From 2e5dae850516f923cda3b26492c697a676aa3cdc Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 7 Apr 2017 22:52:55 +0100
Subject: [PATCH] [Minor] More bounds checks

---
 src/libserver/html.c | 5 +++--
 src/libserver/spf.c  | 7 ++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/libserver/html.c b/src/libserver/html.c
index 175398aa3..00b4e24a5 100644
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -848,8 +848,9 @@ rspamd_html_url_is_phished (rspamd_mempool_t *pool,
 		url_text ++;
 	}
 
-	if (rspamd_url_find (pool, url_text, end - url_text, &url_str, FALSE,
-			&url_pos) &&
+	if (end > url_text + 4 &&
+			rspamd_url_find (pool, url_text, end - url_text, &url_str, FALSE,
+					&url_pos) &&
 			url_str != NULL) {
 		if (url_pos > 0) {
 			/*
diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index dc8e2b36c..fdd4a5136 100644
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -452,6 +452,9 @@ spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)
 	if (*dend == '.') {
 		dend--;
 	}
+	if (nend <= nstart || dend <= dstart) {
+		return FALSE;
+	}
 
 	/* Now compare from end to start */
 	for (;;) {
@@ -459,6 +462,7 @@ spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)
 			msg_debug_spf ("ptr records mismatch: %s and %s", dend, nend);
 			return FALSE;
 		}
+
 		if (dend == dstart) {
 			break;
 		}
@@ -469,7 +473,8 @@ spf_check_ptr_host (struct spf_dns_cb *cb, const char *name)
 		nend--;
 		dend--;
 	}
-	if (nend != nstart && *(nend - 1) != '.') {
+
+	if (nend > nstart && *(nend - 1) != '.') {
 		/* Not a subdomain */
 		return FALSE;
 	}
-- 
2.39.5