From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 20 Mar 2000 10:22:12 +0000 (+0000)
Subject: curl_unescape() could make a buffer overflow
X-Git-Tag: curl-6_5_1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=211b9e552ddd0d612c7963e34d6fb2791a841ae7;p=thirdparty%2Fcurl.git

curl_unescape() could make a buffer overflow
---

diff --git a/lib/escape.c b/lib/escape.c
index 68000cd712..274cd2dcd6 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -47,7 +47,7 @@
 
 char *curl_escape(char *string)
 {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int newlen = alloc;
@@ -83,7 +83,7 @@ char *curl_escape(char *string)
 
 char *curl_unescape(char *string)
 {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int index=0;