From: Tatsuhiko Miyagawa <miyagawa@bulknews.net>
Date: Sat, 16 Dec 2023 09:28:55 +0000 (-0800)
Subject: http: fix off-by-one error in request method length check
X-Git-Tag: curl-8_6_0~216
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e9db6997ac37db18e949b57360968fde07420e3;p=thirdparty%2Fcurl.git

http: fix off-by-one error in request method length check

It should allow one more byte.

Closes #12534
---

diff --git a/lib/http.c b/lib/http.c
index 209780ed0a..ba625b4def 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -4609,7 +4609,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq,
   CURLcode result = CURLE_OUT_OF_MEMORY;
 
   DEBUGASSERT(method);
-  if(m_len + 1 >= sizeof(req->method))
+  if(m_len + 1 > sizeof(req->method))
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   req = calloc(1, sizeof(*req));
@@ -4765,7 +4765,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq,
   CURLUcode uc;
 
   DEBUGASSERT(method);
-  if(m_len + 1 >= sizeof(req->method))
+  if(m_len + 1 > sizeof(req->method))
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   req = calloc(1, sizeof(*req));