From 9f6036dbf1852abde0daf5c4b4417e8126d15401 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Fri, 29 Sep 2017 19:24:55 +0100
Subject: [PATCH] [Fix] Do not allow garbadge when checking url domain

---
 src/libserver/url.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/libserver/url.c b/src/libserver/url.c
index 824c0dff8..f7a73ac5a 100644
--- a/src/libserver/url.c
+++ b/src/libserver/url.c
@@ -965,9 +965,17 @@ rspamd_web_parse (struct http_parser_url *u, const gchar *str, gsize len,
 
 							p = p + i;
 						}
-						else {
+						else if (is_urlsafe (*p)) {
 							p ++;
 						}
+						else {
+							if (strict) {
+								goto out;
+							}
+							else {
+								goto set;
+							}
+						}
 					}
 					else {
 						p++;
-- 
2.39.5