From 96b1e40d56ea25e3ad860ecfa9a25dc84247387c Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Mon, 13 Aug 2012 17:27:05 +0200
Subject: make netrc parser more robust and parser biger login tokens, thanks
 to "TJ" (LP: #1008289)

---
 apt-pkg/contrib/netrc.cc | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index cb7d36088..43abc62ce 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -15,6 +15,7 @@
 
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/strutl.h>
+#include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 
 #include <iostream>
@@ -39,8 +40,8 @@ enum {
 };
 
 /* make sure we have room for at least this size: */
-#define LOGINSIZE 64
-#define PASSWORDSIZE 64
+#define LOGINSIZE 1024
+#define PASSWORDSIZE 1024
 #define NETRC DOT_CHAR "netrc"
 
 /* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
@@ -123,11 +124,21 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
             if (specific_login)
               state_our_login = !strcasecmp (login, tok);
             else
+            {
+              if (strlen(tok) > LOGINSIZE)
+                 _error->Error("login token too long %i (max: %i)", 
+                               strlen(tok), LOGINSIZE);
               strncpy (login, tok, LOGINSIZE - 1);
+            }
             state_login = 0;
           } else if (state_password) {
-            if (state_our_login || !specific_login)
+             if (state_our_login || !specific_login) 
+             {
+              if (strlen(tok) > PASSWORDSIZE)
+                 _error->Error("password token too long %i (max %i)", 
+                               strlen(tok), PASSWORDSIZE);
               strncpy (password, tok, PASSWORDSIZE - 1);
+             }
             state_password = 0;
           } else if (!strcasecmp ("login", tok))
             state_login = 1;
@@ -163,8 +174,8 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
   {
     if (NetRCFile.empty () == false)
     {
-      char login[64] = "";
-      char password[64] = "";
+      char login[LOGINSIZE] = "";
+      char password[PASSWORDSIZE] = "";
       char *netrcfile = strdup(NetRCFile.c_str());
 
       // first check for a generic host based netrc entry
-- 
cgit v1.2.3


From 7735ad0500b6fefef03b2a3dc2a6843e82353e94 Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Tue, 28 Aug 2012 11:44:26 +0200
Subject: apt-pkg/contrib/netrc.cc: use a slightly smaller login/password size

---
 apt-pkg/contrib/netrc.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 43abc62ce..06059dfc1 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -40,8 +40,8 @@ enum {
 };
 
 /* make sure we have room for at least this size: */
-#define LOGINSIZE 1024
-#define PASSWORDSIZE 1024
+#define LOGINSIZE 256
+#define PASSWORDSIZE 256
 #define NETRC DOT_CHAR "netrc"
 
 /* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
-- 
cgit v1.2.3