From c80c823da25bcc67d89158f339be7cfb93c45f50 Mon Sep 17 00:00:00 2001
From: Tom MacWright <tom@macwright.org>
Date: Mon, 26 Oct 2015 13:51:53 -0400
Subject: [core] Ensure URL normalization is safe. Fixes #2695

---
 src/mbgl/util/mapbox.cpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src/mbgl')

diff --git a/src/mbgl/util/mapbox.cpp b/src/mbgl/util/mapbox.cpp
index 9a97f281d9..0798607467 100644
--- a/src/mbgl/util/mapbox.cpp
+++ b/src/mbgl/util/mapbox.cpp
@@ -1,4 +1,5 @@
 #include <mbgl/util/mapbox.hpp>
+#include <mbgl/platform/log.hpp>
 
 #include <stdexcept>
 #include <vector>
@@ -50,6 +51,12 @@ std::string normalizeStyleURL(const std::string& url, const std::string& accessT
     }
 
     std::vector<std::string> pathname = getMapboxURLPathname(url);
+
+    if (pathname.size() < 3) {
+        Log::Error(Event::ParseStyle, "Invalid style URL");
+        return url;
+    }
+
     std::string user = pathname[1];
     std::string id = pathname[2];
     bool isDraft = pathname.size() > 3;
@@ -62,6 +69,12 @@ std::string normalizeSpriteURL(const std::string& url, const std::string& access
     }
 
     std::vector<std::string> pathname = getMapboxURLPathname(url);
+
+    if (pathname.size() < 3) {
+        Log::Error(Event::ParseStyle, "Invalid sprite URL");
+        return url;
+    }
+
     std::string user = pathname[1];
     bool isDraft = pathname.size() > 3;
 
@@ -85,6 +98,12 @@ std::string normalizeGlyphsURL(const std::string& url, const std::string& access
     }
 
     std::vector<std::string> pathname = getMapboxURLPathname(url);
+
+    if (pathname.size() < 4) {
+      Log::Error(Event::ParseStyle, "Invalid glyph URL");
+      return url;
+    }
+
     std::string user = pathname[1];
     std::string fontstack = pathname[2];
     std::string range = pathname[3];
-- 
cgit v1.2.1