From a96931e9442dd9543e23a08c31fda750af861450 Mon Sep 17 00:00:00 2001
From: Kyle Hubert <khubert@lottle.net>
Date: Thu, 25 Mar 2010 12:07:45 -0700
Subject: [PATCH] Modify http_conn_parse_url to do more sanity checking. In
 particular, a URL was being parsed "/PageNotFound.htm", which eventually
 causes host_port's g_strsplit to not have two elements in the returned array.
 When the code did this:

if (port) *port = parts[1] ? atoi(parts[1]) : port_tmp;

parts[1] was uninitialized with an address out of range. This caused a
segfault.
---
 src/core/http-conn.c | 54 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 39 insertions(+), 15 deletions(-)

diff --git a/src/core/http-conn.c b/src/core/http-conn.c
index c18f980d..51c991cb 100644
--- a/src/core/http-conn.c
+++ b/src/core/http-conn.c
@@ -175,24 +175,48 @@ http_conn_parse_url(const char *url,
 		    int *port,
 		    char **rel_url)
 {
-	char **parts = g_strsplit(url, "://", 2);
-	char *no_proto = parts[1] ? g_strdup(parts[1]) : g_strdup(parts[0]);
-	int port_tmp = sipe_strequal(parts[0], "https") ? 443 : 80;
-	char *tmp;
-	char *host_port;
+        char **parts = g_strsplit(url, "://", 2);
+        char *no_proto;
+        int port_tmp;
+        char *tmp;
+        char *host_port;
+
+        if(!parts) {
+                return;
+        } else if(!parts[0]) {
+                g_strfreev(parts);
+                return;
+        }
+
+        no_proto = parts[1] ? g_strdup(parts[1]) : g_strdup(parts[0]);
+        port_tmp = sipe_strequal(parts[0], "https") ? 443 : 80;
+
+        if(!no_proto) {
+		return;
+        }
+
+        g_strfreev(parts);
+        tmp = strstr(no_proto, "/");
+        if (tmp && rel_url) *rel_url = g_strdup(tmp);
+        host_port = tmp ? g_strndup(no_proto, tmp - no_proto) : g_strdup(no_proto);
+        g_free(no_proto);
 
-	g_strfreev(parts);
-	tmp = strstr(no_proto, "/");
-	if (tmp && rel_url) *rel_url = g_strdup(tmp);
-	host_port = tmp ? g_strndup(no_proto, tmp - no_proto) : g_strdup(no_proto);
-	g_free(no_proto);
+        if(!host_port) {
+                return;
+        }
 
-	parts = g_strsplit(host_port, ":", 2);
-	if (host) *host = g_strdup(parts[0]);
-	if (port) *port = parts[1] ? atoi(parts[1]) : port_tmp;
-	g_strfreev(parts);
+        parts = g_strsplit(host_port, ":", 2);
+
+        if(parts) {
+                if (host) *host = g_strdup(parts[0]);
+                if(parts[0]) {
+			port_tmp = parts[1] ? atoi(parts[1]) : port_tmp;
+                }
+                if (port) *port = port_tmp;
+                g_strfreev(parts);
+        }
 
-	g_free(host_port);
+        g_free(host_port);
 }
 
 static void
-- 
2.11.4.GIT