Integer overflow in environment variable allocation

## Summary

`httpnenv.c` uses `int` for string lengths in an allocation size calculation. If the combined length overflows, `calloc()` allocates too little memory and the subsequent `strcpy()` writes out of bounds.

## Affected Files

- `src/httpnenv.c:9-11`

## Details

```c
int namelen = strlen(name);
int vallen  = value ? strlen(value) : 0;
HTTPV *v    = calloc(1, sizeof(HTTPV) + namelen + vallen);
```

The `+2` for null terminators is also missing.

## Fix

- Use `size_t` for lengths.
- Add overflow check before addition.
- Add `+2` for the two null terminators.

## Severity

HIGH

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integer overflow in environment variable allocation #7

Summary

Affected Files

Details

Fix

Severity

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Integer overflow in environment variable allocation #7

Description

Summary

Affected Files

Details

Fix

Severity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions