dotdot: allow an empty input string too

It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.

Extended unit test 1395 to verify this too as well as a plain "/" input.

diff --git a/lib/dotdot.c b/lib/dotdot.c
index ae169411deeefdb6e7de0b28d260c6c3d39321c2..1734efe6b8bbccdf92bd8525de0317fdecee64ce 100644 (file)
--- a/lib/dotdot.c
+++ b/lib/dotdot.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -35,6 +35,7 @@
 
 /*
  * Curl_dedotdotify()
+ * @unittest: 1395
  *
  * This function gets a zero-terminated path with dot and dotdot sequences
  * passed in and strips them off according to the rules in RFC 3986 section
@@ -68,6 +69,12 @@ char *Curl_dedotdotify(const char *input)
   orgclone = clone;
   outptr = out;
 
+  if(!*clone) {
+    /* zero length string, return that */
+    free(out);
+    return clone;
+  }
+
   /*
    * To handle query-parts properly, we must find it and remove it during the
    * dotdot-operation and then append it again at the end to the output

diff --git a/tests/unit/unit1395.c b/tests/unit/unit1395.c
index 6f9fc8c38999b026e5eb0d9442f039375be01de4..cfbba37d7fc17a69c8f33ae8842cd5bd6ef9d5b0 100644 (file)
--- a/tests/unit/unit1395.c
+++ b/tests/unit/unit1395.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -62,6 +62,9 @@ UNITTEST_START
     { "/../../moo?andnot/../yay", "/moo?andnot/../yay"},
     { "/123?foo=/./&bar=/../", "/123?foo=/./&bar=/../"},
     { "/../moo/..?what", "/?what" },
+    { "/", "/" },
+    { "", "" },
+    { "/.../", "/.../" },
   };
 
   for(i=0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {