From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 30 Mar 2017 20:34:30 +0000 (+0100)
Subject: [Minor] Fix out-of-bound access issues
X-Git-Tag: 1.5.5~74
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=c3387e839e38f97f0ff4f67ba9eb01f9ead5d07b;p=rspamd.git

[Minor] Fix out-of-bound access issues
---

diff --git a/src/libserver/html.c b/src/libserver/html.c
index f33b3a304..abc795fa9 100644
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -1745,7 +1745,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl,
 	while (p <= end) {
 		switch(state) {
 		case read_key:
-			if (*p == ':') {
+			if (p == end || *p == ':') {
 				key = c;
 				klen = p - c;
 				state = skip_spaces;
@@ -1762,7 +1762,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl,
 			break;
 
 		case read_colon:
-			if (*p == ':') {
+			if (p == end || *p == ':') {
 				state = skip_spaces;
 				next_state = read_value;
 			}
@@ -1771,7 +1771,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl,
 			break;
 
 		case read_value:
-			if (*p == ';' || p == end) {
+			if (p == end || *p == ';') {
 				if (key && klen && p - c > 0) {
 					if ((klen == 5 && g_ascii_strncasecmp (key, "color", 5) == 0)
 					|| (klen == 10 && g_ascii_strncasecmp (key, "font-color", 10) == 0)) {
@@ -1806,7 +1806,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl,
 			break;
 
 		case skip_spaces:
-			if (!g_ascii_isspace (*p)) {
+			if (p < end && !g_ascii_isspace (*p)) {
 				c = p;
 				state = next_state;
 			}