From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 1 Jun 2008 10:25:47 +0000 (+1200)
Subject: Fix possible buffer overrun in rfc1738 encoder
X-Git-Tag: SQUID_3_1_0_1~49^2~216
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6512a7600774cc1e346687712b743c1941c0c975;p=thirdparty%2Fsquid.git

Fix possible buffer overrun in rfc1738 encoder
---

diff --git a/lib/rfc1738.c b/lib/rfc1738.c
index 8e8fbafc67..1ea1a765e7 100644
--- a/lib/rfc1738.c
+++ b/lib/rfc1738.c
@@ -98,7 +98,7 @@ rfc1738_do_escape(const char *url, int encode_reserved)
 	bufsize = strlen(url) * 3 + 1;
 	buf = xcalloc(bufsize, 1);
     }
-    for (p = url, q = buf; *p != '\0'; p++, q++) {
+    for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) {
 	do_escape = 0;
 
 	/* RFC 1738 defines these chars as unsafe */