From f37840a46e5eddaf109c16fa783c8dd8ef639271 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 8 Jan 2024 17:00:05 +0100
Subject: [PATCH] tool_getparam: make data_urlencode avoid direct malloc

use aprintf() instead
---
 src/tool_getparam.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index baec05cf94..ddc8ff7b33 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -637,25 +637,18 @@ static ParameterError data_urlencode(struct GlobalConfig *global,
     char *enc = curl_easy_escape(NULL, postdata, (int)size);
     Curl_safefree(postdata); /* no matter if it worked or not */
     if(enc) {
-      /* replace (in-place) '%20' by '+' according to RFC1866 */
-      size_t enclen = replace_url_encoded_space_by_plus(enc);
-      /* now make a string with the name from above and append the
-         encoded string */
-      size_t outlen = nlen + enclen + 2;
-      char *n = malloc(outlen);
-      if(!n) {
-        curl_free(enc);
-        return PARAM_NO_MEM;
-      }
+      char *n;
+      replace_url_encoded_space_by_plus(enc);
       if(nlen > 0) { /* only append '=' if we have a name */
-        msnprintf(n, outlen, "%.*s=%s", (int)nlen, nextarg, enc);
-        size = outlen-1;
-      }
-      else {
-        strcpy(n, enc);
-        size = outlen-2; /* since no '=' was inserted */
+        n = aprintf("%.*s=%s", (int)nlen, nextarg, enc);
+        curl_free(enc);
+        if(!n)
+          return PARAM_NO_MEM;
       }
-      curl_free(enc);
+      else
+        n = enc;
+
+      size = strlen(n);
       postdata = n;
     }
     else
-- 
2.47.3