romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-17 01:25:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

escape: add a length in curl_easy_escape

Browse source 
Only accept up to SIZE_MAX/16 input bytes. To avoid overflows, mistakes
and abuse.

Reported-by: Daniel Santos
This commit is contained in:
Daniel Stenberg 2025-12-24 00:09:37 +01:00
parent 436e67f65b
commit e405caf53d
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/escape.c
View file

@ -62,6 +62,9 @@ char *curl_easy_escape(CURL *data, const char *string, int inlength)
if(!length)
return curlx_strdup("");
if(length > SIZE_MAX/16)
return NULL;
curlx_dyn_init(&d, length * 3 + 1);
while(length--) {