cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: authentification fail with password larger than 127 char

From: Jean Jacques Drouin <jean-jacques.drouin_at_capgemini.com>
Date: Fri, 16 Dec 2005 17:57:48 +0100

OK,
I've tried your patch and it works fine.
(I'm using winXP, so modified url.c and compiled eveything with Visual C++
6)
Thanks a lot, Daniel.

----- Original Message -----
From: "Daniel Stenberg" <daniel_at_haxx.se>
To: "the curl tool" <curl-users_at_cool.haxx.se>
Sent: Friday, December 16, 2005 3:49 PM
Subject: Re: authentification fail with password larger than 127 char

> On Fri, 16 Dec 2005, Daniel Stenberg wrote:
>
>> Yes indeed, the current code seems to restrict the length to 127 bytes.
>> It is actually a plain mistake since it keeps a buffer to store up to 255
>> bytes...
>
> Try this patch to increase the user and password size limits to 255:
>
> --- lib/url.c 6 Dec 2005 23:05:51 -0000 1.484
> +++ lib/url.c 16 Dec 2005 14:48:31 -0000
> @@ -3166,12 +3166,13 @@
>
> if(*userpass != ':') {
> /* the name is given, get user+password */
> - sscanf(userpass, "%127[^:@]:%127[^@]",
> + sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
> + "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
> user, passwd);
> }
> else
> /* no name given, get the password only */
> - sscanf(userpass, ":%127[^@]", passwd);
> + sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
> passwd);
>
> if(user[0]) {
> char *newname=curl_unescape(user, 0);
>
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
Received on 2005-12-16