[Minor] More bounds checks

diff --git a/src/libserver/html.c b/src/libserver/html.c
index 175398aa3806bd2e313f720e4be82d960a910767..00b4e24a5547f93a2432ec6ac720c59f54442955 100644 (file)
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -848,8 +848,9 @@ rspamd_html_url_is_phished (rspamd_mempool_t *pool,
                url_text ++;
        }
 
-       if (rspamd_url_find (pool, url_text, end - url_text, &url_str, FALSE,
-                       &url_pos) &&
+       if (end > url_text + 4 &&
+                       rspamd_url_find (pool, url_text, end - url_text, &url_str, FALSE,
+                                       &url_pos) &&
                        url_str != NULL) {
                if (url_pos > 0) {
                        /*

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index dc8e2b36c0404e61eba03c730796d6109f5f9728..fdd4a5136b75ad3b300197d97f1776d4c4b3703f 100644 (file)
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -452,6 +452,9 @@ spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)
        if (*dend == '.') {
                dend--;
        }
+       if (nend <= nstart || dend <= dstart) {
+               return FALSE;
+       }
 
        /* Now compare from end to start */
        for (;;) {
@@ -459,6 +462,7 @@ spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)
                        msg_debug_spf ("ptr records mismatch: %s and %s", dend, nend);
                        return FALSE;
                }
+
                if (dend == dstart) {
                        break;
                }
@@ -469,7 +473,8 @@ spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)
                nend--;
                dend--;
        }
-       if (nend != nstart && *(nend - 1) != '.') {
+
+       if (nend > nstart && *(nend - 1) != '.') {
                /* Not a subdomain */
                return FALSE;
        }