From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 27 Sep 2021 14:07:32 +0000 (+0100)
Subject: [Minor] Add a special state to tags content parsing to avoid illegal lookahead
X-Git-Tag: 3.1~114
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a26db85d6ab7cb717772806860d9675e316189e3;p=thirdparty%2Frspamd.git

[Minor] Add a special state to tags content parsing to avoid illegal lookahead
---

diff --git a/src/libserver/html/html.cxx b/src/libserver/html/html.cxx
index 7c9c7cef3a..f8b3e96ea1 100644
--- a/src/libserver/html/html.cxx
+++ b/src/libserver/html/html.cxx
@@ -249,6 +249,7 @@ html_parse_tag_content(rspamd_mempool_t *pool,
 		spaces_after_param,
 		ignore_bad_tag,
 		tag_end,
+		slash_after_value,
 	} state;
 
 	state = static_cast<enum tag_parser_state>(parser_env.cur_state);
@@ -384,8 +385,7 @@ html_parse_tag_content(rspamd_mempool_t *pool,
 		else if (*in == '/') {
 			store_component_name();
 			store_component_value();
-			tag->flags |= FL_CLOSED;
-			state = spaces_before_eq;
+			state = slash_after_value;
 		}
 		else if (*in == '>') {
 			store_component_name();
@@ -512,8 +512,8 @@ html_parse_tag_content(rspamd_mempool_t *pool,
 		break;
 
 	case parse_value:
-		if (*in == '/' && *(in + 1) == '>') {
-			tag->flags |= FL_CLOSED;
+		if (*in == '/') {
+			state = slash_after_value;
 			store_component_value();
 		}
 		else if (g_ascii_isspace (*in) || *in == '>' || *in == '"') {
@@ -530,8 +530,10 @@ html_parse_tag_content(rspamd_mempool_t *pool,
 		if (g_ascii_isspace (*in)) {
 			state = spaces_after_param;
 		}
-		else if (*in == '/' && *(in + 1) == '>') {
-			tag->flags |= FL_CLOSED;
+		else if (*in == '/') {
+			store_component_value();
+			store_value_character(true);
+			state = slash_after_value;
 		}
 		else {
 			/* No space, proceed immediately to the attribute name */
@@ -543,8 +545,8 @@ html_parse_tag_content(rspamd_mempool_t *pool,
 
 	case spaces_after_param:
 		if (!g_ascii_isspace (*in)) {
-			if (*in == '/' && *(in + 1) == '>') {
-				tag->flags |= FL_CLOSED;
+			if (*in == '/') {
+				state = slash_after_value;
 			}
 			else if (*in == '=') {
 				/* Attributes cannot start with '=' */
@@ -558,7 +560,16 @@ html_parse_tag_content(rspamd_mempool_t *pool,
 			}
 		}
 		break;
-
+	case slash_after_value:
+		if (*in == '>') {
+			tag->flags |= FL_CLOSED;
+			state = tag_end;
+		}
+		else if (!g_ascii_isspace(*in)) {
+			tag->flags |= FL_BROKEN;
+			state = parse_attr_name;
+		}
+		break;
 	case ignore_bad_tag:
 	case tag_end:
 		break;