Merge branch 'master' into actualize-elastic-module

6 files changed, 102 insertions, 12 deletions

diff --git a/ChangeLog b/ChangeLog
index 3bee75dd2..bd229a1e8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+3.10.2: 21 Oct 2024
+  * [CritFix] Fix ARC-Seal signing
+  * [Fix] add EOF to openmetrics response in proxy and server
+
+3.10.1: 16 Oct 2024
+  * [Feature] Update effective_tld_names.dat by @wdhdev in #5176
+  * [Fix] Use correct type for keylen in lua_ucl_newindex by @arkamar in #5169
+  * [Fix] Avoid null-bytes in Log-Tag header value by @smarsching in #5179
+  * [Fix] Do not abort when OpenSSL is broken, report that to a user by @vstakhov in #5188
+  * [Fix] Update hiredis library removing all hacks by @vstakhov in #5167
+  * [Fix] Remove proxy from url_redirector.conf as it not the option by @dragoangel in #5164
+  * [Fix] Some build fixes by @vstakhov in #5189
+  * [Fix] Some more fixes by @vstakhov in #5190
+
 3.10.0: 30 Sep 2024
   * [Conf] Add SenderScore RPBL return codes
   * [Conf] Add SenderScore Reputationlist RBL
diff --git a/src/lua/lua_common.h b/src/lua/lua_common.h
index 198735c66..1d39d0c52 100644
--- a/src/lua/lua_common.h
+++ b/src/lua/lua_common.h
@@ -94,8 +94,7 @@ static inline int lua_absindex(lua_State *L, int i)
 #define LUA_PUBLIC_FUNCTION_DEF(class, name) int lua_##class##_##name(lua_State *L)
 #define LUA_INTERFACE_DEF(class, name) \
 	{                                  \
-		#name, lua_##class##_##name    \
-	}
+		#name, lua_##class##_##name}
 
 extern const luaL_reg null_reg[];
 
@@ -281,7 +280,7 @@ struct rspamd_lua_text *lua_check_text_or_string(lua_State *L, int pos);
  * @return
  */
 struct rspamd_lua_text *lua_new_text(lua_State *L, const char *start,
-									 gsize len, gboolean own);
+									 gsize len, gboolean allocate_memory);
 /**
  * Create new text object from task pool if allocation is needed
  * @param task
diff --git a/src/lua/lua_compress.c b/src/lua/lua_compress.c
index 4a348404c..c82394ed6 100644
--- a/src/lua/lua_compress.c
+++ b/src/lua/lua_compress.c
@@ -1,11 +1,11 @@
-/*-
- * Copyright 2021 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -504,7 +504,8 @@ lua_zstd_compress_stream(lua_State *L)
 		return lua_zstd_push_error(L, err);
 	}
 
-	lua_new_text(L, onb.dst, onb.pos, TRUE);
+	t = lua_new_text(L, onb.dst, onb.pos, FALSE);
+	t->flags |= RSPAMD_TEXT_FLAG_OWN;
 
 	return 1;
 }
@@ -598,7 +599,8 @@ lua_zstd_decompress_stream(lua_State *L)
 		return lua_zstd_push_error(L, err);
 	}
 
-	lua_new_text(L, onb.dst, onb.pos, TRUE);
+	t = lua_new_text(L, onb.dst, onb.pos, FALSE);
+	t->flags |= RSPAMD_TEXT_FLAG_OWN;
 
 	return 1;
 }
diff --git a/src/lua/lua_text.c b/src/lua/lua_text.c
index 4478314f1..3342fc95c 100644
--- a/src/lua/lua_text.c
+++ b/src/lua/lua_text.c
@@ -312,14 +312,14 @@ lua_check_text_or_string(lua_State *L, int pos)
 }
 
 struct rspamd_lua_text *
-lua_new_text(lua_State *L, const char *start, gsize len, gboolean own)
+lua_new_text(lua_State *L, const char *start, gsize len, gboolean allocate_memory)
 {
 	struct rspamd_lua_text *t;
 
 	t = lua_newuserdata(L, sizeof(*t));
 	t->flags = 0;
 
-	if (own) {
+	if (allocate_memory) {
 		char *storage;
 
 		if (len > 0) {
diff --git a/src/lua/lua_util.c b/src/lua/lua_util.c
index 92f831f6f..251d1e1e7 100644
--- a/src/lua/lua_util.c
+++ b/src/lua/lua_util.c
@@ -1025,7 +1025,12 @@ lua_util_encode_base64(lua_State *L)
 		}
 
 		if (out != NULL) {
-			lua_new_text(L, out, outlen, TRUE);
+			/*
+			 * Manually set OWN flag, as `lua_new_text` will allocate another chunk of memory,
+			 * and we will have memory leak of the memory allocated by `rspamd_encode_base64_fold`
+			 */
+			t = lua_new_text(L, out, outlen, FALSE);
+			t->flags = RSPAMD_TEXT_FLAG_OWN;
 		}
 		else {
 			lua_pushnil(L);
@@ -1650,7 +1655,9 @@ lua_util_transliterate(lua_State *L)
 
 	gsize outlen;
 	char *transliterated = rspamd_utf8_transliterate(t->start, t->len, &outlen);
-	lua_new_text(L, transliterated, outlen, TRUE);
+
+	t = lua_new_text(L, transliterated, outlen, FALSE);
+	t->flags = RSPAMD_TEXT_FLAG_OWN;
 
 	return 1;
 }
diff --git a/test/rspamd_cxx_unit_cryptobox.hxx b/test/rspamd_cxx_unit_cryptobox.hxx
index 5829b1e43..7d9c76b4e 100644
--- a/test/rspamd_cxx_unit_cryptobox.hxx
+++ b/test/rspamd_cxx_unit_cryptobox.hxx
@@ -21,6 +21,23 @@
 #include "libcryptobox/cryptobox.h"
 #include <string>
 #include <string_view>
+#include <vector>
+#include <iosfwd>
+
+namespace std// NOLINT(cert-dcl58-cpp)
+{
+template<typename T>
+ostream &operator<<(ostream &stream, const vector<T> &in)
+{
+	stream << "[";
+	for (size_t i = 0; i < in.size(); ++i) {
+		if (i != 0) { stream << ", "; }
+		stream << in[i];
+	}
+	stream << "]";
+	return stream;
+}
+}// namespace std
 
 TEST_SUITE("rspamd_cryptobox")
 {
@@ -177,6 +194,57 @@ TEST_SUITE("rspamd_cryptobox")
 		g_free(out);
 		g_free(decrypted);
 	}
+
+	TEST_CASE("rspamd x25519 scalarmult")
+	{
+		rspamd_sk_t sk;
+
+		// Use a fixed zero secret key
+		memset(sk, 0, sizeof(sk));
+
+		// Use a well known public key
+		const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay";
+		gsize outlen;
+		auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT);
+		unsigned char expected[32] = {95, 76, 225, 188, 0, 26, 146, 94, 70, 249,
+									  90, 189, 35, 51, 1, 42, 9, 37, 94, 254, 204, 55, 198, 91, 180, 90,
+									  46, 217, 140, 226, 211, 90};
+		const auto expected_arr = std::vector(std::begin(expected), std::end(expected));
+
+		CHECK(outlen == 32);
+		unsigned char out[32];
+		/* Clamp integer */
+		sk[0] &= 248;
+		sk[31] &= 127;
+		sk[31] |= 64;
+		CHECK(crypto_scalarmult(out, sk, pk_decoded) != -1);
+		auto out_arr = std::vector(std::begin(out), std::end(out));
+		CHECK(out_arr == expected_arr);
+	}
+
+	TEST_CASE("rspamd x25519 ecdh")
+	{
+		rspamd_sk_t sk;
+
+		// Use a fixed zero secret key
+		memset(sk, 0, sizeof(sk));
+
+		// Use a well known public key
+		const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay";
+		gsize outlen;
+		auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT);
+		unsigned char expected[32] = {61, 109, 220, 195, 100, 174, 127, 237, 148,
+									  122, 154, 61, 165, 83, 93, 105, 127, 166, 153, 112, 103, 224, 2, 200,
+									  136, 243, 73, 51, 8, 163, 150, 7};
+		const auto expected_arr = std::vector(std::begin(expected), std::end(expected));
+
+		CHECK(outlen == 32);
+		unsigned char out[32];
+
+		rspamd_cryptobox_nm(out, pk_decoded, sk);
+		auto out_arr = std::vector(std::begin(out), std::end(out));
+		CHECK(out_arr == expected_arr);
+	}
 }
 
 #endif