char proxyuser[MAX_CURL_USER_LENGTH]="";
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
- sscanf(data->set.proxyuserpwd, "%127[^:]:%127[^\n]",
+ sscanf(data->set.proxyuserpwd,
+ "%" MAX_CURL_USER_LENGTH_TXT "[^:]:"
+ "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]",
proxyuser, proxypasswd);
conn->proxyuser = strdup(proxyuser);
*/
if (data->set.userpwd != NULL) {
/* the name is given, get user+password */
- sscanf(data->set.userpwd, "%127[^:]:%127[^\n]",
+ sscanf(data->set.userpwd,
+ "%" MAX_CURL_USER_LENGTH_TXT "[^:]:"
+ "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^\n]",
user, passwd);
}
}
/* If our protocol needs a password and we have none, use the defaults */
- if ( (conn->protocol & (PROT_FTP|PROT_HTTP)) &&
+ if ( (conn->protocol & PROT_FTP) &&
!conn->bits.user_passwd) {
- strcpy(user, CURL_DEFAULT_USER);
- strcpy(passwd, CURL_DEFAULT_PASSWORD);
+ conn->user = strdup(CURL_DEFAULT_USER);
+ conn->passwd = strdup(CURL_DEFAULT_PASSWORD);
/* This is the default password, so DON'T set conn->bits.user_passwd */
}
-
- /* store user + password */
- conn->user = strdup(user);
- conn->passwd = strdup(passwd);
+ else {
+ /* store user + password */
+ conn->user = user[0]?strdup(user):NULL;
+ conn->passwd = passwd[0]?strdup(passwd):NULL;
+ }
/*************************************************************
* Check the current list of connections to see if we can
otherwise */
conn->maxdownload = -1; /* might have been used previously! */
- free(old_conn->user);
- free(old_conn->passwd);
+ Curl_safefree(old_conn->user);
+ Curl_safefree(old_conn->passwd);
Curl_safefree(old_conn->proxyuser);
Curl_safefree(old_conn->proxypasswd);