diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-05 13:42:36 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-06-05 13:42:36 +0100 |
| commit | 3c530fce0934e296d5f2a8f80f3f8540c13b3a8d (patch) | |
| tree | f2df0a70643209358ce67f9604a6126e382df6cf /src | |
| parent | fcc57ae988f053a283bda4e2cac1c0811b6c33ba (diff) | |
| download | rspamd-3c530fce0934e296d5f2a8f80f3f8540c13b3a8d.tar.gz rspamd-3c530fce0934e296d5f2a8f80f3f8540c13b3a8d.zip | |
[Fix] Fix parsing of urls with numeric password
Diffstat (limited to 'src')
| -rw-r--r-- | src/libserver/url.c | 46 |
1 files changed, 39 insertions, 7 deletions
diff --git a/src/libserver/url.c b/src/libserver/url.c index 23826d51b..8e4cb2133 100644 --- a/src/libserver/url.c +++ b/src/libserver/url.c @@ -1012,13 +1012,45 @@ rspamd_web_parse (struct http_parser_url *u, const gchar *str, gsize len, break; case parse_port_password: if (g_ascii_isdigit (t)) { - /* XXX: that breaks urls with passwords starting with number */ - st = parse_port; - c = slash; - p--; - SET_U (u, UF_HOST); - p++; - c = p; + const gchar *tmp = p; + + while (tmp < last) { + if (!g_ascii_isdigit (*tmp)) { + if (*tmp == '/' || *tmp == '#' || *tmp == '?') { + /* Port + something */ + st = parse_port; + c = slash; + p--; + SET_U (u, UF_HOST); + p++; + c = p; + break; + } + else { + /* Not a port, bad character at the end */ + break; + } + } + tmp ++; + } + + if (tmp == last) { + /* Host + port only */ + st = parse_port; + c = slash; + p--; + SET_U (u, UF_HOST); + p++; + c = p; + } + + if (st != parse_port) { + /* Fallback to user:password */ + p = slash; + c = slash; + user_seen = TRUE; + st = parse_user; + } } else { /* Rewind back */ |