fix: prevent NULL pointer crash when r2h-token is not configured

Add NULL pointer checks for config.r2h_token before dereferencing
in http.c and http_proxy.c. config.r2h_token is a pointer that can
be NULL when the -T option is not provided, so checking
config.r2h_token[0] directly would crash with a segfault.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: stackia

src/http.c

@@ -275,7 +275,8 @@ int http_parse_request(char *inbuf, int *in_len, http_request_t *req) {
           char filter_buf[2048];
 
           /* Filter r2h-token from Cookie header */
-          if (strcasecmp(inbuf, "Cookie") == 0 && config.r2h_token[0]) {
+          if (strcasecmp(inbuf, "Cookie") == 0 && config.r2h_token &&
+              config.r2h_token[0] != '\0') {
             int flen = http_filter_cookie(value, "r2h-token", filter_buf,
                                           sizeof(filter_buf));
             if (flen > 0) {
@@ -286,7 +287,8 @@ int http_parse_request(char *inbuf, int *in_len, http_request_t *req) {
             }
           }
           /* Filter R2HTOKEN/xxx from User-Agent header */
-          else if (strcasecmp(inbuf, "User-Agent") == 0 && config.r2h_token[0]) {
+          else if (strcasecmp(inbuf, "User-Agent") == 0 && config.r2h_token &&
+                   config.r2h_token[0] != '\0') {
             int flen = http_filter_user_agent_token(value, filter_buf,
                                                     sizeof(filter_buf));
             if (flen > 0) {

src/http_proxy.c

@@ -151,7 +151,7 @@ int http_proxy_parse_url(http_proxy_session_t *session, const char *url) {
 
     /* Check if URL has query string with potential r2h-token */
     const char *query_start = strchr(slash, '?');
-    if (query_start && config.r2h_token[0]) {
+    if (query_start && config.r2h_token && config.r2h_token[0] != '\0') {
       /* Copy path portion up to query string */
       size_t path_len = (size_t)(query_start - slash);
       memcpy(session->target_path, slash, path_len);