http: fix off-by-one error in request method length check

author Tatsuhiko Miyagawa <miyagawa@bulknews.net>

Sat, 16 Dec 2023 09:28:55 +0000 (01:28 -0800)

committer Daniel Stenberg <daniel@haxx.se>

Sat, 16 Dec 2023 12:20:09 +0000 (13:20 +0100)
author Tatsuhiko Miyagawa <miyagawa@bulknews.net>
Sat, 16 Dec 2023 09:28:55 +0000 (01:28 -0800)
committer Daniel Stenberg <daniel@haxx.se>
Sat, 16 Dec 2023 12:20:09 +0000 (13:20 +0100)
diff --git a/lib/http.c b/lib/http.c

index 209780ed0a299c0f1c7457031953ef8284fc3816..ba625b4def556833e73c4e0c5c5de81773a72eec 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -4609,7 +4609,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq,
    CURLcode result = CURLE_OUT_OF_MEMORY;
  
    DEBUGASSERT(method);
-  if(m_len + 1 >= sizeof(req->method))
+  if(m_len + 1 > sizeof(req->method))
      return CURLE_BAD_FUNCTION_ARGUMENT;
  
    req = calloc(1, sizeof(*req));
@@ -4765,7 +4765,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq,
    CURLUcode uc;
  
    DEBUGASSERT(method);
-  if(m_len + 1 >= sizeof(req->method))
+  if(m_len + 1 > sizeof(req->method))
      return CURLE_BAD_FUNCTION_ARGUMENT;
  
    req = calloc(1, sizeof(*req));
author	Tatsuhiko Miyagawa <miyagawa@bulknews.net>
	Sat, 16 Dec 2023 09:28:55 +0000 (01:28 -0800)
committer	Daniel Stenberg <daniel@haxx.se>
	Sat, 16 Dec 2023 12:20:09 +0000 (13:20 +0100)