From b2f504f975ea6d820b8293603fb8c8551c9f8d04 Mon Sep 17 00:00:00 2001
From: Emil Mikulic <emikulic@gmail.com>
Date: Sat, 22 Nov 2003 11:29:44 +0000
Subject: [PATCH] . Add consolidate_slashes(). . make_safe_uri() may modify the
 URI string given to it. . SAFE() and UNSAFE() don't pass const strings to
 make_safe_uri().

---
 trunk/darkhttpd.c | 49 ++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 40 insertions(+), 9 deletions(-)

diff --git a/trunk/darkhttpd.c b/trunk/darkhttpd.c
index 13b4013..c0b2119 100644
--- a/trunk/darkhttpd.c
+++ b/trunk/darkhttpd.c
@@ -400,18 +400,50 @@ static char *split_string(const char *src,
 
 
 
+/* ---------------------------------------------------------------------------
+ * Consolidate slashes in-place.
+ */
+static void consolidate_slashes(char *s)
+{
+    size_t left = 0, right = 0;
+    int saw_slash = 0;
+
+    assert(s != NULL);
+
+    while (s[right] != '\0')
+    {
+        if (saw_slash)
+        {
+            if (s[right] == '/') right++;
+            else
+            {
+                saw_slash = 0;
+                s[left++] = s[right++];
+            }
+        }
+        else
+        {
+            if (s[right] == '/') saw_slash++;
+            s[left++] = s[right++];
+        }
+    }
+    s[left] = '\0';
+}
+
+
+
 /* ---------------------------------------------------------------------------
  * Resolve /./ and /../ in a URI, returing a new, safe URI, or NULL if the URI
  * is invalid/unsafe.  Returned buffer needs to be deallocated.
  */
-static char *make_safe_uri(const char *uri)
+static char *make_safe_uri(char *uri)
 {
     char **elements, **reassembly, *out;
     unsigned int slashes, elem, reasm, urilen, i, j;
 
     assert(uri != NULL);
-
     if (uri[0] != '/') return NULL;
+    consolidate_slashes(uri);
     urilen = (unsigned int)strlen(uri);
 
     /* count the slashes */
@@ -515,11 +547,10 @@ static char *make_safe_uri(const char *uri)
 /* Unit test for make_safe_uri() */
 static void test_make_safe_uri(void)
 {
-    char *tmp;
-    #define SAFE(from,to) do { \
-        tmp = make_safe_uri(from); if (strcmp(tmp, to) != 0) \
+    #define SAFE(from,to) do { char *uri = xstrdup(from), *tmp;\
+        tmp = make_safe_uri(uri); if (strcmp(tmp, to) != 0) \
         debugf("FAIL: `%s' -> `%s', expecting `%s'\n", from, tmp, to); \
-        free(tmp); } while(0)
+        free(tmp); free(uri); } while(0)
 
     SAFE("/", "/");
     SAFE("//", "/");
@@ -546,10 +577,10 @@ static void test_make_safe_uri(void)
 
     #undef SAFE
 
-    #define UNSAFE(x) do { \
-        tmp = make_safe_uri(x); if (tmp != NULL) { \
+    #define UNSAFE(x) do { char *uri = xstrdup(x), *tmp;\
+        tmp = make_safe_uri(uri); if (tmp != NULL) { \
         debugf("FAIL: `%s' is UNSAFE, not `%s'\n", x, tmp); \
-        free(tmp); } } while(0)
+        free(tmp); }; free(uri); } while(0)
 
     UNSAFE("/..");
     UNSAFE("/../");