From 158d7016419429e7741ec35d0d6e256985762347 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 9 May 2017 09:08:25 +0200
Subject: formboundary: convert assert into run-time check

... to really make sure the boundary fits in the target buffer.

Fixes unused parameter 'buflen' warning.

Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754
---
 lib/formdata.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/formdata.c')

diff --git a/lib/formdata.c b/lib/formdata.c
index 4c3cf203c..f8a93d594 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -1557,7 +1557,8 @@ static CURLcode formboundary(struct Curl_easy *data,
 {
   /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)
      combinations */
-  DEBUGASSERT(buflen >= 41);
+  if(buflen < 41)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
 
   memset(buffer, '-', 24);
   Curl_rand_hex(data, (unsigned char *)&buffer[24], 17);
-- 
cgit v1.2.3