Commit 49184c37 authored by Steve Holme's avatar Steve Holme
Browse files

url: Added bounds checking to parse_login_details() 

Added bounds checking when searching for the separator characters within
the login string as this string may not be NULL terminated (For example
it is the login part of a URL). We do this in preference to allocating a
new string to copy the login details into which could then be passed to
parse_login_details() for performance reasons.
parent cc7f6a2d

lib/url.c

+12 −2
Original line number Diff line number Diff line
@@ -4482,13 +4482,23 @@ static CURLcode parse_login_details(const char *login, const size_t len, 
  size_t olen;



  /* Attempt to find the password separator */

  if(passwdp)

  if(passwdp) {

    psep = strchr(login, ':');



    /* Within the constraint of the login string */

    if(psep >= login + len)

      psep = NULL;

  }



  /* Attempt to find the options separator */

  if(optionsp)

  if(optionsp) {

    osep = strchr(login, ';');



    /* Within the constraint of the login string */

    if(osep >= login + len)

      osep = NULL;

  }



  /* Calculate the portion lengths */

  ulen = (psep ?

          (size_t)(osep && psep > osep ? osep - login : psep - login) :