X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/777b4ac6882b40f63f1aa9b6f4da78b8fdc56cbe..e74ff795d39894268c737c4b1864869dadb74ed1:/apt-pkg/contrib/netrc.cc

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index d8027fc24..2321ef063 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -11,9 +11,13 @@
 
    ##################################################################### */
 									/*}}}*/
+#include <config.h>
 
 #include <apt-pkg/configuration.h>
+#include <apt-pkg/strutl.h>
+#include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
+
 #include <iostream>
 #include <stdio.h>
 #include <stdlib.h>
@@ -23,6 +27,7 @@
 
 #include "netrc.h"
 
+using std::string;
 
 /* Get user and password from .netrc when given a machine name */
 
@@ -35,8 +40,8 @@ enum {
 };
 
 /* make sure we have room for at least this size: */
-#define LOGINSIZE 64
-#define PASSWORDSIZE 64
+#define LOGINSIZE 256
+#define PASSWORDSIZE 256
 #define NETRC DOT_CHAR "netrc"
 
 /* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
@@ -47,10 +52,7 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
   int specific_login = (login[0] != 0);
   char *home = NULL;
   bool netrc_alloc = false;
-  int state = NOTHING;
 
-  char state_login = 0;        /* Found a login keyword */
-  char state_password = 0;     /* Found a password keyword */
   int state_our_login = false;  /* With specific_login,
                                    found *our* login name */
 
@@ -67,8 +69,7 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
     if (!home)
       return -1;
 
-    asprintf (&netrcfile, "%s%s%s", home, DIR_CHAR, NETRC);
-    if(!netrcfile)
+    if (asprintf (&netrcfile, "%s%s%s", home, DIR_CHAR, NETRC) == -1 || netrcfile == NULL)
       return -1;
     else
       netrc_alloc = true;
@@ -81,6 +82,10 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
     bool done = false;
     char netrcbuffer[256];
 
+    int state = NOTHING;
+    char state_login = 0;        /* Found a login keyword */
+    char state_password = 0;     /* Found a password keyword */
+
     while (!done && fgets(netrcbuffer, sizeof (netrcbuffer), file)) {
       tok = strtok_r (netrcbuffer, " \t\n", &tok_buf);
       while (!done && tok) {
@@ -118,11 +123,21 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
             if (specific_login)
               state_our_login = !strcasecmp (login, tok);
             else
+            {
+              if (strlen(tok) > LOGINSIZE)
+                 _error->Error("login token too long %i (max: %i)", 
+                               strlen(tok), LOGINSIZE);
               strncpy (login, tok, LOGINSIZE - 1);
+            }
             state_login = 0;
           } else if (state_password) {
-            if (state_our_login || !specific_login)
+             if (state_our_login || !specific_login) 
+             {
+              if (strlen(tok) > PASSWORDSIZE)
+                 _error->Error("password token too long %i (max %i)", 
+                               strlen(tok), PASSWORDSIZE);
               strncpy (password, tok, PASSWORDSIZE - 1);
+             }
             state_password = 0;
           } else if (!strcasecmp ("login", tok))
             state_login = 1;
@@ -158,12 +173,12 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
   {
     if (NetRCFile.empty () == false)
     {
-      char login[64] = "";
-      char password[64] = "";
-      char *netrcfile = strdupa (NetRCFile.c_str ());
+      char login[LOGINSIZE] = "";
+      char password[PASSWORDSIZE] = "";
+      char *netrcfile = strdup(NetRCFile.c_str());
 
       // first check for a generic host based netrc entry
-      char *host = strdupa (Uri.Host.c_str ());
+      char *host = strdup(Uri.Host.c_str());
       if (host && parsenetrc (host, login, password, netrcfile) == 0)
       {
 	 if (_config->FindB("Debug::Acquire::netrc", false) == true)
@@ -173,13 +188,16 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
 		      << std::endl;
         Uri.User = string (login);
         Uri.Password = string (password);
+	free(netrcfile);
+	free(host);
 	return;
       }
+      free(host);
 
       // if host did not work, try Host+Path next, this will trigger
       // a lookup uri.startswith(host) in the netrc file parser (because
       // of the "/"
-      char *hostpath = strdupa (string(Uri.Host+Uri.Path).c_str ());
+      char *hostpath = strdup(string(Uri.Host+Uri.Path).c_str());
       if (hostpath && parsenetrc (hostpath, login, password, netrcfile) == 0)
       {
 	 if (_config->FindB("Debug::Acquire::netrc", false) == true)
@@ -189,8 +207,9 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
 		      << std::endl;
 	 Uri.User = string (login);
 	 Uri.Password = string (password);
-	 return;
       }
+      free(netrcfile);
+      free(hostpath);
     }
   }
 }