]> source.dussan.org Git - rspamd.git/commitdiff
projects / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1eb0581)
Fix parsing of tags with spaces used for obfuscation
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Tue, 24 Nov 2015 13:19:20 +0000 (13:19 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Tue, 24 Nov 2015 13:19:20 +0000 (13:19 +0000)
src/libserver/html.c patch | blob | history

diff --git a/src/libserver/html.c b/src/libserver/html.c
index daea7f7ff8dc208878a73f0bb2d0f9681e40c3ed..45eeb8e4a459634b26c95d1e0601c9b6fa722f75 100644 (file)
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -1284,7 +1284,9 @@ rspamd_html_process_url_tag (rspamd_mempool_t *pool, struct html_tag *tag)
        struct html_tag_component *comp;
        struct rspamd_url *url;
        GList *cur;
+       const guchar *p;
        gint rc;
+       gboolean has_spaces = FALSE;
 
        cur = tag->params->head;
 
@@ -1292,10 +1294,35 @@ rspamd_html_process_url_tag (rspamd_mempool_t *pool, struct html_tag *tag)
                comp = cur->data;
 
                if (comp->type == RSPAMD_HTML_COMPONENT_HREF && comp->len > 0) {
+                       /* Strip spaces from the url component */
+                       p = comp->start;
+
+                       while (g_ascii_isspace (*p) && p < comp->start + comp->len) {
+                               p ++;
+                               has_spaces = TRUE;
+                       }
+
+                       comp->start = p;
+                       comp->len -= p - comp->start;
+
+                       p = comp->start + comp->len - 1;
+
+                       while (g_ascii_isspace (*p) && p >= comp->start) {
+                               p --;
+                               comp->len --;
+                               has_spaces = TRUE;
+                       }
+
                        url = rspamd_mempool_alloc (pool, sizeof (*url));
                        rc = rspamd_url_parse (url, (gchar *)comp->start, comp->len, pool);
 
                        if (rc == URI_ERRNO_OK) {
+
+                               /* Spaces in href usually mean an attempt to obfusicate URL */
+                               if (has_spaces) {
+                                       url->flags |= RSPAMD_URL_FLAG_OBSCURED;
+                               }
+
                                return url;
                        }
                }
Rapid spam filtering system: https://github.com/rspamd/rspamd