From: Daniel Stenberg Date: Wed, 25 May 2022 08:32:22 +0000 (+0200) Subject: headers: fix the unfold realloc to use proper new size X-Git-Tag: curl-7_84_0~137 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5bf1ff002db7f924c8dd1d8340c28daf6d66d7f7;p=thirdparty%2Fcurl.git headers: fix the unfold realloc to use proper new size Previously it didn't take the old name length into acount Follow-up to: c9b60f005358a364 Closes #8913 --- diff --git a/lib/headers.c b/lib/headers.c index b83557d77c..6abb635f23 100644 --- a/lib/headers.c +++ b/lib/headers.c @@ -216,16 +216,18 @@ static CURLcode namevalue(char *header, size_t hlen, unsigned int type, return CURLE_OK; } -static CURLcode append_value(struct Curl_easy *data, const char *value, +static CURLcode unfold_value(struct Curl_easy *data, const char *value, size_t vlen) /* length of the incoming header */ { struct Curl_header_store *hs; struct Curl_header_store *newhs; size_t olen; /* length of the old value */ + size_t oalloc; /* length of the old name + value + separator */ size_t offset; DEBUGASSERT(data->state.prevhead); hs = data->state.prevhead; olen = strlen(hs->value); + oalloc = olen + strlen(hs->name) + 1; offset = hs->value - hs->buffer; /* skip all trailing space letters */ @@ -243,7 +245,8 @@ static CURLcode append_value(struct Curl_easy *data, const char *value, realloc */ Curl_llist_remove(&data->state.httphdrs, &hs->node, NULL); - newhs = Curl_saferealloc(hs, sizeof(*hs) + vlen + olen + 1); + /* new size = struct + new value length + old name+value length */ + newhs = Curl_saferealloc(hs, sizeof(*hs) + vlen + oalloc + 1); if(!newhs) return CURLE_OUT_OF_MEMORY; /* ->name' and ->value point into ->buffer (to keep the header allocation @@ -292,7 +295,7 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, if((header[0] == ' ') || (header[0] == '\t')) /* line folding, append value to the previous header's value */ - return append_value(data, header, hlen); + return unfold_value(data, header, hlen); hs = calloc(1, sizeof(*hs) + hlen); if(!hs)