curl-library
realloc() over-allocation in http_digest.c:547
From: Andre Guibert de Bruet <andy_at_siliconlandmark.com>
Date: Fri, 8 May 2009 21:49:16 -0400
Received on 2009-05-09
Date: Fri, 8 May 2009 21:49:16 -0400
Hi,
There appears to be a coding error in http_digest.c in the realloc()
call on line 547. The strcat() call performed shortly after the
realloc() needs exactly 3 bytes ('\r' + '\n' + '\0'), yet realloc() is
called with 4.
The attached patch corrects this. Could it be committed upon review?
Andy
/* Andre Guibert de Bruet * 436f 6465 2070 6f65 742e 2042 6974 206a */
/* Managing Partner * 6f63 6b65 792e 2053 7973 4164 6d69 6e2e */
/* GSM: +1 734 846 8758 * 2055 4e49 5820 736c 6575 7468 2e00 0000 */
/* WWW: siliconlandmark.com * C/C++, Java, Perl, PHP, SQL, XHTML, XML */
- application/octet-stream attachment: realloc-off-by-one.diff