From 78a848c69a9f46955e2281d58e60604ba23a06c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Fri, 14 Feb 2020 11:48:19 +0100
Subject: [PATCH] * src/cookies.c (parse_set_cookie): Remove use of alloca

---
 src/cookies.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/cookies.c b/src/cookies.c
index 7b914973..376adab4 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -395,12 +395,15 @@ parse_set_cookie (const char *set_cookie, bool silent)
         }
       else if (TOKEN_IS (name, "expires"))
         {
-          char *value_copy;
+          char value_copy[128];
+          size_t value_len = value.e - value.b;
           time_t expires;
 
-          if (!TOKEN_NON_EMPTY (value))
+          if (!TOKEN_NON_EMPTY (value) || value_len >= sizeof (value_copy))
             goto error;
-          BOUNDED_TO_ALLOCA (value.b, value.e, value_copy);
+
+          memcpy (value_copy, value.b, value_len);
+          value_copy[value_len] = 0;
 
           /* Check if expiration spec is valid.
              If not, assume default (cookie doesn't expire, but valid only for