curl_unescape() could make a buffer overflow

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/escape.c b/lib/escape.c
index 68000cd71..274cd2dcd 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -47,7 +47,7 @@
 
 char *curl_escape(char *string)
 {
-   int alloc=strlen(string);
+   int alloc=strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int newlen = alloc;
@@ -83,7 +83,7 @@ char *curl_escape(char *string)
 
 char *curl_unescape(char *string)
 {
-   int alloc = strlen(string);
+   int alloc = strlen(string)+1;
    char *ns = malloc(alloc);
    unsigned char in;
    int index=0;