From 853e8f45607cb07b877ffd270c63dbcdd5201ad9 Mon Sep 17 00:00:00 2001 From: Manu Garg Date: Wed, 13 Apr 2022 14:30:07 -0700 Subject: [PATCH] Fix possible memory overwrite vulnerability. (#134) --- src/pacparser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pacparser.c b/src/pacparser.c index c244bb45..40ca4f90 100644 --- a/src/pacparser.c +++ b/src/pacparser.c @@ -442,11 +442,11 @@ pacparser_find_proxy(const char *url, const char *host) // Hostname shouldn't have single quotes in them if (strchr(host, '\'')) { print_error("%s %s\n", error_prefix, - "Invalid hostname: hostname can't have single quotes."); + "Invalid hostname: hostname can't have single quotes."); return NULL; } - script = (char*) malloc(32 + strlen(url) + strlen(host)); + script = (char*) malloc(32 + strlen(sanitized_url) + strlen(host)); script[0] = '\0'; strcat(script, "findProxyForURL('"); strcat(script, sanitized_url);