From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 12 May 2020 22:52:34 +0000 (+0200)
Subject: url: reject too long input when parsing credentials
X-Git-Tag: curl-7_71_0~166
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1f3f3a14f678a8469ffd2d032fa1a237a6aad98;p=thirdparty%2Fcurl.git

url: reject too long input when parsing credentials

Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.

Reported-by: Thomas Bouzerar
Closes #5383
---

diff --git a/lib/url.c b/lib/url.c
index d0e60d2ea8..ce94bac05c 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2586,6 +2586,12 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len,
   size_t plen;
   size_t olen;
 
+  /* the input length check is because this is called directcly from setopt
+     and isn't going through the regular string length check */
+  size_t llen = strlen(login);
+  if(llen > CURL_MAX_INPUT_LENGTH)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
   /* Attempt to find the password separator */
   if(passwdp) {
     psep = strchr(login, ':');