From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 21 Apr 2013 17:29:33 +0000 (+0100)
Subject: url: Fixed missing length check in parse_proxy()
X-Git-Tag: curl-7_31_0~129
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ddac43b38e3fd923b71554126652b05e034d6900;p=thirdparty%2Fcurl.git

url: Fixed missing length check in parse_proxy()

Commit 11332577b3cb removed the length check that was performed by the
old scanf() code.
---

diff --git a/lib/url.c b/lib/url.c
index 50b00e7833..b43829220e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4208,7 +4208,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
          username or password with reserved characters like ':' in
          them. */
       Curl_safefree(conn->proxyuser);
-      if(proxyuser)
+      if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
         conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
       else
         conn->proxyuser = strdup("");
@@ -4217,7 +4217,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
         res = CURLE_OUT_OF_MEMORY;
       else {
         Curl_safefree(conn->proxypasswd);
-        if(proxypasswd)
+        if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
           conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
         else
           conn->proxypasswd = strdup("");