mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
Browse Source

[CritFix] Plug memory leak in dkim module

tags/1.3.0
Vsevolod Stakhov 8 years ago
parent
d13a61fd95
commit
47fc9abba0
1 changed files with 36 additions and 21 deletions
Split View Show Diff Stats
  1. 36
    21
      src/libserver/dkim.c

+ 36
- 21
src/libserver/dkim.c View File

@@ -167,8 +167,8 @@ struct rspamd_dkim_context_s {
gchar *dns_key;
const gchar *dkim_header;

EVP_MD_CTX headers_hash;
EVP_MD_CTX body_hash;
EVP_MD_CTX *headers_hash;
EVP_MD_CTX *body_hash;
};

struct rspamd_dkim_key_s {
@@ -886,10 +886,25 @@ rspamd_create_dkim_context (const gchar *sig,

return NULL;
}

EVP_DigestInit (&ctx->body_hash, md_alg);
EVP_DigestInit (&ctx->headers_hash, md_alg);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
ctx->body_hash = EVP_MD_CTX_create ();
EVP_DigestInit_ex (ctx->body_hash, md_alg, NULL);
ctx->headers_hash = EVP_MD_CTX_create ();
EVP_DigestInit_ex (ctx->headers_hash, md_alg, NULL);
rspamd_mempool_add_destructor (pool,
(rspamd_mempool_destruct_t)EVP_MD_CTX_destroy, ctx->body_hash);
rspamd_mempool_add_destructor (pool,
(rspamd_mempool_destruct_t)EVP_MD_CTX_destroy, ctx->headers_hash);
#else
ctx->body_hash = EVP_MD_CTX_new ();
EVP_DigestInit_ex (ctx->body_hash, md_alg, NULL);
ctx->headers_hash = EVP_MD_CTX_new ();
EVP_DigestInit_ex (ctx->headers_hash, md_alg, NULL);
rspamd_mempool_add_destructor (pool,
(rspamd_mempool_destruct_t)EVP_MD_CTX_free, ctx->body_hash);
rspamd_mempool_add_destructor (pool,
(rspamd_mempool_destruct_t)EVP_MD_CTX_free, ctx->headers_hash);
#endif
ctx->dkim_header = sig;

return ctx;
@@ -1256,10 +1271,10 @@ rspamd_dkim_canonize_body (rspamd_dkim_context_t *ctx,
if (start == NULL) {
/* Empty body */
if (ctx->body_canon_type == DKIM_CANON_SIMPLE) {
EVP_DigestUpdate (&ctx->body_hash, CRLF, sizeof (CRLF) - 1);
EVP_DigestUpdate (ctx->body_hash, CRLF, sizeof (CRLF) - 1);
}
else {
EVP_DigestUpdate (&ctx->body_hash, "", 0);
EVP_DigestUpdate (ctx->body_hash, "", 0);
}
}
else {
@@ -1283,20 +1298,20 @@ rspamd_dkim_canonize_body (rspamd_dkim_context_t *ctx,
if (end == start) {
/* Empty body */
if (ctx->body_canon_type == DKIM_CANON_SIMPLE) {
EVP_DigestUpdate (&ctx->body_hash, CRLF, sizeof (CRLF) - 1);
EVP_DigestUpdate (ctx->body_hash, CRLF, sizeof (CRLF) - 1);
}
else {
EVP_DigestUpdate (&ctx->body_hash, "", 0);
EVP_DigestUpdate (ctx->body_hash, "", 0);
}
}
else {
if (ctx->body_canon_type == DKIM_CANON_SIMPLE) {
/* Simple canonization */
while (rspamd_dkim_simple_body_step (ctx, &ctx->body_hash,
while (rspamd_dkim_simple_body_step (ctx, ctx->body_hash,
&start, end - start, &remain)) ;
}
else {
while (rspamd_dkim_relaxed_body_step (ctx, &ctx->body_hash,
while (rspamd_dkim_relaxed_body_step (ctx, ctx->body_hash,
&start, end - start, &remain)) ;
}
}
@@ -1362,7 +1377,7 @@ rspamd_dkim_signature_update (rspamd_dkim_context_t *ctx,
msg_debug_dkim ("initial update hash with signature part: %*s",
p - c + 2,
c);
rspamd_dkim_hash_update (&ctx->headers_hash, c, p - c + 2);
rspamd_dkim_hash_update (ctx->headers_hash, c, p - c + 2);
skip = TRUE;
}
else if (skip && (*p == ';' || p == end - 1)) {
@@ -1386,7 +1401,7 @@ rspamd_dkim_signature_update (rspamd_dkim_context_t *ctx,

if (p - c + 1 > 0) {
msg_debug_dkim ("final update hash with signature part: %*s", p - c + 1, c);
rspamd_dkim_hash_update (&ctx->headers_hash, c, p - c + 1);
rspamd_dkim_hash_update (ctx->headers_hash, c, p - c + 1);
}
}

@@ -1454,7 +1469,7 @@ rspamd_dkim_canonize_header_relaxed (rspamd_dkim_context_t *ctx,

if (!is_sign) {
msg_debug_dkim ("update signature with header: %s", buf);
EVP_DigestUpdate (&ctx->headers_hash, buf, t - buf);
EVP_DigestUpdate (ctx->headers_hash, buf, t - buf);
}
else {
rspamd_dkim_signature_update (ctx, buf, t - buf);
@@ -1565,7 +1580,7 @@ rspamd_dkim_canonize_header_simple (rspamd_dkim_context_t *ctx,
msg_debug_dkim ("update signature with header: %*s",
elt->len,
elt->begin);
rspamd_dkim_hash_update (&ctx->headers_hash,
rspamd_dkim_hash_update (ctx->headers_hash,
elt->begin,
elt->len);
}
@@ -1573,7 +1588,7 @@ rspamd_dkim_canonize_header_simple (rspamd_dkim_context_t *ctx,
msg_debug_dkim ("update signature with header: %*s",
elt->len + 1,
elt->begin);
rspamd_dkim_hash_update (&ctx->headers_hash,
rspamd_dkim_hash_update (ctx->headers_hash,
elt->begin,
elt->len + 1);
}
@@ -1786,8 +1801,8 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
/* Canonize dkim signature */
rspamd_dkim_canonize_header (ctx, task, DKIM_SIGNHEADER, 1, TRUE);

dlen = EVP_MD_CTX_size (&ctx->body_hash);
EVP_DigestFinal (&ctx->body_hash, raw_digest, NULL);
dlen = EVP_MD_CTX_size (ctx->body_hash);
EVP_DigestFinal_ex (ctx->body_hash, raw_digest, NULL);

/* Check bh field */
if (memcmp (ctx->bh, raw_digest, ctx->bhlen) != 0) {
@@ -1796,8 +1811,8 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
return DKIM_REJECT;
}

dlen = EVP_MD_CTX_size (&ctx->headers_hash);
EVP_DigestFinal (&ctx->headers_hash, raw_digest, NULL);
dlen = EVP_MD_CTX_size (ctx->headers_hash);
EVP_DigestFinal_ex (ctx->headers_hash, raw_digest, NULL);
/* Check headers signature */

if (ctx->sig_alg == DKIM_SIGN_RSASHA1) {

Write Preview
Loading…
Cancel
Save