From 223a92ca9da2efecefb200a828618747c0f5b03e Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 11 Sep 2011 15:27:57 -0400 Subject: dload: remove user:pass@ definition from hostname Signed-off-by: Dave Reisner --- lib/libalpm/dload.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 5ae02fc6..e786a3c0 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -123,7 +123,7 @@ static int curl_progress(void *file, double dltotal, double dlnow, static int curl_gethost(const char *url, char *buffer) { size_t hostlen; - char *p; + char *p, *q; if(strncmp(url, "file://", 7) == 0) { strcpy(buffer, _("disk")); @@ -134,6 +134,14 @@ static int curl_gethost(const char *url, char *buffer) } p += 2; /* jump over the found // */ hostlen = strcspn(p, "/"); + + /* there might be a user:pass@ on the URL. hide it. */ + q = memrchr(p, '@', hostlen); + if(q) { + hostlen -= q - p + 1; + p = q + 1; + } + if(hostlen > 255) { /* buffer overflow imminent */ return 1; -- cgit v1.2.3-70-g09d2