commit b831103: [Fix] Fix off-by-one error in css tokenizer

Mon Nov 21 17:56:03 UTC 2022

Author: Vsevolod Stakhov
Date: 2022-11-21 17:50:02 +0000
URL: https://github.com/rspamd/rspamd/commit/b8311035d0b4cde1047568260e997e861f0f318c

[Fix] Fix off-by-one error in css tokenizer

---
 src/libserver/css/css_tokeniser.cxx | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libserver/css/css_tokeniser.cxx b/src/libserver/css/css_tokeniser.cxx
index ace94cae2..f3c010f1e 100644
--- a/src/libserver/css/css_tokeniser.cxx
+++ b/src/libserver/css/css_tokeniser.cxx
@@ -557,7 +557,13 @@ auto css_tokeniser::next_token(void) -> struct css_parser_token
 		case '"':
 		case '\'':
 			offset = i + 1;
-			return make_token<css_parser_token::token_type::string_token>(consume_string(c));
+			if (offset < input.size()) {
+				return make_token<css_parser_token::token_type::string_token>(consume_string(c));
+			}
+			else {
+				/* Unpaired quote at the end of the rule */
+				return make_token<css_parser_token::token_type::delim_token>(c);
+			}
 		case '(':
 			offset = i + 1;
 			return make_token<css_parser_token::token_type::obrace_token>();
