-
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
netrc quoting passwords with spaces are not handled properly #8908
Comments
According to whom? some sources clearly say passwords in .netrc cannot have space. The .netrc format is wonderfully weakly specified (== not at all). |
commandline ftp , perl and wget (which I am using since ages) seem to support it well at least unofficially: |
I suppose the worst thing is that if we introduce this way of accepting quoted strings, we risk breaking existing scripts/command lines out there that rely on the existing parsing logic. Someone on IRC the other day used another tool (fetchmail iirc) that accepts double-quotes as escape letters in .netrc files, making All in all, it seems more or less impossible to make a single netrc parser that supports all of these different flavors and dialects. Quite annoying. |
The .netrc parser now accepts strings within double-quotes in order to deal with for example passwords containing white space - which previously was not possible. A password that starts with a double-quote also ends with one, and double-quotes themselves are escaped with backslashes, like \". It also supports \n, \r and \t for newline, carriage return and tabs respectively. If the password does not start with a double quote, it will end at first white space and no escaping is performed. WARNING: this change is not entirely backwards compatible. If anyone previously used a double-quote as the first letter of their password, the parser will now get it differently compared to before. This is highly unfortunate but hard to avoid. Reported-by: ImpatientHippo on GitHub Fixes #8908 Closes #8937
.netrc contains
machine somehost login user password "super secret"
curl http://somehost
should send Auth Header
Authorization: Basic base64(user:super secret)
but it sends:
Authorization: Basic base64(user:"super)
Happens on ubuntu 22.04 curl 7.81.0
The text was updated successfully, but these errors were encountered: