Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handling of .netrc entries with username / password longer than 128 characters broken in 8.11.0 #15513

Closed
moha-gh opened this issue Nov 7, 2024 · 1 comment
Assignees

Comments

@moha-gh
Copy link

moha-gh commented Nov 7, 2024

I did this

Following the update to 8.11.0, we are seeing .netrc parser errors, similar to what is reported in #15496. The fix for that issue however did not work for us. We've narrowed to issue down to entries with usernames and/or passwords that are longer than 128 characters (short-lived tokens in our case).

Root cause seems to be https://github.com/curl/curl/blame/3b43a05e000aa8f65bda513f733a73fefe35d5ca/lib/netrc.c#L115C25-L115C40, which reduced the maximum token size from 4096 (https://github.com/curl/curl/blame/962097b8dd44ed5b9e7984bc1cdffdbdd566857f/lib/netrc.c#L86C10-L86C10) to 128.

I expected the following

.netrc files with longer passwords / usernames are parsed correctly.

curl/libcurl version

curl 8.11.0 (x86_64-alpine-linux-musl) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 c-ares/1.33.1 libidn2/2.3.7 libpsl/0.21.5 nghttp2/1.62.1
Release-Date: 2024-11-06
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM PSL SSL threadsafe TLS-SRP UnixSockets zstd

operating system

Alpine Linux 3.20

@moha-gh
Copy link
Author

moha-gh commented Nov 8, 2024

@bagder : Thanks a lot for the quick fix ❤️

ZhongRuoyu added a commit to Homebrew/homebrew-core that referenced this issue Nov 8, 2024
The next curl release is not taking place soon [1] so let's backport
another fix that affects some users [2] [3].

[1]: https://lists.haxx.se/pipermail/daniel/2024-November/000089.html
[2]: curl/curl#15513
[3]: Homebrew/brew#18726 (comment)
ZhongRuoyu added a commit to Homebrew/homebrew-core that referenced this issue Nov 8, 2024
The next curl release is not taking place soon [1] so let's backport
another fix that affects some users [2] [3].

The existing netrc parsing patch is updated to the version on master.
The previous one was taken from the in-progress pull request.

[1]: https://lists.haxx.se/pipermail/daniel/2024-November/000089.html
[2]: curl/curl#15513
[3]: Homebrew/brew#18726 (comment)
orgads added a commit to orgads/MINGW-packages that referenced this issue Nov 11, 2024
lazka pushed a commit to msys2/MINGW-packages that referenced this issue Nov 11, 2024
dscho pushed a commit to dscho/MINGW-packages that referenced this issue Nov 14, 2024
See curl/curl#15496
and curl/curl#15513

Cherry-picked from 8b1c7bd (curl: Fix regression reading netrc,
2024-11-11) in msys2/MINGW-packages.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
bell-sw pushed a commit to bell-sw/alpaquita-aports that referenced this issue Nov 15, 2024
ognevny pushed a commit to ognevny/MINGW-packages that referenced this issue Nov 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging a pull request may close this issue.

2 participants