libcurl-urllen.patch [plain text]
Index: lib/url.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/url.c,v
retrieving revision 1.483
diff -u -r1.483 url.c
--- lib/url.c 30 Nov 2005 13:09:48 -0000 1.483
+++ lib/url.c 30 Nov 2005 23:25:49 -0000
@@ -2378,12 +2378,18 @@
if(urllen < LEAST_PATH_ALLOC)
urllen=LEAST_PATH_ALLOC;
- conn->pathbuffer=(char *)malloc(urllen);
+ /*
+ * We malloc() the buffers below urllen+3 to make room for to possibilities:
+ * 1 - an extra terminating zero
+ * 2 - (possibly an extra slash and) a terminating zero
+ */
+
+ conn->pathbuffer=(char *)malloc(urllen+3);
if(NULL == conn->pathbuffer)
return CURLE_OUT_OF_MEMORY; /* really bad error */
conn->path = conn->pathbuffer;
- conn->host.rawalloc=(char *)malloc(urllen);
+ conn->host.rawalloc=(char *)malloc(urllen+3);
if(NULL == conn->host.rawalloc)
return CURLE_OUT_OF_MEMORY;
conn->host.name = conn->host.rawalloc;