From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 15 Oct 2015 14:30:54 +0000 (+0100)
Subject: Do not check out of boundary memory.
X-Git-Tag: 1.0.6~13
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8407683f7764e7fdb9fdeb84899a90483680a066;p=rspamd.git

Do not check out of boundary memory.
---

diff --git a/src/libutil/http.c b/src/libutil/http.c
index e082c3c24..9c08f41f8 100644
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -2420,7 +2420,7 @@ rspamd_http_message_parse_query (struct rspamd_http_message *msg)
 			while (p <= end) {
 				switch (state) {
 				case parse_key:
-					if ((*p == '&' || p == end) && p > c) {
+					if ((p == end || *p == '&') && p > c) {
 						/* We have a single parameter without a value */
 						key = rspamd_fstring_new_init (c, p - c);
 						key_tok = rspamd_ftok_map (key);
@@ -2458,7 +2458,7 @@ rspamd_http_message_parse_query (struct rspamd_http_message *msg)
 					break;
 
 				case parse_value:
-					if ((*p == '&' || p == end) && p >= c) {
+					if ((p == end || *p == '&') && p >= c) {
 						g_assert (key != NULL);
 						if (p > c) {
 							value = rspamd_fstring_new_init (c, p - c);
@@ -2483,7 +2483,7 @@ rspamd_http_message_parse_query (struct rspamd_http_message *msg)
 					break;
 
 				case parse_ampersand:
-					if (*p != '&' && p != end) {
+					if (p != end && *p != '&') {
 						c = p;
 						state = parse_key;
 					}