From 0effbd0b4d9dd5b7a7ad888968cea07a2566670f Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Mon, 1 Feb 2021 14:19:49 +0000 Subject: [PATCH] [Fix] Avoid curse of dynamic array referencing --- src/libmime/scan_result.c | 20 ++++++++++---------- src/libmime/scan_result_private.h | 2 +- src/libserver/protocol.c | 4 ++-- src/libserver/task.c | 2 +- src/lua/lua_task.c | 6 +++--- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/libmime/scan_result.c b/src/libmime/scan_result.c index b75dddb1f..0256ab485 100644 --- a/src/libmime/scan_result.c +++ b/src/libmime/scan_result.c @@ -39,7 +39,7 @@ static void rspamd_scan_result_dtor (gpointer d) { struct rspamd_scan_result *r = (struct rspamd_scan_result *)d; - struct rspamd_symbol_result sres; + struct rspamd_symbol_result *sres; rspamd_set_counter_ema (&symbols_count, kh_size (r->symbols), 0.5); @@ -48,8 +48,8 @@ rspamd_scan_result_dtor (gpointer d) } kh_foreach_value (r->symbols, sres, { - if (sres.options) { - kh_destroy (rspamd_options_hash, sres.options); + if (sres->options) { + kh_destroy (rspamd_options_hash, sres->options); } }); kh_destroy (rspamd_symbols_hash, r->symbols); @@ -279,7 +279,7 @@ insert_metric_result (struct rspamd_task *task, k = kh_get (rspamd_symbols_hash, metric_res->symbols, symbol); if (k != kh_end (metric_res->symbols)) { /* Existing metric score */ - s = &kh_value (metric_res->symbols, k); + s = kh_value (metric_res->symbols, k); if (single) { max_shots = 1; } @@ -399,8 +399,8 @@ insert_metric_result (struct rspamd_task *task, k = kh_put (rspamd_symbols_hash, metric_res->symbols, sym_cpy, &ret); g_assert (ret > 0); - s = &kh_value (metric_res->symbols, k); - memset (s, 0, sizeof (*s)); + s = rspamd_mempool_alloc0 (task->task_pool, sizeof (*s)); + kh_value (metric_res->symbols, k) = s; /* Handle grow factor */ if (metric_res->grow_factor && final_score > 0) { @@ -916,7 +916,7 @@ rspamd_task_find_symbol_result (struct rspamd_task *task, const char *sym, k = kh_get (rspamd_symbols_hash, result->symbols, sym); if (k != kh_end (result->symbols)) { - res = &kh_value (result->symbols, k); + res = kh_value (result->symbols, k); } return res; @@ -938,7 +938,7 @@ struct rspamd_symbol_result* rspamd_task_remove_symbol_result ( k = kh_get (rspamd_symbols_hash, result->symbols, symbol); if (k != kh_end (result->symbols)) { - res = &kh_value (result->symbols, k); + res = kh_value (result->symbols, k); if (!isnan (res->score)) { /* Remove score from the result */ @@ -981,7 +981,7 @@ rspamd_task_symbol_result_foreach (struct rspamd_task *task, gpointer ud) { const gchar *kk; - struct rspamd_symbol_result res; + struct rspamd_symbol_result *res; if (result == NULL) { /* Use default result */ @@ -990,7 +990,7 @@ rspamd_task_symbol_result_foreach (struct rspamd_task *task, if (func) { kh_foreach (result->symbols, kk, res, { - func ((gpointer)kk, (gpointer)&res, ud); + func ((gpointer)kk, (gpointer)res, ud); }); } } diff --git a/src/libmime/scan_result_private.h b/src/libmime/scan_result_private.h index cb4ff4cda..39e544146 100644 --- a/src/libmime/scan_result_private.h +++ b/src/libmime/scan_result_private.h @@ -32,7 +32,7 @@ KHASH_INIT (rspamd_options_hash, struct rspamd_symbol_option *, char, /** * Result of metric processing */ -KHASH_MAP_INIT_STR (rspamd_symbols_hash, struct rspamd_symbol_result); +KHASH_MAP_INIT_STR (rspamd_symbols_hash, struct rspamd_symbol_result *); #if UINTPTR_MAX <= UINT_MAX /* 32 bit */ #define rspamd_ptr_hash_func(key) (khint32_t)(((uintptr_t)(key))>>1) diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c index 31b0308cb..7307c95c8 100644 --- a/src/libserver/protocol.c +++ b/src/libserver/protocol.c @@ -1251,7 +1251,7 @@ rspamd_scan_result_ucl (struct rspamd_task *task, obj = ucl_object_typed_new (UCL_OBJECT); } - kh_foreach_value_ptr (mres->symbols, sym, { + kh_foreach_value (mres->symbols, sym, { if (!(sym->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) { sobj = rspamd_metric_symbol_ucl (task, sym); ucl_object_insert_key (obj, sobj, sym->name, 0, false); @@ -1968,7 +1968,7 @@ rspamd_protocol_write_log_pipe (struct rspamd_task *task) i = 0; - kh_foreach_value_ptr (mres->symbols, sym, { + kh_foreach_value (mres->symbols, sym, { id = rspamd_symcache_find_symbol (task->cfg->cache, sym->name); diff --git a/src/libserver/task.c b/src/libserver/task.c index 43ce59ee1..407f2c4d4 100644 --- a/src/libserver/task.c +++ b/src/libserver/task.c @@ -1120,7 +1120,7 @@ rspamd_task_log_metric_res (struct rspamd_task *task, symbuf = rspamd_fstring_sized_new (128); sorted_symbols = g_ptr_array_sized_new (kh_size (mres->symbols)); - kh_foreach_value_ptr (mres->symbols, sym, { + kh_foreach_value (mres->symbols, sym, { if (!(sym->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) { g_ptr_array_add (sorted_symbols, (gpointer)sym); } diff --git a/src/lua/lua_task.c b/src/lua/lua_task.c index 38b22f489..3bd84d886 100644 --- a/src/lua/lua_task.c +++ b/src/lua/lua_task.c @@ -4657,7 +4657,7 @@ lua_task_get_symbols (lua_State *L) lua_createtable (L, kh_size (mres->symbols), 0); lua_createtable (L, kh_size (mres->symbols), 0); - kh_foreach_value_ptr (mres->symbols, s, { + kh_foreach_value (mres->symbols, s, { if (!(s->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) { lua_pushstring (L, s->name); lua_rawseti (L, -3, i); @@ -4700,7 +4700,7 @@ lua_task_get_symbols_all (lua_State *L) found = TRUE; lua_createtable (L, kh_size (mres->symbols), 0); - kh_foreach_value_ptr (mres->symbols, s, { + kh_foreach_value (mres->symbols, s, { if (!(s->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) { lua_push_symbol_result (L, task, s->name, s, mres, FALSE, TRUE); lua_rawseti (L, -2, i++); @@ -4742,7 +4742,7 @@ lua_task_get_symbols_numeric (lua_State *L) lua_createtable (L, kh_size (mres->symbols), 0); - kh_foreach_value_ptr (mres->symbols, s, { + kh_foreach_value (mres->symbols, s, { if (!(s->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) { id = rspamd_symcache_find_symbol (task->cfg->cache, s->name); -- 2.39.5