--- src/sgDiv.c.orig	2009-02-12 07:31:57.000000000 -0600
+++ src/sgDiv.c	2008-06-13 11:52:17.000000000 -0500
@@ -94,6 +94,9 @@
 {
   char *p, *d = NULL, *a = NULL, *e = NULL, *o, *field;
   int i = 0;
+  int report_once = 1;
+  int trailingdot = 0;
+  size_t strsz;
   char c;
   int ndx = 0;
   
@@ -126,22 +129,38 @@
     */
     /* Fix for multiple slash vulnerability (bug1). */
     /* Check if there are still two or more slashes in sequence which must not happen */
-    int report_once = 1;
+    strsz = strlen(p);
 
-    /* loop thru the string 'p' until the char '?' is hit */
+    /* loop thru the string 'p' until the char '?' is hit or the "end" is hit */
     while('?' != p[ndx] && '\0' != p[ndx])
     {
-      /* if this char and the next char are slashes, 
-         then shift the rest of the string left one char */
-      if('/' == p[ndx] && '/' == p[ndx+1])
-      {
-        size_t sz = strlen(p+ndx+1);
-        strncpy(p+ndx,p+ndx+1, sz);
-        p[ndx+sz] = '\0';
-        if(1 == report_once) {
-          sgLogError("Warning: Possible bypass attempt. Found multiple slashes where only one is expected: %s", s->orig);
-          report_once--;
+        /* in case this is a '://' skip over it, but try to not read past EOS */
+        if(3 <= strsz-ndx) {
+          if(':' == p[ndx] && '/' == p[ndx+1] && '/' == p[ndx+2]) {
+           ndx+=3; /* 3 == strlen("://"); */
+          }
         }
+        
+       /* if this char and the next char are slashes,
+ *           then shift the rest of the string left one char */
+       if('/' == p[ndx] && '/' == p[ndx+1]) {
+         size_t sz = strlen(p+ndx+1);
+         strncpy(p+ndx,p+ndx+1, sz);
+         p[ndx+sz] = '\0';
+          if(1 == report_once) {
+            sgLogError("Warning: Possible bypass attempt. Found multiple slashes where only one is expected: %s", s->orig);
+            report_once--;
+          }
+      }
+      else if ('.' == p[ndx] && '/' == p[ndx+1] && trailingdot == 0) {
+      /* If the domain has trailing dot, remove (problem found with squid 3.0 stable1-5) the trailing dot (fixes bug 38). */
+      /* if this char is a dot and the next char is a slash, then shift the rest of the string left one char */
+      /* We do this only the first time it is encountered. */
+         trailingdot++;
+         size_t sz = strlen(p+ndx+1);
+         strncpy(p+ndx,p+ndx+1, sz);
+         p[ndx+sz] = '\0';
+         sgLogError("Warning: Possible bypass attempt. Found a trailing dot in the domain name: %s", s->orig); 
       }
       else
       {
@@ -537,13 +556,13 @@
 #endif
 {
   struct sgRegExp *re;
-  regmatch_t pm[10];
+  regmatch_t pm;
   static char newstring[MAX_BUF];
   char *result = NULL, *p;
   int substlen;
   *newstring='\0';
   for(re = regexp; re != NULL; re = re->next){
-    if (regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, 0) != 0){
+    if (regexec (re->compiled, pattern, 1, &pm, 0) != 0){
       result = NULL;
     } else {
       substlen = strlen(re->substitute);
@@ -553,65 +572,14 @@
 	*newstring = '\0';
       p = newstring;
       do {
-	if((p - newstring)+ pm[0].rm_so  >= MAX_BUF)
+	if((p - newstring)+ pm.rm_so  >= MAX_BUF)
 	  break;
-      p = strncat(newstring,pattern,pm[0].rm_so);
-      {
-          char *p_cur;
-          char *p_next;
-
-          for (p_next = p_cur = re->substitute;
-              p_next < (re->substitute + substlen);
-              p_next++)
-          {
-              if (*p_next == '\\')
-              {
-                  if (p_cur < p_next)
-                  {
-                      if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
-                          goto err;
-                      p = strncat(newstring, p_cur, p_next - p_cur);
-                  }
-                  p_next++;
-                  if (p_next < (re->substitute + substlen)
-                      && '0' <= *p_next && *p_next <= '9')
-                  {
-                      int i = *p_next - '0';
-                      if ((p - newstring) + (pm[i].rm_eo - pm[i].rm_so) >= MAX_BUF)
-                          goto err;
-                      p = strncat(newstring, pattern + pm[i].rm_so, pm[i].rm_eo - pm[i].rm_so);
-                  }
-                  else
-                  {
-                      if ((p - newstring + 1) >= MAX_BUF)
-                          goto err;
-                      p = strncat(newstring, p_next, 1);
-                  }
-                  p_cur = p_next + 1;
-              }
-              else if (*p_next == '&')
-              {
-                  if (p_cur < p_next)
-                  {
-                      if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
-                          goto err;
-                      p = strncat(newstring, p_cur, p_next - p_cur);
-                  }
-                  if (((p - newstring) + (pm[0].rm_eo - pm[0].rm_so)) >= MAX_BUF)
-                      goto err;
-                  p = strncat(newstring, pattern + pm[0].rm_so, pm[0].rm_eo - pm[0].rm_so);
-                  p_cur = p_next + 1;
-              }
-          }
-          if (p_cur < p_next)
-          {
-              if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
-                  goto err;
-              p = strncat(newstring, p_cur, p_next - p_cur);
-          }
-      }
-      pattern = pattern + pm[0].rm_eo;
-     } while(regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, REG_NOTBOL)== 0 &&
+	p = strncat(newstring,pattern,pm.rm_so);
+	if((p - newstring)+ substlen  >= MAX_BUF)
+	  break;
+	p = strcat(newstring,re->substitute);	
+	pattern = pattern + pm.rm_eo;
+      } while(regexec (re->compiled, pattern, 1, &pm, REG_NOTBOL)== 0 &&
 	      re->global);
       if((p - newstring)+ strlen(pattern)  <= MAX_BUF)
 	p = strcat(newstring,pattern);
@@ -619,7 +587,6 @@
       break;
     }
   }
-err:
   return result;
 }