renamed getpass() to my_getpass() and it is now thread-safe and should

disable passwd-echoing on win32 (supplied by Bj�rn Stenberg)

lib/getpass.c

@@ -45,8 +45,6 @@
 #  endif
 #endif
 
-#define INPUT_BUFFER 128
-
 #ifndef RETSIGTYPE
 #  define RETSIGTYPE void
 #endif
@@ -70,11 +68,10 @@
 #  define perror(x) fprintf(stderr, "Error in: %s\n", x)
 #endif
 
-char *getpass(const char *prompt)
+void my_getpass(const char *prompt, char *buffer, int buflen)
 {
   FILE *infp;
   FILE *outfp;
-  static char buf[INPUT_BUFFER];
   RETSIGTYPE (*sigint)();
 #ifndef __EMX__
   RETSIGTYPE (*sigtstp)();
@@ -142,8 +139,8 @@ char *getpass(const char *prompt)
   fputs(prompt, outfp);
   fflush(outfp);
 
-  bytes_read=read(infd, buf, INPUT_BUFFER);
+  bytes_read=read(infd, buffer, buflen);
-  buf[bytes_read > 0 ? (bytes_read -1) : 0] = '\0';
+  buffer[bytes_read > 0 ? (bytes_read -1) : 0] = '\0';
 
   /* print a new line if needed */
 #ifdef HAVE_TERMIOS_H
@@ -157,7 +154,7 @@ char *getpass(const char *prompt)
 
   /*
    * reset term charectaristics, use TCSAFLUSH incase the
-   * user types more than INPUT_BUFFER
+   * user types more than buflen
    */
 #ifdef HAVE_TERMIOS_H
   if(tcsetattr(outfd, TCSAFLUSH, &orig) != 0)
@@ -179,15 +176,25 @@ char *getpass(const char *prompt)
   signal(SIGTSTP, sigtstp);
 #endif
 
-  return(buf);
 }
-#else
+#else /* WIN32 */
 #include <stdio.h>
-char *getpass(const char *prompt)
+#include <conio.h>
+void my_getpass(const char *prompt, char *buffer, int buflen)
 {
-	static char password[80];
+  int i;
-	printf(prompt);
+  printf("%s", prompt);
-	gets(password);
+ 
-	return password;
+  for(i=0; i<buflen; i++) {
+    buffer[i] = getch();
+    if ( buffer[i] == '\r' ) {
+      buffer[i] = 0;
+      break;
+    }
+  }
+  /* if user didn't hit ENTER, terminate buffer */
+  if (i==buflen)
+    buffer[buflen-1]=0;
 }
-#endif /* don't do anything if WIN32 */
+#endif
+

lib/getpass.h

@@ -1 +1 @@
-char *getpass(const char *prompt);
+void my_getpass(const char *prompt, char* buffer, int buflen );

lib/url.c

@@ -780,16 +780,16 @@ CURLcode curl_connect(CURL *curl, CURLconnect **in_connect)
 
     if(*data->userpwd != ':') {
       /* the name is given, get user+password */
-      sscanf(data->userpwd, "%127[^:]:%127[^@]",
+      sscanf(data->userpwd, "%127[^:]:%127[^\n]",
              data->user, data->passwd);
       }
     else
       /* no name given, get the password only */
-      sscanf(data->userpwd+1, "%127[^@]", data->passwd);
+      sscanf(data->userpwd+1, "%127[^\n]", data->passwd);
 
     /* check for password, if no ask for one */
     if( !data->passwd[0] ) {
-      strncpy(data->passwd, getpass("password: "), sizeof(data->passwd));
+      my_getpass("password:", data->passwd, sizeof(data->passwd));
     }
   }
 
@@ -799,16 +799,18 @@ CURLcode curl_connect(CURL *curl, CURLconnect **in_connect)
 
     if(*data->proxyuserpwd != ':') {
       /* the name is given, get user+password */
-      sscanf(data->proxyuserpwd, "%127[^:]:%127[^@]",
+      sscanf(data->proxyuserpwd, "%127[^:]:%127[^\n]",
              data->proxyuser, data->proxypasswd);
       }
     else
       /* no name given, get the password only */
-      sscanf(data->proxyuserpwd+1, "%127[^@]", data->proxypasswd);
+      sscanf(data->proxyuserpwd+1, "%127[^\n]", data->proxypasswd);
 
     /* check for password, if no ask for one */
     if( !data->proxypasswd[0] ) {
-      strncpy(data->proxypasswd, getpass("proxy password: "), sizeof(data->proxypasswd));
+      my_getpass("proxy password:",
+                 data->proxypasswd,
+                 sizeof(data->proxypasswd));
     }
 
   }
@@ -1117,7 +1119,7 @@ CURLcode curl_connect(CURL *curl, CURLconnect **in_connect)
 
       /* check for password, if no ask for one */
       if( !data->passwd[0] ) {
-        strncpy(data->passwd, getpass("password: "), sizeof(data->passwd));
+        my_getpass("password:",data->passwd,sizeof(data->passwd));
       }
 
       conn->name = ++ptr;