From 211b9e552ddd0d612c7963e34d6fb2791a841ae7 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 20 Mar 2000 10:22:12 +0000
Subject: [PATCH] curl_unescape() could make a buffer overflow

---
 lib/escape.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/escape.c b/lib/escape.c
index 68000cd71..274cd2dcd 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -47,7 +47,7 @@
 
 char *curl_escape(char *string)
 {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int newlen = alloc;
@@ -83,7 +83,7 @@ char *curl_escape(char *string)
 
 char *curl_unescape(char *string)
 {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int index=0;