formboundary: convert assert into run-time check

... to really make sure the boundary fits in the target buffer.

Fixes unused parameter 'buflen' warning.

Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754

diff --git a/lib/formdata.c b/lib/formdata.c
index 4c3cf203cfbb9ec23e26d930cc0336eb9668edad..f8a93d594bf6c7e091de5c7a48a1f370d0c2e2a9 100644 (file)
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -1557,7 +1557,8 @@ static CURLcode formboundary(struct Curl_easy *data,
 {
   /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)
      combinations */
-  DEBUGASSERT(buflen >= 41);
+  if(buflen < 41)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
 
   memset(buffer, '-', 24);
   Curl_rand_hex(data, (unsigned char *)&buffer[24], 17);