diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-11-09 16:24:13 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-11-09 23:01:06 +0100 |
| commit | 7ae59838f0b9af600f3936485ad45de86bd3435f (patch) | |
| tree | 4832b56ec5b08c51089f40450d824294df26d5b5 /lib | |
| parent | 8b151cb944361755396512f9cb8f53b56fa7c076 (diff) | |
| download | curl-7ae59838f0b9af600f3936485ad45de86bd3435f.tar.gz | |
curl_easy_escape: limit output string length to 3 * max input
... instead of the limiting it to just the max input size. As every
input byte can be expanded to 3 output bytes, this could limit the input
string to 2.66 MB instead of the intended 8 MB.
Reported-by: Marc Schlatter
Closes #6192
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/escape.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/escape.c b/lib/escape.c index 1ec698aa6..683b6fc4a 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -86,7 +86,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, if(inlength < 0) return NULL; - Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH); + Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3); length = (inlength?(size_t)inlength:strlen(string)); if(!length) |