From b083a2a17f190d7e15ba0a80aa811746f974a8ed Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 18 Mar 2022 21:33:31 +0000 Subject: [PATCH] [Minor] Adopt lua_url stuff for the new PRG --- src/lua/lua_url.c | 12 ++++++------ src/lua/lua_url.h | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lua/lua_url.c b/src/lua/lua_url.c index af7dd5f4e..a2ce1d987 100644 --- a/src/lua/lua_url.c +++ b/src/lua/lua_url.c @@ -963,7 +963,7 @@ lua_tree_url_callback (gpointer key, gpointer value, gpointer ud) } if (cb->skip_prob > 0) { - gdouble coin = rspamd_random_double_fast_seed (cb->xoroshiro_state); + gdouble coin = rspamd_random_double_fast_seed (&cb->random_seed); if (coin < cb->skip_prob) { return; @@ -1337,7 +1337,7 @@ lua_url_cbdata_dtor (struct lua_tree_cb_data *cbd) } gsize -lua_url_adjust_skip_prob (gdouble timestamp, +lua_url_adjust_skip_prob (float timestamp, guchar digest[16], struct lua_tree_cb_data *cb, gsize sz) @@ -1347,11 +1347,11 @@ lua_url_adjust_skip_prob (gdouble timestamp, /* * Use task dependent probabilistic seed to ensure that * consequent task:get_urls return the same list of urls + * We use both digest and timestamp here to avoid attack surface + * based just on digest. */ - memset (cb->xoroshiro_state, 0, sizeof (cb->xoroshiro_state)); - memcpy (&cb->xoroshiro_state[0], ×tamp, - MIN (sizeof (cb->xoroshiro_state[0]), sizeof (timestamp))); - memcpy (&cb->xoroshiro_state[1], digest, 16); + memcpy(&cb->random_seed, digest, 4); + memcpy(((unsigned char *)&cb->random_seed) + 4, ×tamp, 4); sz = cb->max_urls; } diff --git a/src/lua/lua_url.h b/src/lua/lua_url.h index 904a56da7..ac6adec50 100644 --- a/src/lua/lua_url.h +++ b/src/lua/lua_url.h @@ -37,7 +37,7 @@ struct lua_tree_cb_data { gboolean sort; gsize max_urls; gdouble skip_prob; - guint64 xoroshiro_state[4]; + guint64 random_seed; }; void lua_tree_url_callback (gpointer key, gpointer value, gpointer ud); @@ -75,7 +75,7 @@ void lua_url_cbdata_dtor (struct lua_tree_cb_data *cbd); * @param max_urls * @return */ -gsize lua_url_adjust_skip_prob (gdouble timestamp, +gsize lua_url_adjust_skip_prob (float timestamp, guchar *digest, struct lua_tree_cb_data *cb, gsize sz); -- 2.39.5