Check destlen and truncate in url_pct_encode().

Thanks to Jeriko One for the patch, which this commit is based upon.

diff --git a/url.c b/url.c
index f380893803bfe04aa9e4516b4079a10d5f2a3e04..d61e8d16606be6c6b9dc0708b0ac780630bbf96b 100644 (file)
--- a/url.c
+++ b/url.c
@@ -195,15 +195,20 @@ static void url_pct_encode (char *dst, size_t l, const char *src)
   l--;
   while (src && *src && l)
   {
-    if (strchr ("/:%", *src) && l > 3)
+    if (strchr ("/:%", *src))
     {
+      if (l < 3)
+        break;
+
       *dst++ = '%';
       *dst++ = alph[(*src >> 4) & 0xf];
       *dst++ = alph[*src & 0xf];
       src++;
+      l -= 3;
       continue;
     }
     *dst++ = *src++;
+    l--;
   }
   *dst = 0;
 }