Skip to content

escape: add a length check in curl_easy_escape #20086

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bagder wants to merge 2 commits into from
Closed

escape: add a length check in curl_easy_escape #20086

bagder wants to merge 2 commits into from

Conversation

@bagder
Copy link
Member

@bagder bagder commented Dec 23, 2025

Only accept up to SIZE_MAX/16 input bytes. To avoid overflows, mistakes and abuse.

Reported-by: Daniel Santos

@bagder
escape: add a length in curl_easy_escape
e405caf 
Only accept up to SIZE_MAX/16 input bytes. To avoid overflows, mistakes
and abuse.

Reported-by: Daniel Santos
@bagder bagder requested a review from Copilot December 24, 2025 16:53
@bagder bagder marked this pull request as ready for review December 24, 2025 16:53
Copilot AI reviewed Dec 24, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a length validation check to the curl_easy_escape function to prevent potential integer overflow and resource abuse. The change restricts input length to SIZE_MAX/16 before the allocation calculation that multiplies the length by 3.

Key Changes

  • Add length validation to reject inputs larger than SIZE_MAX/16
  • Return NULL for oversized inputs to prevent overflow in subsequent calculation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@testclutch
Copy link

testclutch commented Dec 24, 2025

Analysis of PR #20086 at 23afa3bb:

Test 1501 failed, which has NOT been flaky recently, so there could be a real issue in this PR. Note that this test has failed in 12 different CI jobs (the link just goes to one of them).

Generated by Testclutch

@bagder bagder changed the title escape: add a length in curl_easy_escape escape: add a length check in curl_easy_escape Dec 24, 2025
@bagder bagder closed this in 76e7d49 Dec 24, 2025
@bagder bagder deleted the bagder/escape-limit branch December 24, 2025 21:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

libcurl API

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bagder @testclutch