curl_unescape() could make a buffer overflow

diff --git a/lib/escape.c b/lib/escape.c
index 68000cd..274cd2d 100644 (file)
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -47,7 +47,7 @@
 
 char *curl_escape(char *string)
 {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int newlen = alloc;
@@ -83,7 +83,7 @@ char *curl_escape(char *string)
 
 char *curl_unescape(char *string)
 {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int index=0;