[Feature] Find URLs with '\r' and '\n' inside href attribute

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2016-03-29 16:08:47 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2016-03-29 16:08:47 +0100
commit: 0fcb6c7dc829b0475b3e99f79072ee01ff0b530c (patch)
tree: c9e9d5625ff6e8e6934522f887315b68a7175c2c /src/libserver
parent: 1424d904c9c5cb1593b369949354d376af56f111 (diff)
download: rspamd-0fcb6c7dc829b0475b3e99f79072ee01ff0b530c.tar.gz
rspamd-0fcb6c7dc829b0475b3e99f79072ee01ff0b530c.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/libserver/html.c b/src/libserver/html.c
index b799e9280..49034acf6 100644
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -1131,6 +1131,7 @@ rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len,
 	gsize decoded_len;
 	gboolean has_spaces = FALSE;
 	const gchar *p;
+	gchar *t, *h;
 
 	p = start;
 
@@ -1166,6 +1167,21 @@ rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len,
 	rspamd_strlcpy (decoded, start, len + 1);
 	decoded_len = rspamd_decode_url (decoded, start, len);
 
+	/* We also need to remove all internal newlines */
+	t = decoded;
+	h = t;
+
+	while (*h) {
+		if (*h == '\r' || *h == '\n') {
+			h ++;
+			decoded_len --;
+		}
+		else {
+			*t++ = *h++;
+		}
+	}
+	*t = *h;
+
 	if (comp) {
 		comp->start = decoded;
 		comp->len = decoded_len;
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2016-03-29 16:08:47 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2016-03-29 16:08:47 +0100
commit	0fcb6c7dc829b0475b3e99f79072ee01ff0b530c (patch)
tree	c9e9d5625ff6e8e6934522f887315b68a7175c2c /src/libserver
parent	1424d904c9c5cb1593b369949354d376af56f111 (diff)
download	rspamd-0fcb6c7dc829b0475b3e99f79072ee01ff0b530c.tar.gz rspamd-0fcb6c7dc829b0475b3e99f79072ee01ff0b530c.zip