- fix possible crash with http_redirect() and http_build_url() called without parameters

diff --git a/http_functions.c b/http_functions.c
index ad2e3d2419616385a7c344c9189ab0b69e0600e9..550ce8ff7934169059a07e28a842c63f4a094525 100644 (file)
--- a/http_functions.c
+++ b/http_functions.c
@@ -62,7 +62,7 @@ PHP_FUNCTION(http_date)
 }
 /* }}} */
 
-/* {{{ proto string http_build_url(mixed url[, mixed parts[, int flags = HTTP_URL_REPLACE[, array &new_url]]])
+/* {{{ proto string http_build_url([mixed url[, mixed parts[, int flags = HTTP_URL_REPLACE[, array &new_url]]]])
  *
  * Build an URL.
  *
@@ -112,7 +112,7 @@ PHP_FUNCTION(http_build_url)
        zval *z_old_url = NULL, *z_new_url = NULL, *z_composed_url = NULL;
        php_url *old_url = NULL, *new_url = NULL, *composed_url = NULL;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z/|z/lz", &z_old_url, &z_new_url, &flags, &z_composed_url) != SUCCESS) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|z/z/lz", &z_old_url, &z_new_url, &flags, &z_composed_url) != SUCCESS) {
                RETURN_FALSE;
        }
        
@@ -128,16 +128,18 @@ PHP_FUNCTION(http_build_url)
                }
        }
        
-       if (Z_TYPE_P(z_old_url) == IS_ARRAY || Z_TYPE_P(z_old_url) == IS_OBJECT) {
-               old_url = array2url(HASH_OF(z_old_url));
-       } else {
-               convert_to_string(z_old_url);
-               if (!(old_url = php_url_parse_ex(Z_STRVAL_P(z_old_url), Z_STRLEN_P(z_old_url)))) {
-                       if (new_url) {
-                               php_url_free(new_url);
+       if (z_old_url) {
+               if (Z_TYPE_P(z_old_url) == IS_ARRAY || Z_TYPE_P(z_old_url) == IS_OBJECT) {
+                       old_url = array2url(HASH_OF(z_old_url));
+               } else {
+                       convert_to_string(z_old_url);
+                       if (!(old_url = php_url_parse_ex(Z_STRVAL_P(z_old_url), Z_STRLEN_P(z_old_url)))) {
+                               if (new_url) {
+                                       php_url_free(new_url);
+                               }
+                               http_error_ex(HE_WARNING, HTTP_E_URL, "Could not parse URL (%s)", Z_STRVAL_P(z_old_url));
+                               RETURN_FALSE;
                        }
-                       http_error_ex(HE_WARNING, HTTP_E_URL, "Could not parse URL (%s)", Z_STRVAL_P(z_old_url));
-                       RETURN_FALSE;
                }
        }
        
@@ -739,7 +741,7 @@ PHP_FUNCTION(http_throttle)
  */
 PHP_FUNCTION(http_redirect)
 {
-       int url_len;
+       int url_len = 0;
        size_t query_len = 0;
        zend_bool session = 0, free_params = 0;
        zval *params = NULL;

diff --git a/http_url_api.c b/http_url_api.c
index cb0aeb5bd05d0eabcbfd018d71a4c30402d8e1ff..cb1b82f89363cdc7beb89668d784a916598d87a6 100644 (file)
--- a/http_url_api.c
+++ b/http_url_api.c
@@ -66,10 +66,15 @@ PHP_MINIT_FUNCTION(http_url)
 
 PHP_HTTP_API char *_http_absolute_url(const char *url TSRMLS_DC)
 {
-       char *abs = estrdup(url);
-       php_url *purl = php_url_parse(abs);
+       char *abs = NULL;
+       php_url *purl = NULL;
        
-       STR_SET(abs, NULL);
+       if (url) {
+               purl = php_url_parse(abs = estrdup(url));
+               STR_SET(abs, NULL);
+       } else {
+               purl = ecalloc(1, sizeof(php_url));
+       }
        
        if (purl) {
                http_build_url(0, purl, NULL, NULL, &abs, NULL);