From 771e70eba45b739036b7f5bf78de27d7a11f2f38 Mon Sep 17 00:00:00 2001
From: Steve Pinkham <steve.pinkham@gmail.com>
Date: Sat, 17 Mar 2012 10:06:56 -0400
Subject: [PATCH] 2.05b: crash and redirect fixes

- Fixed a NULL pointer crash when adding "callback" tests to JavaScript
  URLs that have a parameter with no value.
- Bug fix in the redirect callback which expected 2 responses but
  since 2.04b actually should process 4.
---
 ChangeLog     | 12 +++++++++---
 Makefile      |  2 +-
 crawler.c     |  2 +-
 http_client.c |  4 ++--
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a90ccf8..7b77300 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Version 2.05b:
+--------------
+
+  - Fixed a NULL pointer crash when adding "callback" tests to JavaScript
+    URLs that have a parameter with no value.
+
+  - Bug fix in the redirect callback which expected 2 responses but
+    since 2.04b actually should process 4.
+
 Version 2.04b:
 --------------
 
@@ -26,9 +35,6 @@ Version 2.04b:
 
   - Bugfix to es / eg handling in dictionaries.
 
-  - Added the "complete-fast.wl" wordlist which is an es / eg optimized
-    version of "complete.wl" (resulting in 20-30% fewer requests).
-
 
 Version 2.03b:
 --------------
diff --git a/Makefile b/Makefile
index 048debc..d62a235 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 2.04b
+VERSION    = 2.05b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
diff --git a/crawler.c b/crawler.c
index b7584b2..67895e4 100644
--- a/crawler.c
+++ b/crawler.c
@@ -1435,7 +1435,7 @@ static u8 inject_redir_check(struct http_request* req,
 
 schedule_next:
 
-  if (req->user_val != 2) return 0;
+  if (req->user_val != 4) return 0;
 
   /* Header splitting - 2 requests */
 
diff --git a/http_client.c b/http_client.c
index 9623fae..15d1d78 100644
--- a/http_client.c
+++ b/http_client.c
@@ -125,7 +125,8 @@ u8* get_value(u8 type, u8* name, u32 offset,
 
   for (i=0;i<par->c;i++) {
     if (type != par->t[i]) continue;
-    if (name && strcasecmp((char*)par->n[i], (char*)name)) continue;
+    if (name && (!par->n[i] || strcasecmp((char*)par->n[i], (char*)name)))
+      continue;
     if (offset != coff) { coff++; continue; }
     return par->v[i];
   }
@@ -2648,4 +2649,3 @@ void http_req_list(void) {
   }
 
 }
-