luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

http: fix off-by-one error in request method length check

Browse Source 
It should allow one more byte.

Closes #12534
This commit is contained in:
Tatsuhiko Miyagawa 2023-12-16 01:28:55 -08:00 committed by Daniel Stenberg
parent 102de7aa8d
commit 1e9db6997a
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/http.c
View File

@ -4609,7 +4609,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq,
CURLcode result = CURLE_OUT_OF_MEMORY;
DEBUGASSERT(method);
if(m_len + 1 >= sizeof(req->method))
if(m_len + 1 > sizeof(req->method))
return CURLE_BAD_FUNCTION_ARGUMENT;
req = calloc(1, sizeof(*req));
@ -4765,7 +4765,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq,
CURLUcode uc;
DEBUGASSERT(method);
if(m_len + 1 >= sizeof(req->method))
if(m_len + 1 > sizeof(req->method))
return CURLE_BAD_FUNCTION_ARGUMENT;
req = calloc(1, sizeof(*req));