From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Mon, 21 Nov 2022 17:50:02 +0000 (+0000)
Subject: [Fix] Fix off-by-one error in css tokenizer
X-Git-Tag: 3.5~201
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b8311035d0b4cde1047568260e997e861f0f318c;p=rspamd.git

[Fix] Fix off-by-one error in css tokenizer
---

diff --git a/src/libserver/css/css_tokeniser.cxx b/src/libserver/css/css_tokeniser.cxx
index ace94cae2..f3c010f1e 100644
--- a/src/libserver/css/css_tokeniser.cxx
+++ b/src/libserver/css/css_tokeniser.cxx
@@ -557,7 +557,13 @@ auto css_tokeniser::next_token(void) -> struct css_parser_token
 		case '"':
 		case '\'':
 			offset = i + 1;
-			return make_token<css_parser_token::token_type::string_token>(consume_string(c));
+			if (offset < input.size()) {
+				return make_token<css_parser_token::token_type::string_token>(consume_string(c));
+			}
+			else {
+				/* Unpaired quote at the end of the rule */
+				return make_token<css_parser_token::token_type::delim_token>(c);
+			}
 		case '(':
 			offset = i + 1;
 			return make_token<css_parser_token::token_type::obrace_token>();