diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-11-09 16:24:13 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-11-09 16:26:24 +0100 |
| commit | 3ddae8ab2a70d594895bd3f844b79823310a3418 (patch) | |
| tree | 664c86a5662c88f072de24976cbb5e505eb4864d | |
| parent | ec48bee3f8671593ae24fda742206ffeabc6c4c6 (diff) | |
| download | curl-bagder/escape-full-inputlen.tar.gz | |
curl_easy_escape: limit *output* string length to 3 * max inputbagder/escape-full-inputlen
... not the output string. As every input byte can be expanded to 3
output bytes, this could limit the input string to 2.66 MB instead of 8.
Reported-by: Marc Schlatter
| -rw-r--r-- | lib/escape.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/escape.c b/lib/escape.c index 1ec698aa6..683b6fc4a 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -86,7 +86,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, if(inlength < 0) return NULL; - Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH); + Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3); length = (inlength?(size_t)inlength:strlen(string)); if(!length) |