commit 9c23b08: [CritFix] Html: Entities are not valid within tag params values

[Vsevolod Stakhov]

Author: Vsevolod Stakhov
Date: 2019-01-23 15:43:55 +0000
URL: https://github.com/rspamd/rspamd/commit/9c23b08876a546e6de060a2b7820189f8acf813f (HEAD -> master)

[CritFix] Html: Entities are not valid within tag params values

---
 src/libserver/html.c | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/src/libserver/html.c b/src/libserver/html.c
index afaeae4c5..ee276d813 100644
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -1148,18 +1148,15 @@ rspamd_html_parse_tag_content (rspamd_mempool_t *pool,
 			store = TRUE;
 			state = parse_end_dquote;
 		}
+
 		if (store) {
 			if (*savep != NULL) {
-				gchar *s;
-
 				g_assert (tag->params != NULL);
 				comp = g_queue_peek_tail (tag->params);
 				g_assert (comp != NULL);
 				comp->len = in - *savep;
-				s = rspamd_mempool_alloc (pool, comp->len);
-				memcpy (s, *savep, comp->len);
-				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);
-				comp->start = s;
+				comp->start = *savep;
+				/* We cannot use entities inside tag values ! */
 				*savep = NULL;
 			}
 		}
@@ -1172,16 +1169,11 @@ rspamd_html_parse_tag_content (rspamd_mempool_t *pool,
 		}
 		if (store) {
 			if (*savep != NULL) {
-				gchar *s;
-
 				g_assert (tag->params != NULL);
 				comp = g_queue_peek_tail (tag->params);
 				g_assert (comp != NULL);
 				comp->len = in - *savep;
-				s = rspamd_mempool_alloc (pool, comp->len);
-				memcpy (s, *savep, comp->len);
-				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);
-				comp->start = s;
+				comp->start = *savep;
 				*savep = NULL;
 			}
 		}
@@ -1199,16 +1191,11 @@ rspamd_html_parse_tag_content (rspamd_mempool_t *pool,
 
 		if (store) {
 			if (*savep != NULL) {
-				gchar *s;
-
 				g_assert (tag->params != NULL);
 				comp = g_queue_peek_tail (tag->params);
 				g_assert (comp != NULL);
 				comp->len = in - *savep;
-				s = rspamd_mempool_alloc (pool, comp->len);
-				memcpy (s, *savep, comp->len);
-				comp->len = rspamd_html_decode_entitles_inplace (s, comp->len);
-				comp->start = s;
+				comp->start = *savep;
 				*savep = NULL;
 			}
 		}
@@ -1319,9 +1306,12 @@ rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len,
 		}
 	}
 
-	/* We also need to remove all internal newlines and encode unsafe characters */
+	/*
+	 * We also need to remove all internal newlines, spaces
+	 * and encode unsafe characters
+	 */
 	for (i = 0; i < len; i ++) {
-		if (G_UNLIKELY (s[i] == '\r' || s[i] == '\n')) {
+		if (G_UNLIKELY (g_ascii_isspace (s[i]))) {
 			continue;
 		}
 		else if (G_UNLIKELY (((guint)s[i]) < 0x80 && !g_ascii_isgraph (s[i]))) {