>From 36a6809e6786797498e5693f19cafd82dd7ab034 Mon Sep 17 00:00:00 2001
From: Matthew White <address@hidden>
Date: Fri, 5 Aug 2016 05:30:18 +0200
Subject: [PATCH] Bugfix: Avoid segmentation fault in Metalink module

* src/metalink.c (badhash_suffix, badhash_or_remove): If name is NULL,
  DEBUGP the error and return the function

The bug is generated calling badhash_suffix() and badhash_or_remove()
with filename unset as argument.

In the following conditions filename is left unset:
* src/metalink.c (retrieve_from_metalink): src/utils.c (unique_create):
  Cannot handle "path/file" formats, so filename is left unset
* src/metalink.c (retrieve_from_metalink): Since commit
  e0b60fd0736c7f25642b0cb7cdfc0dd74f1d6d6f: With --continue, filename
  is left unset

Bug causing factor:
* src/metalink.c (retrieve_from_metalink: line 166):
  'output_stream = fopen (mfile->name, "ab");': Appending to file seems
  to generate the segmentation fault when filename is unset
---
 src/metalink.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/metalink.c b/src/metalink.c
index fd6d0e2..2ca0b18 100644
--- a/src/metalink.c
+++ b/src/metalink.c
@@ -563,6 +563,13 @@ badhash_suffix (char *name)
 {
   char *bhash, *uname;
 
+  /* Bugfix: Avoid segmentation fault if name is NULL.  */
+  if (!name)
+    {
+      DEBUGP (("badhash_suffix: name is NULL\n"));
+      return;
+    }
+
   bhash = concat_strings (name, ".badhash", (char *)0);
   uname = unique_name (bhash, false);
 
@@ -586,6 +593,13 @@ badhash_suffix (char *name)
 void
 badhash_or_remove (char *name)
 {
+  /* Bugfix: Avoid segmentation fault if name is NULL.  */
+  if (!name)
+    {
+      DEBUGP (("badhash_suffix: name is NULL\n"));
+      return;
+    }
+
   if (opt.delete_after || !opt.keep_badhash)
     {
       logprintf (LOG_VERBOSE, _("Removing %s.\n"), quote (name));
-- 
2.7.3