- In decode_url()

- Use '\0' instead of 0 to hint that it's in a character context.
  - Don't realloc - this wastes more time than it saves memory.
- Don't forget to free decoded url if it's found to be unsafe!

trunk/darkhttpd.c

@@ -1316,10 +1316,8 @@ static char *urldecode(const char *url)
             out[pos++] = url[i];
         }
     }
-    out[pos] = 0;
+    out[pos] = '\0';
-
+    return (out);
-    out = xrealloc(out, strlen(out)+1);  /* dealloc what we don't need */
-    return out;
 }
 
 
@@ -1769,6 +1767,7 @@ static void process_get(struct connection *conn)
     if (make_safe_uri(decoded_url) == NULL) {
         default_reply(conn, 400, "Bad Request",
             "You requested an invalid URI: %s", conn->uri);
+        free(decoded_url);
         return;
     }