From 96b1e40d56ea25e3ad860ecfa9a25dc84247387c Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Mon, 13 Aug 2012 17:27:05 +0200
Subject: make netrc parser more robust and parser biger login tokens, thanks
 to "TJ" (LP: #1008289)

---
 apt-pkg/contrib/netrc.cc | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'apt-pkg/contrib/netrc.cc')

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index cb7d36088..43abc62ce 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -15,6 +15,7 @@
 
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/strutl.h>
+#include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 
 #include <iostream>
@@ -39,8 +40,8 @@ enum {
 };
 
 /* make sure we have room for at least this size: */
-#define LOGINSIZE 64
-#define PASSWORDSIZE 64
+#define LOGINSIZE 1024
+#define PASSWORDSIZE 1024
 #define NETRC DOT_CHAR "netrc"
 
 /* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
@@ -123,11 +124,21 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
             if (specific_login)
               state_our_login = !strcasecmp (login, tok);
             else
+            {
+              if (strlen(tok) > LOGINSIZE)
+                 _error->Error("login token too long %i (max: %i)", 
+                               strlen(tok), LOGINSIZE);
               strncpy (login, tok, LOGINSIZE - 1);
+            }
             state_login = 0;
           } else if (state_password) {
-            if (state_our_login || !specific_login)
+             if (state_our_login || !specific_login) 
+             {
+              if (strlen(tok) > PASSWORDSIZE)
+                 _error->Error("password token too long %i (max %i)", 
+                               strlen(tok), PASSWORDSIZE);
               strncpy (password, tok, PASSWORDSIZE - 1);
+             }
             state_password = 0;
           } else if (!strcasecmp ("login", tok))
             state_login = 1;
@@ -163,8 +174,8 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
   {
     if (NetRCFile.empty () == false)
     {
-      char login[64] = "";
-      char password[64] = "";
+      char login[LOGINSIZE] = "";
+      char password[PASSWORDSIZE] = "";
       char *netrcfile = strdup(NetRCFile.c_str());
 
       // first check for a generic host based netrc entry
-- 
cgit v1.2.3


From 7735ad0500b6fefef03b2a3dc2a6843e82353e94 Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Tue, 28 Aug 2012 11:44:26 +0200
Subject: apt-pkg/contrib/netrc.cc: use a slightly smaller login/password size

---
 apt-pkg/contrib/netrc.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apt-pkg/contrib/netrc.cc')

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 43abc62ce..06059dfc1 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -40,8 +40,8 @@ enum {
 };
 
 /* make sure we have room for at least this size: */
-#define LOGINSIZE 1024
-#define PASSWORDSIZE 1024
+#define LOGINSIZE 256
+#define PASSWORDSIZE 256
 #define NETRC DOT_CHAR "netrc"
 
 /* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
-- 
cgit v1.2.3


From b8c50bd0415bd4ea16a8f09356d882f267976d40 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Sat, 13 Oct 2012 17:25:07 +0200
Subject: * apt-pkg/contrib/netrc.cc:   - remove the 64 char limit for
 login/password in internal usage

---
 apt-pkg/contrib/netrc.cc | 43 +++++++++++++++++++++++++++----------------
 1 file changed, 27 insertions(+), 16 deletions(-)

(limited to 'apt-pkg/contrib/netrc.cc')

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 56e59d84b..950d21dad 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -44,11 +44,11 @@ enum {
 #define NETRC DOT_CHAR "netrc"
 
 /* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
-int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
+static int parsenetrc_string (char *host, std::string &login, std::string &password, char *netrcfile = NULL)
 {
   FILE *file;
   int retcode = 1;
-  int specific_login = (login[0] != 0);
+  int specific_login = (login.empty() == false);
   char *home = NULL;
   bool netrc_alloc = false;
 
@@ -88,7 +88,7 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
     while (!done && fgets(netrcbuffer, sizeof (netrcbuffer), file)) {
       tok = strtok_r (netrcbuffer, " \t\n", &tok_buf);
       while (!done && tok) {
-        if(login[0] && password[0]) {
+        if(login.empty() == false && password.empty() == false) {
           done = true;
           break;
         }
@@ -120,13 +120,13 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
           /* we are now parsing sub-keywords concerning "our" host */
           if (state_login) {
             if (specific_login)
-              state_our_login = !strcasecmp (login, tok);
+              state_our_login = !strcasecmp (login.c_str(), tok);
             else
-              strncpy (login, tok, LOGINSIZE - 1);
+              login = tok;
             state_login = 0;
           } else if (state_password) {
             if (state_our_login || !specific_login)
-              strncpy (password, tok, PASSWORDSIZE - 1);
+              password = tok;
             state_password = 0;
           } else if (!strcasecmp ("login", tok))
             state_login = 1;
@@ -152,6 +152,18 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
 
   return retcode;
 }
+// for some unknown reason this method is exported so keep a compatible interface for now …
+int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
+{
+   std::string login_string, password_string;
+   int const ret = parsenetrc_string(host, login_string, password_string, netrcfile);
+   if (ret < 0)
+      return ret;
+   strncpy(login, login_string.c_str(), LOGINSIZE - 1);
+   strncpy(password, password_string.c_str(), PASSWORDSIZE - 1);
+   return ret;
+}
+
 
 void maybe_add_auth (URI &Uri, string NetRCFile)
 {
@@ -162,21 +174,20 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
   {
     if (NetRCFile.empty () == false)
     {
-      char login[64] = "";
-      char password[64] = "";
+       std::string login, password;
       char *netrcfile = strdup(NetRCFile.c_str());
 
       // first check for a generic host based netrc entry
       char *host = strdup(Uri.Host.c_str());
-      if (host && parsenetrc (host, login, password, netrcfile) == 0)
+      if (host && parsenetrc_string(host, login, password, netrcfile) == 0)
       {
 	 if (_config->FindB("Debug::Acquire::netrc", false) == true)
 	    std::clog << "host: " << host 
 		      << " user: " << login
-		      << " pass-size: " << strlen(password)
+		      << " pass-size: " << password.size()
 		      << std::endl;
-        Uri.User = string (login);
-        Uri.Password = string (password);
+        Uri.User = login;
+        Uri.Password = password;
 	free(netrcfile);
 	free(host);
 	return;
@@ -187,15 +198,15 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
       // a lookup uri.startswith(host) in the netrc file parser (because
       // of the "/"
       char *hostpath = strdup(string(Uri.Host+Uri.Path).c_str());
-      if (hostpath && parsenetrc (hostpath, login, password, netrcfile) == 0)
+      if (hostpath && parsenetrc_string(hostpath, login, password, netrcfile) == 0)
       {
 	 if (_config->FindB("Debug::Acquire::netrc", false) == true)
 	    std::clog << "hostpath: " << hostpath
 		      << " user: " << login
-		      << " pass-size: " << strlen(password)
+		      << " pass-size: " << password.size()
 		      << std::endl;
-	 Uri.User = string (login);
-	 Uri.Password = string (password);
+	 Uri.User = login;
+	 Uri.Password = password;
       }
       free(netrcfile);
       free(hostpath);
-- 
cgit v1.2.3


From 7f18595b3ef9a348719969889097adb4f45d44f0 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Sat, 13 Oct 2012 18:56:23 +0200
Subject: remove 256 char line limit by using getline() (POSIX.1-2008)

---
 apt-pkg/contrib/netrc.cc | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'apt-pkg/contrib/netrc.cc')

diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 950d21dad..c5f9630c4 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -79,13 +79,14 @@ static int parsenetrc_string (char *host, std::string &login, std::string &passw
     char *tok;
     char *tok_buf;
     bool done = false;
-    char netrcbuffer[256];
+    char *netrcbuffer = NULL;
+    size_t netrcbuffer_size = 0;
 
     int state = NOTHING;
     char state_login = 0;        /* Found a login keyword */
     char state_password = 0;     /* Found a password keyword */
 
-    while (!done && fgets(netrcbuffer, sizeof (netrcbuffer), file)) {
+    while (!done && getline(&netrcbuffer, &netrcbuffer_size, file) != -1) {
       tok = strtok_r (netrcbuffer, " \t\n", &tok_buf);
       while (!done && tok) {
         if(login.empty() == false && password.empty() == false) {
@@ -142,8 +143,9 @@ static int parsenetrc_string (char *host, std::string &login, std::string &passw
 
         tok = strtok_r (NULL, " \t\n", &tok_buf);
       } /* while(tok) */
-    } /* while fgets() */
+    } /* while getline() */
 
+    free(netrcbuffer);
     fclose(file);
   }
 
-- 
cgit v1.2.3