diff -rup netkit-ftp-0.17/ftp/ruserpass.c netkit-ftp-0.17-new/ftp/ruserpass.c
--- netkit-ftp-0.17/ftp/ruserpass.c 2012-10-29 15:11:10.593841089 +0100
+++ netkit-ftp-0.17-new/ftp/ruserpass.c 2012-10-29 15:13:14.379822697 +0100
@@ -58,7 +58,8 @@ static int token(void);
#define ID 10
#define MACH 11
-static char tokval[100];
+#define MAXTOKENLEN 4096
+static char tokval[MAXTOKENLEN];
static struct toktab {
const char *tokstr;
@@ -249,13 +250,16 @@ bad:
return(-1);
}
-static
+static
int
token(void)
{
char *cp;
int c;
struct toktab *t;
+ size_t toklen = 0;
+ int showwarn = 1;
+ int quote = 0;
if (feof(cfile))
return (0);
@@ -266,20 +270,32 @@ token(void)
return (0);
cp = tokval;
if (c == '"') {
- while ((c = getc(cfile)) != EOF && c != '"') {
- if (c == '\\')
- c = getc(cfile);
- *cp++ = c;
- }
- } else {
+ quote = 1;
+ }
+ else {
*cp++ = c;
- while ((c = getc(cfile)) != EOF
- && c != '\n' && c != '\t' && c != ' ' && c != ',') {
- if (c == '\\')
- c = getc(cfile);
- *cp++ = c;
+ toklen++;
+ }
+ while ((c = getc(cfile)) != EOF) {
+ if (c == '"')
+ break;
+ if (c == '\\')
+ c = getc(cfile);
+ if (!quote && (c == '\n' || c == '\t' || c == ' ' || c == ','))
+ break;
+ if (toklen >= MAXTOKENLEN) {
+ if (showwarn) {
+ fprintf(stderr,
+ "Warning: .netrc token too long, will be trunctated to %zd characters\n",
+ toklen);
+ showwarn = 0;
+ }
+ continue;
}
+ *cp++ = c;
+ toklen++;
}
+
*cp = 0;
if (tokval[0] == 0)
return (0);