commit 7eb8a6f: [Minor] Fix corner case in html escaping

[Vsevolod Stakhov]

Author: Vsevolod Stakhov
Date: 2020-06-03 11:26:33 +0100
URL: https://github.com/rspamd/rspamd/commit/7eb8a6f85cc1c65e4b5a83a8c0ef65cb4087e292 (HEAD -> master)

[Minor] Fix corner case in html escaping

---
 src/libserver/html.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/libserver/html.c b/src/libserver/html.c
index b916019d9..16f108ecf 100644
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -349,7 +349,12 @@ rspamd_html_decode_entitles_inplace (gchar *s, gsize len)
 	gchar *t = s, *h = s, *e = s, *end_ptr, old_c;
 	const gchar *end;
 	const gchar *entity;
-	gboolean seen_hash = FALSE, seen_digit_only = FALSE, seen_hex = FALSE;
+	gboolean seen_hash = FALSE, seen_hex = FALSE;
+	enum {
+		do_undefined,
+		do_digits_only,
+		do_mixed,
+	} seen_digit_only;
 	gint state = 0, base;
 	UChar32 uc;
 	khiter_t k;
@@ -371,7 +376,7 @@ rspamd_html_decode_entitles_inplace (gchar *s, gsize len)
 				state = 1;
 				seen_hash = FALSE;
 				seen_hex = FALSE;
-				seen_digit_only = FALSE;
+				seen_digit_only = do_undefined;
 				e = h;
 				h++;
 				continue;
@@ -520,17 +525,18 @@ decode_entity:
 					h ++;
 				}
 			}
-			else if (g_ascii_isdigit (*h) || (seen_hex && g_ascii_isxdigit (*h))) {
-				seen_digit_only = TRUE;
+			else if (seen_digit_only != do_mixed &&
+				(g_ascii_isdigit (*h) || (seen_hex && g_ascii_isxdigit (*h)))) {
+				seen_digit_only = do_digits_only;
 			}
 			else {
-				if (seen_digit_only && seen_hash && h > e) {
+				if (seen_digit_only == do_digits_only && seen_hash && h > e) {
 					/* We have seen some digits, so we can try to decode, eh */
 					/* Fuck retarded email clients... */
 					goto decode_entity;
 				}
 
-				seen_digit_only = FALSE;
+				seen_digit_only = do_mixed;
 			}
 
 			h++;