dovecot-2.2: fts: parser-html - parser can fail on attributes='w...

Tue May 27 18:19:09 UTC 2014

details:   http://hg.dovecot.org/dovecot-2.2/rev/ad028a950248
changeset: 17395:ad028a950248
user:      Phil Carmody <phil at dovecot.fi>
date:      Tue May 27 21:17:34 2014 +0300
description:
fts: parser-html - parser can fail on attributes='with values in single quotes'
If that value were to contain an odd number of double quotes, then the
HTML_STATE_TAG_(D)QUOTED state would be entered and not exited.

The two quoting types behave basically the same, so just add two new cases
and duplicate the state transition code.

diffstat:

 src/plugins/fts/fts-parser-html.c |  31 +++++++++++++++++++++++--------
 1 files changed, 23 insertions(+), 8 deletions(-)

diffs (59 lines):

diff -r 54e508b71dcd -r ad028a950248 src/plugins/fts/fts-parser-html.c

--- a/src/plugins/fts/fts-parser-html.c	Tue May 27 21:17:34 2014 +0300
+++ b/src/plugins/fts/fts-parser-html.c	Tue May 27 21:17:34 2014 +0300
@@ -16,10 +16,14 @@
 	HTML_STATE_TEXT,
 	/* tag outside "quoted string" */
 	HTML_STATE_TAG,
-	/* tag inside "quoted string" */
-	HTML_STATE_TAG_QUOTED,
+	/* tag inside "double quoted string" */
+	HTML_STATE_TAG_DQUOTED,
 	/* tag -> "escape\ */
-	HTML_STATE_TAG_QUOTED_ESCAPE,
+	HTML_STATE_TAG_DQUOTED_ESCAPE,
+	/* tag inside 'single quoted string' */
+	HTML_STATE_TAG_SQUOTED,
+	/* tag -> 'escape\ */
+	HTML_STATE_TAG_SQUOTED_ESCAPE,
 	/* script/stype content */
 	HTML_STATE_IGNORE,
 	/* comment */
@@ -171,21 +175,32 @@
 			break;
 		case HTML_STATE_TAG:
 			if (c == '"')
-				parser->state = HTML_STATE_TAG_QUOTED;
+				parser->state = HTML_STATE_TAG_DQUOTED;
+			else if (c == '\'')
+				parser->state = HTML_STATE_TAG_DQUOTED;
 			else if (c == '>') {
 				parser->state = parser->ignore_next_text ?
 					HTML_STATE_IGNORE : HTML_STATE_TEXT;
 				parser_add_space(parser);
 			}
 			break;
-		case HTML_STATE_TAG_QUOTED:
+		case HTML_STATE_TAG_DQUOTED:
 			if (c == '"')
 				parser->state = HTML_STATE_TAG;
 			else if (c == '\\')
-				parser->state = HTML_STATE_TAG_QUOTED_ESCAPE;
+				parser->state = HTML_STATE_TAG_DQUOTED_ESCAPE;
 			break;
-		case HTML_STATE_TAG_QUOTED_ESCAPE:
-			parser->state = HTML_STATE_TAG_QUOTED;
+		case HTML_STATE_TAG_DQUOTED_ESCAPE:
+			parser->state = HTML_STATE_TAG_DQUOTED;
+			break;
+		case HTML_STATE_TAG_SQUOTED:
+			if (c == '\'')
+				parser->state = HTML_STATE_TAG;
+			else if (c == '\\')
+				parser->state = HTML_STATE_TAG_SQUOTED_ESCAPE;
+			break;
+		case HTML_STATE_TAG_SQUOTED_ESCAPE:
+			parser->state = HTML_STATE_TAG_SQUOTED;
 			break;
 		case HTML_STATE_IGNORE:
 			if (c == '<') {
