aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-02-02 22:43:54 +0100
committerDaniel Stenberg <daniel@haxx.se>2016-02-02 22:43:54 +0100
commit41ae9f717a5ccd46de5957da25f7a5a2666f2917 (patch)
tree4c412c3785d100389deedc367f0c0da989d8d109
parent6b485c7407fdfab34e47df9ad75f4ad5d84f0e34 (diff)
dotdot: allow an empty input string too
It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input.
-rw-r--r--lib/dotdot.c9
-rw-r--r--tests/unit/unit1395.c5
2 files changed, 12 insertions, 2 deletions
diff --git a/lib/dotdot.c b/lib/dotdot.c
index ae169411d..1734efe6b 100644
--- a/lib/dotdot.c
+++ b/lib/dotdot.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -35,6 +35,7 @@
/*
* Curl_dedotdotify()
+ * @unittest: 1395
*
* This function gets a zero-terminated path with dot and dotdot sequences
* passed in and strips them off according to the rules in RFC 3986 section
@@ -68,6 +69,12 @@ char *Curl_dedotdotify(const char *input)
orgclone = clone;
outptr = out;
+ if(!*clone) {
+ /* zero length string, return that */
+ free(out);
+ return clone;
+ }
+
/*
* To handle query-parts properly, we must find it and remove it during the
* dotdot-operation and then append it again at the end to the output
diff --git a/tests/unit/unit1395.c b/tests/unit/unit1395.c
index 6f9fc8c38..cfbba37d7 100644
--- a/tests/unit/unit1395.c
+++ b/tests/unit/unit1395.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -62,6 +62,9 @@ UNITTEST_START
{ "/../../moo?andnot/../yay", "/moo?andnot/../yay"},
{ "/123?foo=/./&bar=/../", "/123?foo=/./&bar=/../"},
{ "/../moo/..?what", "/?what" },
+ { "/", "/" },
+ { "", "" },
+ { "/.../", "/.../" },
};
for(i=0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {