diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-03-30 21:34:30 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-03-30 21:34:30 +0100 |
| commit | c3387e839e38f97f0ff4f67ba9eb01f9ead5d07b (patch) | |
| tree | e77296f2d92799c9a0f18377540e8836b9f4605c /src | |
| parent | 31cb10179400f215d37ec2a513f37a8d20fc937e (diff) | |
| download | rspamd-c3387e839e38f97f0ff4f67ba9eb01f9ead5d07b.tar.gz rspamd-c3387e839e38f97f0ff4f67ba9eb01f9ead5d07b.zip | |
[Minor] Fix out-of-bound access issues
Diffstat (limited to 'src')
| -rw-r--r-- | src/libserver/html.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/libserver/html.c b/src/libserver/html.c index f33b3a304..abc795fa9 100644 --- a/src/libserver/html.c +++ b/src/libserver/html.c @@ -1745,7 +1745,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl, while (p <= end) { switch(state) { case read_key: - if (*p == ':') { + if (p == end || *p == ':') { key = c; klen = p - c; state = skip_spaces; @@ -1762,7 +1762,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl, break; case read_colon: - if (*p == ':') { + if (p == end || *p == ':') { state = skip_spaces; next_state = read_value; } @@ -1771,7 +1771,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl, break; case read_value: - if (*p == ';' || p == end) { + if (p == end || *p == ';') { if (key && klen && p - c > 0) { if ((klen == 5 && g_ascii_strncasecmp (key, "color", 5) == 0) || (klen == 10 && g_ascii_strncasecmp (key, "font-color", 10) == 0)) { @@ -1806,7 +1806,7 @@ rspamd_html_process_style (rspamd_mempool_t *pool, struct html_block *bl, break; case skip_spaces: - if (!g_ascii_isspace (*p)) { + if (p < end && !g_ascii_isspace (*p)) { c = p; state = next_state; } |