From 54dcd2334220ad965ef81130ba8ddf90b30c987c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 4 Oct 2022 14:37:24 +0200 Subject: [PATCH] netrc: replace fgets with Curl_get_line Make the parser only accept complete lines and avoid problems with overly long lines. Reported-by: Hiroki Kurosawa Closes #9789 Upstream-commit: c97ec984fb2bc919a3aa863e0476dffa377b184c Signed-off-by: Kamil Dudka --- lib/curl_get_line.c | 6 +++--- lib/netrc.c | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c index 6a26bb2..22e3705 100644 --- a/lib/curl_get_line.c +++ b/lib/curl_get_line.c @@ -23,7 +23,7 @@ #include "curl_setup.h" #if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ - !defined(CURL_DISABLE_HSTS) + !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC) #include "curl_get_line.h" #include "curl_memory.h" @@ -31,8 +31,8 @@ #include "memdebug.h" /* - * get_line() makes sure to only return complete whole lines that fit in 'len' - * bytes and end with a newline. + * Curl_get_line() makes sure to only return complete whole lines that fit in + * 'len' bytes and end with a newline. */ char *Curl_get_line(char *buf, int len, FILE *input) { diff --git a/lib/netrc.c b/lib/netrc.c index 62a6a10..5d17482 100644 --- a/lib/netrc.c +++ b/lib/netrc.c @@ -31,6 +31,7 @@ #include "netrc.h" #include "strtok.h" #include "strcase.h" +#include "curl_get_line.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -84,7 +85,7 @@ static int parsenetrc(const char *host, char netrcbuffer[4096]; int netrcbuffsize = (int)sizeof(netrcbuffer); - while(!done && fgets(netrcbuffer, netrcbuffsize, file)) { + while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) { if(state == MACDEF) { if((netrcbuffer[0] == '\n') || (netrcbuffer[0] == '\r')) state = NOTHING; @@ -186,7 +187,7 @@ static int parsenetrc(const char *host, tok = strtok_r(NULL, " \t\n", &tok_buf); } /* while(tok) */ - } /* while fgets() */ + } /* while Curl_get_line() */ out: if(!retcode) { -- 2.37.3