a buffer to store up to 255
> bytes...

Try this patch to increase the user and password size limits to 255:

--- lib/url.c 6 Dec 2005 23:05:51 -0000 1.484
+++ lib/url.c 16 Dec 2005 14:48:31 -0000
@@ -3166,12 +3166,13 @@

          if(*userpass != ':') {
            /* the name is given, get user+password */
- sscanf(userpass, "%127[^:@]:%127[^@]",
+ sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+ "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
                   user, passwd);
          }
          else
            /* no name given, get the password only */
- sscanf(userpass, ":%127[^@]", passwd);
+ sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd);

          if(user[0]) {
            char *newname=curl_unescape(user, 0);

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2005-12-16