luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

curl_easy_escape: limit output string length to 3 * max input

Browse Source 
... instead of the limiting it to just the max input size. As every
input byte can be expanded to 3 output bytes, this could limit the input
string to 2.66 MB instead of the intended 8 MB.

Reported-by: Marc Schlatter
Closes #6192
This commit is contained in:
Daniel Stenberg 2020-11-09 16:24:13 +01:00
parent 8b151cb944
commit 7ae59838f0
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/escape.c
View File

@ -86,7 +86,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string,
if(inlength < 0)
return NULL;
Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH);
Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3);
length = (inlength?(size_t)inlength:strlen(string));
if(!length)