Fix possible memory overwrite vulnerability. (#134)

manugarg · Apr 13, 2022 · 853e8f4 · 853e8f4
1 parent f013613
commit 853e8f4
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/pacparser.c b/src/pacparser.c
@@ -442,11 +442,11 @@ pacparser_find_proxy(const char *url, const char *host)
   // Hostname shouldn't have single quotes in them
   if (strchr(host, '\'')) {
     print_error("%s %s\n", error_prefix,
-		"Invalid hostname: hostname can't have single quotes.");
+      "Invalid hostname: hostname can't have single quotes.");
     return NULL;
   }
 
-  script = (char*) malloc(32 + strlen(url) + strlen(host));
+  script = (char*) malloc(32 + strlen(sanitized_url) + strlen(host));
   script[0] = '\0';
   strcat(script, "findProxyForURL('");
   strcat(script, sanitized_url);