From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 2 Nov 2023 12:43:54 +0000 (+0100)
Subject: urlapi: when URL encoding the fragment, pass in the right length
X-Git-Tag: curl-8_5_0~155
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5c846a12a3ecf1ba36e9e75246e7644abe4d03fa;p=thirdparty%2Fcurl.git

urlapi: when URL encoding the fragment, pass in the right length

A benign bug because it would only add an extra null terminator.

Made lib1560 get a test that runs this code.

Closes #12250
---

diff --git a/lib/urlapi.c b/lib/urlapi.c
index 329f80393b..032859f88d 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -1224,7 +1224,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
       if(flags & CURLU_URLENCODE) {
         struct dynbuf enc;
         Curl_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
-        if(urlencode_str(&enc, fragment + 1, fraglen, TRUE, FALSE)) {
+        if(urlencode_str(&enc, fragment + 1, fraglen - 1, TRUE, FALSE)) {
           result = CURLUE_OUT_OF_MEMORY;
           goto fail;
         }
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
index 9d97cbd065..5f11c48552 100644
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -151,6 +151,9 @@ struct clearurlcase {
 };
 
 static const struct testcase get_parts_list[] ={
+  {"https://curl.se/#  ",
+   "https | [11] | [12] | [13] | curl.se | [15] | / | [16] | %20%20",
+   CURLU_URLENCODE|CURLU_ALLOW_SPACE, 0, CURLUE_OK},
   {"", "", 0, 0, CURLUE_MALFORMED_INPUT},
   {" ", "", 0, 0, CURLUE_MALFORMED_INPUT},
   {"1h://example.net", "", 0, 0, CURLUE_BAD_SCHEME},