curl_unescape() could make a buffer overflow

author Daniel Stenberg <daniel@haxx.se>

Mon, 20 Mar 2000 10:22:12 +0000 (10:22 +0000)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 20 Mar 2000 10:22:12 +0000 (10:22 +0000)
author Daniel Stenberg <daniel@haxx.se>
Mon, 20 Mar 2000 10:22:12 +0000 (10:22 +0000)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 20 Mar 2000 10:22:12 +0000 (10:22 +0000)
diff --git a/lib/escape.c b/lib/escape.c

index 68000cd7128f11670019916b3004a3b1832af735..274cd2dcd69b3b85e81e6caa64d28a340674f567 100644 (file)
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -47,7 +47,7 @@
  
  char *curl_escape(char *string)
  {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
     char *ns = malloc(alloc);
     unsigned char in;
     int newlen = alloc;
@@ -83,7 +83,7 @@ char *curl_escape(char *string)
  
  char *curl_unescape(char *string)
  {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
     char *ns = malloc(alloc);
     unsigned char in;
     int index=0;
author	Daniel Stenberg <daniel@haxx.se>
	Mon, 20 Mar 2000 10:22:12 +0000 (10:22 +0000)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 20 Mar 2000 10:22:12 +0000 (10:22 +0000)