Fix race condition.

This race condition could occur if a message has too high spam score and the
planner decides to stop checking. However, already registered events
pending were not checked, which caused use-after-free for a task object.

diff --git a/src/libmime/filter.c b/src/libmime/filter.c
index 99e88873050c3c80e4fec9d4c0ef1fa635df6306..89bbfad10a6f997c45b58611ce21ab4797170ebd 100644 (file)
--- a/src/libmime/filter.c
+++ b/src/libmime/filter.c
@@ -381,7 +381,9 @@ rspamd_process_filters (struct rspamd_task *task)
                        if (!task->pass_all_filters &&
                                metric->actions[METRIC_ACTION_REJECT].score > 0 &&
                                check_metric_is_spam (task, metric)) {
-                               task->state = WRITE_REPLY;
+                               msg_info ("<%s> has already scored more than %.2f, so do not "
+                                               "plan any more checks", task->message_id,
+                                               metric->actions[METRIC_ACTION_REJECT].score);
                                return 1;
                        }
                        cur = g_list_next (cur);