diff -rup netkit-ftp-0.17/ftp/ruserpass.c netkit-ftp-0.17-new/ftp/ruserpass.c

--- netkit-ftp-0.17/ftp/ruserpass.c	2012-10-29 15:11:10.593841089 +0100

+++ netkit-ftp-0.17-new/ftp/ruserpass.c	2012-10-29 15:13:14.379822697 +0100

@@ -58,7 +58,8 @@ static int token(void);

 #define	ID	10

 #define	MACH	11

-static char tokval[100];

+#define MAXTOKENLEN 4096

+static char tokval[MAXTOKENLEN];

 static struct toktab {

 	const char *tokstr;

@@ -249,13 +250,16 @@ bad:

 	return(-1);

 }

-static 

+static

 int

 token(void)

 {

 	char *cp;

 	int c;

 	struct toktab *t;

+	size_t toklen = 0;

+	int showwarn = 1;

+	int quote = 0;

 	if (feof(cfile))

 		return (0);

@@ -266,20 +270,32 @@ token(void)

 		return (0);

 	cp = tokval;

 	if (c == '"') {

-		while ((c = getc(cfile)) != EOF && c != '"') {

-			if (c == '\\')

-				c = getc(cfile);

-			*cp++ = c;

-		}

-	} else {

+		quote = 1;

+	}

+	else {

 		*cp++ = c;

-		while ((c = getc(cfile)) != EOF

-		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {

-			if (c == '\\')

-				c = getc(cfile);

-			*cp++ = c;

+		toklen++;

+	}

+	while ((c = getc(cfile)) != EOF) {

+		if (c == '"')

+			break;

+		if (c == '\\')

+			c = getc(cfile);

+		if (!quote && (c == '\n' || c == '\t' || c == ' ' || c == ','))

+			break;

+		if (toklen >= MAXTOKENLEN) {

+			if (showwarn) {

+				fprintf(stderr,

+						"Warning: .netrc token too long, will be trunctated to %zd characters\n",

+						toklen);

+				showwarn = 0;

+			}

+			continue;

 		}

+		*cp++ = c;

+		toklen++;

 	}

+

 	*cp = 0;

 	if (tokval[0] == 0)

 		return (0);