From 41ae9f717a5ccd46de5957da25f7a5a2666f2917 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 2 Feb 2016 22:43:54 +0100 Subject: dotdot: allow an empty input string too It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input. --- lib/dotdot.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/dotdot.c b/lib/dotdot.c index ae169411d..1734efe6b 100644 --- a/lib/dotdot.c +++ b/lib/dotdot.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,6 +35,7 @@ /* * Curl_dedotdotify() + * @unittest: 1395 * * This function gets a zero-terminated path with dot and dotdot sequences * passed in and strips them off according to the rules in RFC 3986 section @@ -68,6 +69,12 @@ char *Curl_dedotdotify(const char *input) orgclone = clone; outptr = out; + if(!*clone) { + /* zero length string, return that */ + free(out); + return clone; + } + /* * To handle query-parts properly, we must find it and remove it during the * dotdot-operation and then append it again at the end to the output -- cgit v1.2.3