From: Pierrick Charron <pierrick@php.net>
Date: Sat, 21 Nov 2009 01:22:32 +0000 (+0000)
Subject: Fixed bug #50219 (soap call Segmentation fault on a redirected url).
X-Git-Tag: php-5.2.12RC2~32
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8f3677601eb597254acbbb4b5bba6e44160c3e0a;p=php

Fixed bug #50219 (soap call Segmentation fault on a redirected url).
---

diff --git a/NEWS b/NEWS
index 8e29ed6599..760c1e3715 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Changed "post_max_size" php.ini directive to allow unlimited post size by
   setting it to 0. (Rasmus)
 
+- Fixed bug #50219 (soap call Segmentation fault on a redirected url).
+  (Pierrick)
 - Fixed bug #50207 (segmentation fault when concatenating very large strings
   on 64bit linux). (Ilia)
 - Fixed bug #50185 (ldap_get_entries() return false instead of an empty array
diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 17c72a7fb3..e2c149ed5a 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -931,12 +931,20 @@ try_again:
 					new_url->host = phpurl->host ? estrdup(phpurl->host) : NULL;
 					new_url->port = phpurl->port;
 					if (new_url->path && new_url->path[0] != '/') {
-						char *t = phpurl->path;
-						char *p = strrchr(t, '/');
-						if (p) {
-							char *s = emalloc((p - t) + strlen(new_url->path) + 2);
-							strncpy(s, t, (p - t) + 1);
-							s[(p - t) + 1] = 0;
+						if (phpurl->path) {
+							char *t = phpurl->path;
+							char *p = strrchr(t, '/');
+							if (p) {
+								char *s = emalloc((p - t) + strlen(new_url->path) + 2);
+								strncpy(s, t, (p - t) + 1);
+								s[(p - t) + 1] = 0;
+								strcat(s, new_url->path);
+								efree(new_url->path);
+								new_url->path = s;
+							} 
+						} else {
+							char *s = emalloc(strlen(new_url->path) + 2);
+							s[0] = '/'; s[1] = 0;
 							strcat(s, new_url->path);
 							efree(new_url->path);
 							new_url->path = s;