curl_unescape() could make a buffer overflow

2024-12-21 23:58:49 -05:00 · 2000-03-20 10:22:12 +00:00 · 2000-03-20 10:22:12 +00:00 · 211b9e552d
commit 211b9e552d
parent bc5c4b8953
1 changed files with 2 additions and 2 deletions
--- a/lib/escape.c
+++ b/lib/escape.c
@ -47,7 +47,7 @@

 char *curl_escape(char *string)
 {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
   char *ns = malloc(alloc);
   unsigned char in;
   int newlen = alloc;
@ -83,7 +83,7 @@ char *curl_escape(char *string)

 char *curl_unescape(char *string)
 {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
   char *ns = malloc(alloc);
   unsigned char in;
   int index=0;