From b36eaf826c1f9e587f189c5e9c58966c726a95c9 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sat, 25 Sep 2021 13:01:23 +0100
Subject: [PATCH] [Minor] Rework to fix issues in Lua API

Found by: coverity scan
---
 src/lua/lua_common.h    |  8 +++++++
 src/lua/lua_cryptobox.c | 20 ++++++++++++++++-
 src/lua/lua_mimepart.c  |  4 ++--
 src/lua/lua_spf.c       | 50 ++++++++++++++++++++++++-----------------
 src/lua/lua_task.c      |  4 ++--
 5 files changed, 60 insertions(+), 26 deletions(-)

diff --git a/src/lua/lua_common.h b/src/lua/lua_common.h
index 10816d450..a1f62cdb6 100644
--- a/src/lua/lua_common.h
+++ b/src/lua/lua_common.h
@@ -527,6 +527,14 @@ gsize lua_logger_out_type (lua_State *L, gint pos, gchar *outbuf,
 */
 void *rspamd_lua_check_udata (lua_State *L, gint pos, const gchar *classname);
 
+#define RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, pos, classname, type, dest)  do { \
+    type **_maybe_ptr = (type **)rspamd_lua_check_udata((L), (pos), (classname)); \
+    if (_maybe_ptr == NULL) { \
+        return luaL_error (L, "%s: invalid arguments; pos = %d; expected = %s", G_STRFUNC, (pos), (classname)); \
+    } \
+    (dest) = *(_maybe_ptr);                                                          \
+} while(0)
+
 /**
 * Safely checks userdata to match specified class
 * @param L
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index 9cea18311..f16fd8b67 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -2019,6 +2019,10 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 			gint ret = luaL_error (L, "cannot encrypt data: %s", err->message);
 			g_error_free (err);
 
+			if (owned_pk) {
+				rspamd_pubkey_unref (pk);
+			}
+
 			return ret;
 		}
 	}
@@ -2027,6 +2031,10 @@ lua_cryptobox_encrypt_memory (lua_State *L)
 			gint ret = luaL_error (L, "cannot encrypt data: %s", err->message);
 			g_error_free (err);
 
+			if (owned_pk) {
+				rspamd_pubkey_unref (pk);
+			}
+
 			return ret;
 		}
 	}
@@ -2065,7 +2073,7 @@ lua_cryptobox_encrypt_file (lua_State *L)
 	struct rspamd_cryptobox_keypair *kp = NULL;
 	struct rspamd_cryptobox_pubkey *pk = NULL;
 	const gchar *filename;
-	gchar *data;
+	gchar *data = NULL;
 	guchar *out = NULL;
 	struct rspamd_lua_text *res;
 	gsize len = 0, outlen = 0;
@@ -2104,6 +2112,9 @@ lua_cryptobox_encrypt_file (lua_State *L)
 					err->message);
 			g_error_free (err);
 			munmap (data, len);
+			if (own_pk) {
+				rspamd_pubkey_unref (pk);
+			}
 
 			return ret;
 		}
@@ -2115,6 +2126,10 @@ lua_cryptobox_encrypt_file (lua_State *L)
 			g_error_free (err);
 			munmap (data, len);
 
+			if (own_pk) {
+				rspamd_pubkey_unref (pk);
+			}
+
 			return ret;
 		}
 	}
@@ -2132,6 +2147,9 @@ lua_cryptobox_encrypt_file (lua_State *L)
 	return 1;
 
 err:
+	if (data) {
+		munmap (data, len);
+	}
 	if (own_pk) {
 		rspamd_pubkey_unref (pk);
 	}
diff --git a/src/lua/lua_mimepart.c b/src/lua/lua_mimepart.c
index 21a46d496..2018819e8 100644
--- a/src/lua/lua_mimepart.c
+++ b/src/lua/lua_mimepart.c
@@ -2031,8 +2031,8 @@ lua_mimepart_headers_foreach (lua_State *L)
 			lua_gettable (L, 3);
 
 			if (lua_isuserdata (L, -1)) {
-				re = *(struct rspamd_lua_regexp **)
-						rspamd_lua_check_udata (L, -1, "rspamd{regexp}");
+				RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, -1, "rspamd{regexp}",
+						struct rspamd_lua_regexp, re);
 			}
 
 			lua_pop (L, 1);
diff --git a/src/lua/lua_spf.c b/src/lua/lua_spf.c
index 22f1ad2b2..a55b511be 100644
--- a/src/lua/lua_spf.c
+++ b/src/lua/lua_spf.c
@@ -258,9 +258,11 @@ lua_spf_resolve (lua_State * L)
 static gint
 lua_spf_record_dtor (lua_State *L)
 {
-	struct spf_resolved *record =
-			* (struct spf_resolved **)rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 
 	if (record) {
 		spf_record_unref (record);
@@ -398,9 +400,10 @@ spf_check_element (lua_State *L, struct spf_resolved *rec, struct spf_addr *addr
 static gint
 lua_spf_record_check_ip (lua_State *L)
 {
-	struct spf_resolved *record =
-			* (struct spf_resolved **)rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 	struct rspamd_lua_ip *ip = NULL;
 	gint nres = 0;
 	gboolean need_free_ip = FALSE;
@@ -474,9 +477,10 @@ lua_spf_record_check_ip (lua_State *L)
 static gint
 lua_spf_record_get_domain (lua_State *L)
 {
-	struct spf_resolved *record =
-			*(struct spf_resolved **) rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 
 	if (record) {
 		lua_pushstring (L, record->domain);
@@ -495,9 +499,10 @@ lua_spf_record_get_domain (lua_State *L)
 static gint
 lua_spf_record_get_ttl (lua_State *L)
 {
-	struct spf_resolved *record =
-			*(struct spf_resolved **) rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 
 	if (record) {
 		lua_pushinteger (L, record->ttl);
@@ -516,9 +521,10 @@ lua_spf_record_get_ttl (lua_State *L)
 static gint
 lua_spf_record_get_timestamp (lua_State *L)
 {
-	struct spf_resolved *record =
-			*(struct spf_resolved **) rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 
 	if (record) {
 		lua_pushnumber (L, record->timestamp);
@@ -537,9 +543,10 @@ lua_spf_record_get_timestamp (lua_State *L)
 static gint
 lua_spf_record_get_digest (lua_State *L)
 {
-	struct spf_resolved *record =
-			*(struct spf_resolved **) rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 
 	if (record) {
 		gchar hexbuf[64];
@@ -567,9 +574,10 @@ lua_spf_record_get_digest (lua_State *L)
 static gint
 lua_spf_record_get_elts (lua_State *L)
 {
-	struct spf_resolved *record =
-			*(struct spf_resolved **) rspamd_lua_check_udata (L, 1,
-					SPF_RECORD_CLASS);
+	struct spf_resolved *record;
+	RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, 1, SPF_RECORD_CLASS,
+			struct spf_resolved,
+			record);
 
 	if (record) {
 		guint i;
diff --git a/src/lua/lua_task.c b/src/lua/lua_task.c
index 589d45439..de2b130d6 100644
--- a/src/lua/lua_task.c
+++ b/src/lua/lua_task.c
@@ -6679,8 +6679,8 @@ lua_task_headers_foreach (lua_State *L)
 				lua_gettable (L, 3);
 
 				if (lua_isuserdata (L, -1)) {
-					re = *(struct rspamd_lua_regexp **)
-							rspamd_lua_check_udata (L, -1, "rspamd{regexp}");
+					RSPAMD_LUA_CHECK_UDATA_PTR_OR_RETURN(L, -1, "rspamd{regexp}",
+							struct rspamd_lua_regexp, re);
 				}
 
 				lua_pop (L, 1);
-- 
2.39.5