curl_unescape() could make a buffer overflow

author: Daniel Stenberg <daniel@haxx.se> 2000-03-20 10:22:12 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2000-03-20 10:22:12 +0000
commit: 211b9e552ddd0d612c7963e34d6fb2791a841ae7 (patch)
tree: a30a9473625d1bf17c8954daca07f035585b391d /lib/escape.c
parent: bc5c4b895380eeae3e1855cfe47aa4ea65a7ba37 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/escape.c b/lib/escape.c
index 68000cd71..274cd2dcd 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -47,7 +47,7 @@
 
 char *curl_escape(char *string)
 {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int newlen = alloc;
@@ -83,7 +83,7 @@ char *curl_escape(char *string)
 
 char *curl_unescape(char *string)
 {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int index=0;
author	Daniel Stenberg <daniel@haxx.se>	2000-03-20 10:22:12 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2000-03-20 10:22:12 +0000
commit	211b9e552ddd0d612c7963e34d6fb2791a841ae7 (patch)
tree	a30a9473625d1bf17c8954daca07f035585b391d /lib/escape.c
parent	bc5c4b895380eeae3e1855cfe47aa4ea65a7ba37 (diff)