From: Edmund GRIMLEY EVANS <edmundo@rano.org>
Date: Wed, 19 Mar 2003 21:31:59 +0000 (+0000)
Subject: Fix a buffer overflow in utf8_to_utf7.
X-Git-Tag: mutt-1-5-4-rel~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5d72ff5cf964dd752690c713dc0b8834824af3f1;p=mutt

Fix a buffer overflow in utf8_to_utf7.
---

diff --git a/imap/utf7.c b/imap/utf7.c
index 14211a07..f792cd48 100644
--- a/imap/utf7.c
+++ b/imap/utf7.c
@@ -149,7 +149,11 @@ static char *utf8_to_utf7 (const char *u8, size_t u8len, char **u7,
   int n, i, b = 0, k = 0;
   int base64 = 0;
 
-  p = buf = safe_malloc (u8len * 2 + 1);
+  /*
+   * In the worst case we convert 2 chars to 7 chars. For example:
+   * "\x10&\x10&..." -> "&ABA-&-&ABA-&-...".
+   */
+  p = buf = safe_malloc ((u8len / 2) * 7 + 6);
 
   while (u8len)
   {