From 1e9db6997ac37db18e949b57360968fde07420e3 Mon Sep 17 00:00:00 2001
From: Tatsuhiko Miyagawa <miyagawa@bulknews.net>
Date: Sat, 16 Dec 2023 01:28:55 -0800
Subject: [PATCH] http: fix off-by-one error in request method length check

It should allow one more byte.

Closes #12534
---
 lib/http.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/http.c b/lib/http.c
index 209780ed0a..ba625b4def 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -4609,7 +4609,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq,
   CURLcode result = CURLE_OUT_OF_MEMORY;
 
   DEBUGASSERT(method);
-  if(m_len + 1 >= sizeof(req->method))
+  if(m_len + 1 > sizeof(req->method))
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   req = calloc(1, sizeof(*req));
@@ -4765,7 +4765,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq,
   CURLUcode uc;
 
   DEBUGASSERT(method);
-  if(m_len + 1 >= sizeof(req->method))
+  if(m_len + 1 > sizeof(req->method))
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   req = calloc(1, sizeof(*req));
-- 
2.47.3