Index: libproxy/url.cpp
===================================================================
--- libproxy/url.cpp.orig
+++ libproxy/url.cpp
@@ -36,12 +36,9 @@
 
 #ifdef WIN32
 #include <io.h>
-#define pfsize(st) (st.st_size)
 #define close _close
 #define read _read
 #define SHUT_RDWR SD_BOTH
-#else
-#define pfsize(st) (st.st_blksize * st.st_blocks)
 #endif
 
 #include "url.hpp"
@@ -56,13 +53,6 @@ using namespace std;
 // This is the maximum pac size (to avoid memory attacks)
 #define PAC_MAX_SIZE 102400
 
-const string url::GENERIC_DELIMITERS(":/?#[]@");
-const string url::SUBCOMPONENT_DELIMITERS("!$&'()*+,;=");
-const string url::ALLOWED_IN_USERINFO_ELEMENT(url::SUBCOMPONENT_DELIMITERS);
-const string url::ALLOWED_IN_USERINFO(url::ALLOWED_IN_USERINFO_ELEMENT + ":");
-const string url::ALLOWED_IN_PATH_ELEMENT(url::SUBCOMPONENT_DELIMITERS + ":@");
-const string url::ALLOWED_IN_PATH(url::ALLOWED_IN_PATH_ELEMENT + "/");
-
 static inline int get_default_port(string scheme) {
 	struct servent *serv;
 	size_t plus = scheme.find('+');
@@ -109,8 +99,8 @@ bool url::is_valid(const string url_) {
 
 string url::encode(const string &data, const string &valid_reserved) {
 	ostringstream encoded;
-	for (int i=0; data[i]; i++) {
-		if (isalnum(data[i])
+	for (unsigned int i=0; i < data.size(); i++) {
+		if (isalnum((unsigned char)data[i])
 				|| valid_reserved.find(data[i]) != string::npos
 				|| string("-._~").find(data[i]) != string::npos)
 			encoded << data[i];
@@ -211,7 +201,8 @@ url::url(const string &url) throw(parse_
 			host_start = userinfo_end + 1;
 
 		/* Check for IPv6 IP */
-		if (hier_part[host_start] == '[') {
+		if (host_start < hier_part.size()
+                    && hier_part[host_start] == '[') {
 			host_end = hier_part.find(']', host_start);
 			if (host_end == string::npos)
 				throw parse_error("Invalid URL: " + url);
@@ -232,7 +223,7 @@ url::url(const string &url) throw(parse_
 		/* Get port */
 		m_port = get_default_port(m_scheme);
 
-		if (host_end != hier_part.size()
+		if (host_end < hier_part.size()
 			&& hier_part[host_end] == ':') {
 			size_t port_start = host_end + 1;
 			m_port = atoi(hier_part.c_str() + port_start);
@@ -400,10 +391,12 @@ char* url::get_pac() {
 		struct stat st;
 		if ((sock = ::open(m_path.c_str(), O_RDONLY)) < 0)
 			return NULL;
-		if (!fstat(sock, &st) && pfsize(st) < PAC_MAX_SIZE) {
-			buffer = new char[pfsize(st)+1];
-			if (read(sock, buffer, pfsize(st)) == 0) {
-				delete buffer;
+
+		if (!fstat(sock, &st) && st.st_size < PAC_MAX_SIZE) {
+			buffer = new char[st.st_size+1];
+			memset(buffer, 0, st.st_size+1);
+			if (read(sock, buffer, st.st_size) == 0) {
+				delete[] buffer;
 				buffer = NULL;
 			}
 		}
Index: libproxy/modules/config_gnome.cpp
===================================================================
--- libproxy/modules/config_gnome.cpp.orig
+++ libproxy/modules/config_gnome.cpp
@@ -102,10 +102,8 @@ static int popen2(const char *program, F
 		if (dup2(rpipe[1], STDOUT_FILENO) != STDOUT_FILENO) _exit(2);
 
 		// Close unneeded fds
-		close(rpipe[0]);
-		close(rpipe[1]);
-		close(wpipe[0]);
-		close(wpipe[1]);
+		for (int i = 3; i < sysconf(_SC_OPEN_MAX); i++)
+			close(i);
 
 		// Exec
 		execl("/bin/sh", "sh", "-c", program, (char*) NULL);
@@ -194,8 +192,8 @@ public:
 		else if (this->data[PROXY_MODE] == "manual") {
 			string type, host, port;
 			bool       auth = this->data[PROXY_USE_AUTHENTICATION] == "true";
-			string username = url::encode(this->data[PROXY_AUTH_USER], url::ALLOWED_IN_USERINFO_ELEMENT);
-			string password = url::encode(this->data[PROXY_AUTH_PASSWORD], url::ALLOWED_IN_USERINFO_ELEMENT);
+			string username = url::encode(this->data[PROXY_AUTH_USER], URL_ALLOWED_IN_USERINFO_ELEMENT);
+			string password = url::encode(this->data[PROXY_AUTH_PASSWORD], URL_ALLOWED_IN_USERINFO_ELEMENT);
 			bool same_proxy = this->data[PROXY_SAME_FOR_ALL] == "true"; 
 
 			// If socks is set use it (except when same_proxy is set)
Index: libproxy/proxy.cpp
===================================================================
--- libproxy/proxy.cpp.orig
+++ libproxy/proxy.cpp
@@ -164,7 +164,7 @@ proxy_factory::proxy_factory() {
 proxy_factory::~proxy_factory() {
 	lock();
 
-	if (this->pac) delete this->pac;
+	if (this->pac) delete[] this->pac;
 	if (this->pacurl) delete this->pacurl;
 	
 	unlock();
Index: libproxy/url.hpp
===================================================================
--- libproxy/url.hpp.orig
+++ libproxy/url.hpp
@@ -27,6 +27,13 @@
 
 #include "config.hpp"
 
+#define URL_GENERIC_DELIMITERS          ":/?#[]@"
+#define URL_SUBCOMPONENT_DELIMITERS     "!$&'()*+,;="
+#define URL_ALLOWED_IN_USERINFO_ELEMENT URL_SUBCOMPONENT_DELIMITERS
+#define URL_ALLOWED_IN_USERINFO         URL_ALLOWED_IN_USERINFO_ELEMENT ":"
+#define URL_ALLOWED_IN_PATH_ELEMENT     URL_SUBCOMPONENT_DELIMITERS ":@"
+#define URL_ALLOWED_IN_PATH             URL_ALLOWED_IN_PATH_ELEMENT "/"
+
 namespace libproxy {
 
 using namespace std;
@@ -38,13 +45,6 @@ public:
 
 class DLL_PUBLIC url {
 public:
-	static const string ALLOWED_IN_PATH;
-	static const string ALLOWED_IN_PATH_ELEMENT;
-	static const string ALLOWED_IN_USERINFO;
-	static const string ALLOWED_IN_USERINFO_ELEMENT;
-	static const string GENERIC_DELIMITERS;
-	static const string SUBCOMPONENT_DELIMITERS;
-
 	static bool is_valid(const string url);
 	static string encode(const string &data, const string &valid_reserved = "");