dotdot: allow an empty input string too

It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.

Extended unit test 1395 to verify this too as well as a plain "/" input.

lib/dotdot.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -35,6 +35,7 @@
 
 /*
  * Curl_dedotdotify()
+ * @unittest: 1395
  *
  * This function gets a zero-terminated path with dot and dotdot sequences
  * passed in and strips them off according to the rules in RFC 3986 section
@@ -68,6 +69,12 @@ char *Curl_dedotdotify(const char *input)
   orgclone = clone;
   outptr = out;
 
+  if(!*clone) {
+    /* zero length string, return that */
+    free(out);
+    return clone;
+  }
+
   /*
    * To handle query-parts properly, we must find it and remove it during the
    * dotdot-operation and then append it again at the end to the output

tests/unit/unit1395.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -62,6 +62,9 @@ UNITTEST_START
     { "/../../moo?andnot/../yay", "/moo?andnot/../yay"},
     { "/123?foo=/./&bar=/../", "/123?foo=/./&bar=/../"},
     { "/../moo/..?what", "/?what" },
+    { "/", "/" },
+    { "", "" },
+    { "/.../", "/.../" },
   };
 
   for(i=0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {