From 535d2343fb33fd5be276ae0ce90987becfc56e79 Mon Sep 17 00:00:00 2001 From: John Thacker Date: Wed, 8 Apr 2026 15:18:51 -0400 Subject: [PATCH] HTTP: Check strstr() return before incrementing and dereferencing Same fix as e5adf89f95f28266d41bc195378d0567273047de but in the other branch. Fix #21173 AI-Assisted: no (cherry picked from commit 78311470b0f9309dfd8972c62957d355a638fe63) Co-authored-by: John Thacker --- epan/dissectors/packet-http.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) Index: wireshark-3.6.24/epan/dissectors/packet-http.c =================================================================== --- wireshark-3.6.24.orig/epan/dissectors/packet-http.c +++ wireshark-3.6.24/epan/dissectors/packet-http.c @@ -856,8 +856,13 @@ determine_http_location_target(const gch } /* Otherwise, it replaces the last element in the URI */ else { - gchar *scheme_end = strstr(base_url_no_query, "://") + 3; - gchar *end_of_path = g_strrstr(scheme_end, "/"); + char *scheme_end; + + scheme_end = strstr(base_url_no_query, "://"); + if (!(scheme_end)) { + return NULL; + } + scheme_end += strlen("://"); gchar *end_of_path = g_strrstr(scheme_end, "/"); if (end_of_path != NULL) { gint base_through_path = (gint) (end_of_path - base_url_no_query);