From fd4de5a9277d8d4a75b2258b4e1f8cf20c8e0e1d Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rambler-co.ru>
Date: Tue, 19 Jul 2011 17:01:17 +0400
Subject: [PATCH] Fix coredumps on some specific messages with specific urls.
 Fix coredumps while closing log file. Fix parsing of chunked HTTP replies.

---
 src/logger.c |  2 +-
 src/map.c    | 13 ++++++++++---
 src/url.c    | 20 +++++++++++++-------
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/src/logger.c b/src/logger.c
index db4143ff3..0d9f9c988 100644
--- a/src/logger.c
+++ b/src/logger.c
@@ -185,7 +185,7 @@ close_log (rspamd_logger_t *rspamd_log)
 				rspamd_snprintf (tmpbuf, sizeof (tmpbuf), "Last message repeated %ud times", rspamd_log->repeats);
 				rspamd_log->repeats = 0;
 				if (rspamd_log->saved_message) {
-					file_log_function (NULL, rspamd_log->saved_function, rspamd_log->cfg->log_level, rspamd_log->saved_message, TRUE, NULL);
+					file_log_function (NULL, rspamd_log->saved_function, rspamd_log->cfg->log_level, rspamd_log->saved_message, TRUE, rspamd_log);
 					g_free (rspamd_log->saved_message);
 					g_free (rspamd_log->saved_function);
 					rspamd_log->saved_message = NULL;
diff --git a/src/map.c b/src/map.c
index e5e6d9145..f85a79031 100644
--- a/src/map.c
+++ b/src/map.c
@@ -236,9 +236,9 @@ read_http_chunked (u_char * buf, size_t len, struct rspamd_map *map, struct http
 		/* Read first chunk data */
 		skip = read_chunk_header (buf, len, data);
 		p += skip;
+		len -= skip;
 	}
 
-	len -= skip;
 	data->chunk_read += len;
 	if (data->chunk_read >= data->chunk) {
 		/* Read next chunk and feed callback with remaining buffer */
@@ -247,9 +247,11 @@ read_http_chunked (u_char * buf, size_t len, struct rspamd_map *map, struct http
 			/* copy remaining buffer to start of buffer */
 			data->rlen = len - (remain - p);
 			memmove (p, remain, data->rlen);
+			data->chunk_read -= data->rlen;
 		}
-
-		p = buf + (len - (data->chunk_read - data->chunk));
+	}
+	if (data->chunk_read >= data->chunk) {
+		p = p + (len - (data->chunk_read - data->chunk));
 		if (*p != '\r') {
 			if (*p == '0') {
 				return TRUE;
@@ -903,6 +905,11 @@ http_async_callback (gint fd, short what, void *ud)
 			cbd->cbdata.state = 0;
 			cbd->cbdata.prev_data = *cbd->map->user_data;
 			cbd->cbdata.cur_data = NULL;
+			cbd->data->rlen = 0;
+			cbd->data->chunk = 0;
+			cbd->data->chunk_read = 0;
+			cbd->data->chunked = FALSE;
+			cbd->data->read_buf[0] = '\0';
 
 			event_add (&cbd->ev, &cbd->tv);
 		}
diff --git a/src/url.c b/src/url.c
index c8895e107..fd0459ff5 100644
--- a/src/url.c
+++ b/src/url.c
@@ -1252,17 +1252,23 @@ url_try_text (memory_pool_t *pool, const gchar *begin, gsize len, gchar **start,
 					memcpy (*url_str, m.m_begin, m.m_len);
 					(*url_str)[m.m_len] = '\0';
 				}
-
+				if (start != NULL) {
+					*start = (gchar *)m.m_begin;
+				}
+				if (fin != NULL) {
+					*fin = (gchar *)m.m_begin + m.m_len;
+				}
 			}
 			else {
 				*url_str = NULL;
+				if (start != NULL) {
+					*start = (gchar *)pos;
+				}
+				if (fin != NULL) {
+					*fin = (gchar *)pos + strlen (m.prefix);
+				}
 			}
-			if (start != NULL) {
-				*start = (gchar *)m.m_begin;
-			}
-			if (fin != NULL) {
-				*fin = (gchar *)m.m_begin + m.m_len;
-			}
+
 			return TRUE;
 		}
 	}
-- 
2.39.5