From f09b8e5be2aa8ad1593bcb0e7438af6b6d5a1305 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 15 Apr 2021 21:23:43 +0100
Subject: [PATCH] [Minor] Avoid FP when a protocol prefix is implicitly added

---
 src/libserver/html.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libserver/html.c b/src/libserver/html.c
index 5e29b3b845..1379071831 100644
--- a/src/libserver/html.c
+++ b/src/libserver/html.c
@@ -837,8 +837,8 @@ rspamd_html_url_is_phished (rspamd_mempool_t *pool,
 			 */
 			gboolean obfuscation_found = FALSE;
 
-			if (g_ascii_strncasecmp (url_str, "http", 4) == 0 &&
-				strstr (url_str, "://") != NULL) {
+			if (len > 4 && g_ascii_strncasecmp (url_text, "http", 4) == 0 &&
+				rspamd_substring_search (url_text, len,"://", 3) != -1) {
 				/* Clearly an obfuscation attempt */
 				obfuscation_found = TRUE;
 			}
-- 
2.47.3