Security: Incorrect size increase in private_fll_iki_content_partial_escape().

The size increase test is "escaped->used + delimits + 2", but actual arguments passed to the increase function is "delimits".
The "+2" is missing.

This gets caught by the parameter checker when delimits is 0.
When delimits is, say 1, then an insufficient amount of memory is increased.
This will likely result in a segfault.

diff --git a/level_2/fll_iki/c/private-iki.c b/level_2/fll_iki/c/private-iki.c
index 6e666f7d181291ec392ab86fcbf02dad3548f00e..36b4679886f042355e7d7e8d99fc93d703d5224d 100644 (file)
--- a/level_2/fll_iki/c/private-iki.c
+++ b/level_2/fll_iki/c/private-iki.c
@@ -23,7 +23,7 @@ extern "C" {
 
       if (content.string[i] == quote) {
         if (escaped->used + delimits + 2 > escaped->size) {
-          status = fl_string_dynamic_size_increase(delimits, escaped);
+          status = fl_string_dynamic_size_increase(delimits + 2, escaped);
           if (F_status_is_error(status)) return status;
         }