From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 9 May 2017 07:08:25 +0000 (+0200)
Subject: formboundary: convert assert into run-time check
X-Git-Tag: curl-7_54_1~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=158d7016419429e7741ec35d0d6e256985762347;p=thirdparty%2Fcurl.git

formboundary: convert assert into run-time check

... to really make sure the boundary fits in the target buffer.

Fixes unused parameter 'buflen' warning.

Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754
---

diff --git a/lib/formdata.c b/lib/formdata.c
index 4c3cf203cf..f8a93d594b 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -1557,7 +1557,8 @@ static CURLcode formboundary(struct Curl_easy *data,
 {
   /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)
      combinations */
-  DEBUGASSERT(buflen >= 41);
+  if(buflen < 41)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
 
   memset(buffer, '-', 24);
   Curl_rand_hex(data, (unsigned char *)&buffer[24], 17);