From 54dcd2334220ad965ef81130ba8ddf90b30c987c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 4 Oct 2022 14:37:24 +0200
Subject: [PATCH] netrc: replace fgets with Curl_get_line
Make the parser only accept complete lines and avoid problems with
overly long lines.
Reported-by: Hiroki Kurosawa
Closes #9789
Upstream-commit: c97ec984fb2bc919a3aa863e0476dffa377b184c
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/curl_get_line.c | 6 +++---
lib/netrc.c | 5 +++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c
index 6a26bb2..22e3705 100644
--- a/lib/curl_get_line.c
+++ b/lib/curl_get_line.c
@@ -25,7 +25,7 @@
#include "curl_setup.h"
#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \
- !defined(CURL_DISABLE_HSTS)
+ !defined(CURL_DISABLE_HSTS) || !defined(CURL_DISABLE_NETRC)
#include "curl_get_line.h"
#include "curl_memory.h"
@@ -33,8 +33,8 @@
#include "memdebug.h"
/*
- * get_line() makes sure to only return complete whole lines that fit in 'len'
- * bytes and end with a newline.
+ * Curl_get_line() makes sure to only return complete whole lines that fit in
+ * 'len' bytes and end with a newline.
*/
char *Curl_get_line(char *buf, int len, FILE *input)
{
diff --git a/lib/netrc.c b/lib/netrc.c
index 62a6a10..5d17482 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -33,6 +33,7 @@
#include "netrc.h"
#include "strtok.h"
#include "strcase.h"
+#include "curl_get_line.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -84,7 +85,7 @@ static int parsenetrc(const char *host,
char netrcbuffer[4096];
int netrcbuffsize = (int)sizeof(netrcbuffer);
- while(!done && fgets(netrcbuffer, netrcbuffsize, file)) {
+ while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) {
char *tok;
char *tok_end;
bool quoted;
@@ -243,7 +244,7 @@ static int parsenetrc(const char *host,
} /* switch (state) */
tok = ++tok_end;
}
- } /* while fgets() */
+ } /* while Curl_get_line() */
out:
if(!retcode) {
--
2.37.3