From e405caf53d609e0e960ca30ce2fea32daec1c735 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 24 Dec 2025 00:09:37 +0100
Subject: [PATCH] escape: add a length in curl_easy_escape

Only accept up to SIZE_MAX/16 input bytes. To avoid overflows, mistakes
and abuse.

Reported-by: Daniel Santos
---
 lib/escape.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/escape.c b/lib/escape.c
index 2e38301d9c..24d4c4e42c 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -62,6 +62,9 @@ char *curl_easy_escape(CURL *data, const char *string, int inlength)
   if(!length)
     return curlx_strdup("");
 
+  if(length > SIZE_MAX/16)
+    return NULL;
+
   curlx_dyn_init(&d, length * 3 + 1);
 
   while(length--) {