From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sat, 28 Nov 2015 22:10:25 +0000 (+0000)
Subject: More fixes to url numeric conversions
X-Git-Tag: 1.1.0~451
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=660fa482d1447b59f24d994521e5049828fa41dd;p=rspamd.git

More fixes to url numeric conversions
---

diff --git a/src/libserver/url.c b/src/libserver/url.c
index b612bb193..a7275c337 100644
--- a/src/libserver/url.c
+++ b/src/libserver/url.c
@@ -1131,13 +1131,23 @@ rspamd_url_is_ip (struct rspamd_url *uri, rspamd_mempool_t *pool)
 				g_assert (p - c + 1 < (gint) sizeof (buf));
 				rspamd_strlcpy (buf, c, p - c + 1);
 				c = p + 1;
-				dots++;
+
+				if (p < end && *p == '.') {
+					dots++;
+				}
+
 				t = strtoul (buf, &errstr, 0);
 
 				if (errstr == NULL || *errstr == '\0') {
 
+					/*
+					 * Even if we have zero, we need to shift by 1 octet
+					 */
 					nshift = (t == 0 ? shift + 8 : shift);
 
+					/*
+					 * Here we count number of octets encoded in this element
+					 */
 					for (i = 0; i < 4; i++) {
 						if ((t >> 8 * i) > 0) {
 							nshift += 8;
@@ -1149,23 +1159,23 @@ rspamd_url_is_ip (struct rspamd_url *uri, rspamd_mempool_t *pool)
 					/*
 					 * Here we need to find the proper shift of the previous
 					 * components, so we check possible cases:
-					 * 1) 1 octet
-					 * 2) 2 octets
-					 * 3) 3 octets
-					 * 4) 4 octets
+					 * 1) 1 octet - just use it applying shift
+					 * 2) 2 octets - convert to big endian 16 bit number
+					 * 3) 3 octets - convert to big endian 24 bit number
+					 * 4) 4 octets - convert to big endian 32 bit number
 					 */
 					switch (i) {
 						case 4:
-							n |= (GUINT32_FROM_BE (t)) << shift;
+							n |= GUINT32_TO_BE (t) << shift;
 							break;
 						case 3:
-							n |= (GUINT32_FROM_BE (t)) << (shift - 8);
+							n |= (GUINT32_TO_BE (t & 0xFFFFFFU) >> 8) << shift;
 							break;
 						case 2:
-							n |= (GUINT16_FROM_BE (t)) << shift;
+							n |= GUINT16_TO_BE (t & 0xFFFFU) << shift;
 							break;
 						default:
-							n |= t << shift;
+							n |= (t & 0xFF) << shift;
 							break;
 					}
 
diff --git a/test/lua/unit/url.lua b/test/lua/unit/url.lua
index e6b112870..0b385c063 100644
--- a/test/lua/unit/url.lua
+++ b/test/lua/unit/url.lua
@@ -53,6 +53,9 @@ context("URL check functions", function()
     local pool = mpool.create()
     -- input, parseable, {host, port, user, password, path, query, part}
     local cases = {
+      {"http://%30%78%63%30%2e%30%32%35%30.01", true, { --0xc0.0250.01
+        host = '192.168.0.1',
+      }},
       {"http://www.google.com/foo?bar=baz#", true, {
         host = 'www.google.com', path = 'foo', query = 'bar=baz', tld = 'google.com'
       }},