src: avoid dereference without existence check

Currently the URL API is only used from the JS binding, which always initializes `base` regardless of `has_base`. Therefore, there is no actual security risk right now, but would be had we made other C++ parts of Node.js use this API. An earlier version of this patch was created by Bradley Farias <bradley.meck@gmail.com>. PR-URL: https://github.com/nodejs/node/pull/14591 Refs: https://github.com/nodejs/node/pull/14369#discussion_r128767221 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
author: Timothy Gu <timothygu99@gmail.com> 2017-08-05 11:57:10 +0300
committer: Timothy Gu <timothygu99@gmail.com> 2017-08-06 10:10:59 +0300
commit: e96ca62480c6fc14952c81a3e24835b91d6c849e (patch)
tree: 7055d5eeaa7999849d1ac166f6f05b62b7e2271c /src/node_url.cc
parent: ff65a2e0517052eb135c54d9ab7b860134b33e69 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/node_url.cc b/src/node_url.cc
index 54dbc3a053b..01e46eb7643 100644
--- a/src/node_url.cc
+++ b/src/node_url.cc
@@ -1283,7 +1283,7 @@ void URL::Parse(const char* input,
         }
         break;
       case kNoScheme:
-        cannot_be_base = base->flags & URL_FLAGS_CANNOT_BE_BASE;
+        cannot_be_base = has_base && (base->flags & URL_FLAGS_CANNOT_BE_BASE);
         if (!has_base || (cannot_be_base && ch != '#')) {
           url->flags |= URL_FLAGS_FAILED;
           return;
author	Timothy Gu <timothygu99@gmail.com>	2017-08-05 11:57:10 +0300
committer	Timothy Gu <timothygu99@gmail.com>	2017-08-06 10:10:59 +0300
commit	e96ca62480c6fc14952c81a3e24835b91d6c849e (patch)
tree	7055d5eeaa7999849d1ac166f6f05b62b7e2271c /src/node_url.cc
parent	ff65a2e0517052eb135c54d9ab7b860134b33e69 (diff)