cURL / Mailing Lists / curl-library / Single Mail


[PATCH v2 0/7] Re: Bug: libcurl truncates passwords longer than 255

From: Jonathan Nieder <>
Date: Tue, 20 Aug 2013 00:43:53 -0700

Jonathan Nieder wrote:

> The series is pretty much as before. Changes since the rough draft:

Thanks again for your help. Here's a new version that uses aprintf
(thanks!) and uses Curl_safefree whenever they add a new free() of a
pointer that is not assigned some other value on the next line.

The patches are also attached here for easy reference.

Jonathan Nieder (7):
  sasl: allow arbitrarily long username and password
  url: use goto in create_conn() for exception handling
  url: allocate username, password, and options on the heap
  netrc: handle longer username and password
  Curl_setopt: handle arbitrary-length username and password
  url: handle exceptional cases first in parse_url_login()
  url: handle arbitrary-length username and password before '@'

 lib/curl_sasl.c | 25 +++--
 lib/netrc.c | 20 ++--
 lib/netrc.h | 16 ++--
 lib/url.c | 251 ++++++++++++++++++++++++++++----------------------
 lib/urldata.h | 1 -
 tests/unit/unit1304.c | 53 ++++++-----
 6 files changed, 205 insertions(+), 161 deletions(-)

List admin:

Received on 2013-08-20