7.15.1 with the now to be announced security flaw fixed

author: Daniel Stenberg <daniel@haxx.se> 2005-12-06 23:05:51 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2005-12-06 23:05:51 +0000
commit: f49df54a36a39995be32782154f3ca2692f17ac4 (patch)
tree: fa20c4f702c3971fcff69c7283024c67a43ce203 /lib
parent: 952bbc441047f023debf08275162dce866d04025 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/url.c b/lib/url.c
index bc6033a36..3715b10ca 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2378,12 +2378,18 @@ static CURLcode CreateConnection(struct SessionHandle *data,
   if(urllen < LEAST_PATH_ALLOC)
     urllen=LEAST_PATH_ALLOC;
 
-  conn->pathbuffer=(char *)malloc(urllen);
+  /*
+   * We malloc() the buffers below urllen+2 to make room for to possibilities:
+   * 1 - an extra terminating zero
+   * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
+   */
+
+  conn->pathbuffer=(char *)malloc(urllen+2);
   if(NULL == conn->pathbuffer)
     return CURLE_OUT_OF_MEMORY; /* really bad error */
   conn->path = conn->pathbuffer;
 
-  conn->host.rawalloc=(char *)malloc(urllen);
+  conn->host.rawalloc=(char *)malloc(urllen+2);
   if(NULL == conn->host.rawalloc)
     return CURLE_OUT_OF_MEMORY;
   conn->host.name = conn->host.rawalloc;
author	Daniel Stenberg <daniel@haxx.se>	2005-12-06 23:05:51 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2005-12-06 23:05:51 +0000
commit	f49df54a36a39995be32782154f3ca2692f17ac4 (patch)
tree	fa20c4f702c3971fcff69c7283024c67a43ce203 /lib
parent	952bbc441047f023debf08275162dce866d04025 (diff)