dotdot: allow an empty input string too

It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.

Extended unit test 1395 to verify this too as well as a plain "/" input.
This commit is contained in:
Daniel Stenberg 2016-02-02 22:43:54 +01:00
parent 6b485c7407
commit 41ae9f717a
2 changed files with 12 additions and 2 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -35,6 +35,7 @@
/*
* Curl_dedotdotify()
* @unittest: 1395
*
* This function gets a zero-terminated path with dot and dotdot sequences
* passed in and strips them off according to the rules in RFC 3986 section
@ -68,6 +69,12 @@ char *Curl_dedotdotify(const char *input)
orgclone = clone;
outptr = out;
if(!*clone) {
/* zero length string, return that */
free(out);
return clone;
}
/*
* To handle query-parts properly, we must find it and remove it during the
* dotdot-operation and then append it again at the end to the output

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -62,6 +62,9 @@ UNITTEST_START
{ "/../../moo?andnot/../yay", "/moo?andnot/../yay"},
{ "/123?foo=/./&bar=/../", "/123?foo=/./&bar=/../"},
{ "/../moo/..?what", "/?what" },
{ "/", "/" },
{ "", "" },
{ "/.../", "/.../" },
};
for(i=0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {