From: Kevin McCarthy <kevin@8t8.us>
Date: Fri, 13 Jul 2018 20:05:22 +0000 (-0700)
Subject: Check destlen and truncate in url_pct_encode().
X-Git-Tag: mutt-1-10-1-rel~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6962328c0a64b2db9c131e9f35ee45f949db673d;p=mutt

Check destlen and truncate in url_pct_encode().

Thanks to Jeriko One for the patch, which this commit is based upon.
---

diff --git a/url.c b/url.c
index f3808938..d61e8d16 100644
--- a/url.c
+++ b/url.c
@@ -195,15 +195,20 @@ static void url_pct_encode (char *dst, size_t l, const char *src)
   l--;
   while (src && *src && l)
   {
-    if (strchr ("/:%", *src) && l > 3)
+    if (strchr ("/:%", *src))
     {
+      if (l < 3)
+        break;
+
       *dst++ = '%';
       *dst++ = alph[(*src >> 4) & 0xf];
       *dst++ = alph[*src & 0xf];
       src++;
+      l -= 3;
       continue;
     }
     *dst++ = *src++;
+    l--;
   }
   *dst = 0;
 }