From b734bc37eb683451fb68a04466c3da8a54597fdf Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 21 Nov 2000 19:01:53 +0000 Subject: curl_unescape() did not stop at the set length properly when %-codes were used --- lib/escape.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/escape.c b/lib/escape.c index 048fd0f99..74d8deea8 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -100,7 +100,7 @@ char *curl_unescape(char *string, int length) the "query part" where '+' should become ' '. RFC 2316, section 3.10 */ - while(--alloc) { + while(--alloc > 0) { in = *string; if(querypart && ('+' == in)) in = ' '; @@ -113,6 +113,7 @@ char *curl_unescape(char *string, int length) if(sscanf(string+1, "%02X", &hex)) { in = hex; string+=2; + alloc-=2; } } -- cgit v1.2.3