File SQUID-2020_11.patch of Package squid.31747
commit 50e0ba1b03ec39720e981a641bb0d4e73aaa7b94
Author: Amos Jeffries <yadij@users.noreply.github.com>
Date: 2020-09-04 17:38:30 +1200
Merge pull request from GHSA-jvf6-h9gj-pmj6
* Add slash prefix to path-rootless or path-noscheme URLs
* Update src/anyp/Uri.cc
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
* restore file trailer GH auto-removes
* Remove redundant path-empty check
* Removed stale comment left behind by b2ab59a
Many things imply a leading `/` in a URI. Their enumeration is likely to
(and did) become stale, misleading the reader.
* fixup: Remind that the `src` iterator may be at its end
We are dereferencing `src` without comparing it to `\0`.
To many readers that (incorrectly) implies that we are not done iterating yet.
Also fixed branch-added comment indentation.
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
Index: squid-3.5.21/src/url.cc
===================================================================
--- squid-3.5.21.orig/src/url.cc
+++ squid-3.5.21/src/url.cc
@@ -355,8 +355,9 @@ urlParse(const HttpRequestMethod& method
return NULL;
*dst = '\0';
- // bug 3074: received 'path' starting with '?', '#', or '\0' implies '/'
- if (*src == '?' || *src == '#' || *src == '\0') {
+ // We are looking at path-abempty.
+ if (*src != '/') {
+ // path-empty, including the end of the `src` c-string cases
urlpath[0] = '/';
dst = &urlpath[1];
} else {
@@ -370,11 +371,6 @@ urlParse(const HttpRequestMethod& method
/* We -could- be at the end of the buffer here */
if (i > l)
return NULL;
- /* If the URL path is empty we set it to be "/" */
- if (dst == urlpath) {
- *dst = '/';
- ++dst;
- }
*dst = '\0';
// port = scheme.defaultPort(); // may be reset later
