diff options
author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-11-06 18:56:18 +0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-11-06 18:56:18 +0600 |
commit | c763d4bb58423d1e356263d989a81c7546e577c5 (patch) | |
tree | b943da3d6b7097b2b897c7236c1009ae46185702 | |
parent | ebf6f29f301c06b9090fe11cb3865b2759f204e3 (diff) | |
parent | b5ba154e32a7c72a2be852b50a92a7c681f5da04 (diff) | |
download | rspamd-c763d4bb58423d1e356263d989a81c7546e577c5.tar.gz rspamd-c763d4bb58423d1e356263d989a81c7546e577c5.zip |
Merge branch 'master' into master
-rw-r--r-- | conf/composites.conf | 4 | ||||
-rw-r--r-- | src/lua/lua_common.h | 5 | ||||
-rw-r--r-- | src/lua/lua_compress.c | 12 | ||||
-rw-r--r-- | src/lua/lua_text.c | 4 | ||||
-rw-r--r-- | src/lua/lua_util.c | 11 | ||||
-rw-r--r-- | src/plugins/lua/mime_types.lua | 1 | ||||
-rw-r--r-- | src/ragel/smtp_addr_parser.rl | 18 | ||||
-rw-r--r-- | test/lua/unit/smtp_addr.lua | 68 | ||||
-rw-r--r-- | test/rspamd_cxx_unit_cryptobox.hxx | 38 |
9 files changed, 94 insertions, 67 deletions
diff --git a/conf/composites.conf b/conf/composites.conf index 4fb97588f..34a6c170e 100644 --- a/conf/composites.conf +++ b/conf/composites.conf @@ -165,7 +165,7 @@ composites { group = "scams"; } FREEMAIL_AFF { - expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_MDN) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)"; + expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO | FREEMAIL_MDN) & (TO_DN_RECIPIENTS | R_UNDISC_RCPT | CD_MM_BODY) & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM | SUBJECT_HAS_CURRENCY)"; score = 4.0; policy = "leave"; description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses"; @@ -191,7 +191,7 @@ composites { description = "Message authenticated, but from a suspicios origin (potentially an injector)"; } ABUSE_FROM_INJECTOR { - expression = "SUSPICIOUS_AUTH_ORIGIN & (FAKE_REPLY | HAS_IPFS_GATEWAY_URL | HTML_SHORT_LINK_IMG_1)"; + expression = "SUSPICIOUS_AUTH_ORIGIN & (RCVD_HELO_USER | FAKE_REPLY | HAS_IPFS_GATEWAY_URL | HTML_SHORT_LINK_IMG_1)"; score = 2.0; policy = "leave"; description = "Message is sent from a suspicios origin and showing signs of abuse, likely spam injected in compromised account"; diff --git a/src/lua/lua_common.h b/src/lua/lua_common.h index 198735c66..1d39d0c52 100644 --- a/src/lua/lua_common.h +++ b/src/lua/lua_common.h @@ -94,8 +94,7 @@ static inline int lua_absindex(lua_State *L, int i) #define LUA_PUBLIC_FUNCTION_DEF(class, name) int lua_##class##_##name(lua_State *L) #define LUA_INTERFACE_DEF(class, name) \ { \ - #name, lua_##class##_##name \ - } + #name, lua_##class##_##name} extern const luaL_reg null_reg[]; @@ -281,7 +280,7 @@ struct rspamd_lua_text *lua_check_text_or_string(lua_State *L, int pos); * @return */ struct rspamd_lua_text *lua_new_text(lua_State *L, const char *start, - gsize len, gboolean own); + gsize len, gboolean allocate_memory); /** * Create new text object from task pool if allocation is needed * @param task diff --git a/src/lua/lua_compress.c b/src/lua/lua_compress.c index 4a348404c..c82394ed6 100644 --- a/src/lua/lua_compress.c +++ b/src/lua/lua_compress.c @@ -1,11 +1,11 @@ -/*- - * Copyright 2021 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -504,7 +504,8 @@ lua_zstd_compress_stream(lua_State *L) return lua_zstd_push_error(L, err); } - lua_new_text(L, onb.dst, onb.pos, TRUE); + t = lua_new_text(L, onb.dst, onb.pos, FALSE); + t->flags |= RSPAMD_TEXT_FLAG_OWN; return 1; } @@ -598,7 +599,8 @@ lua_zstd_decompress_stream(lua_State *L) return lua_zstd_push_error(L, err); } - lua_new_text(L, onb.dst, onb.pos, TRUE); + t = lua_new_text(L, onb.dst, onb.pos, FALSE); + t->flags |= RSPAMD_TEXT_FLAG_OWN; return 1; } diff --git a/src/lua/lua_text.c b/src/lua/lua_text.c index 4478314f1..3342fc95c 100644 --- a/src/lua/lua_text.c +++ b/src/lua/lua_text.c @@ -312,14 +312,14 @@ lua_check_text_or_string(lua_State *L, int pos) } struct rspamd_lua_text * -lua_new_text(lua_State *L, const char *start, gsize len, gboolean own) +lua_new_text(lua_State *L, const char *start, gsize len, gboolean allocate_memory) { struct rspamd_lua_text *t; t = lua_newuserdata(L, sizeof(*t)); t->flags = 0; - if (own) { + if (allocate_memory) { char *storage; if (len > 0) { diff --git a/src/lua/lua_util.c b/src/lua/lua_util.c index 92f831f6f..251d1e1e7 100644 --- a/src/lua/lua_util.c +++ b/src/lua/lua_util.c @@ -1025,7 +1025,12 @@ lua_util_encode_base64(lua_State *L) } if (out != NULL) { - lua_new_text(L, out, outlen, TRUE); + /* + * Manually set OWN flag, as `lua_new_text` will allocate another chunk of memory, + * and we will have memory leak of the memory allocated by `rspamd_encode_base64_fold` + */ + t = lua_new_text(L, out, outlen, FALSE); + t->flags = RSPAMD_TEXT_FLAG_OWN; } else { lua_pushnil(L); @@ -1650,7 +1655,9 @@ lua_util_transliterate(lua_State *L) gsize outlen; char *transliterated = rspamd_utf8_transliterate(t->start, t->len, &outlen); - lua_new_text(L, transliterated, outlen, TRUE); + + t = lua_new_text(L, transliterated, outlen, FALSE); + t->flags = RSPAMD_TEXT_FLAG_OWN; return 1; } diff --git a/src/plugins/lua/mime_types.lua b/src/plugins/lua/mime_types.lua index ec8e566f2..c69fa1e7b 100644 --- a/src/plugins/lua/mime_types.lua +++ b/src/plugins/lua/mime_types.lua @@ -75,6 +75,7 @@ local settings = { mht = 2, mhtml = 2, oqy = 2, + rdp = 2, rqy = 2, sfx = 2, slk = 2, diff --git a/src/ragel/smtp_addr_parser.rl b/src/ragel/smtp_addr_parser.rl index b5b4863d3..330f3f01d 100644 --- a/src/ragel/smtp_addr_parser.rl +++ b/src/ragel/smtp_addr_parser.rl @@ -8,33 +8,33 @@ action IP4_end {} action User_start { - addr->user = p; + addr->user = (const char *)p; } action User_end { if (addr->user) { - addr->user_len = p - addr->user; + addr->user_len = (const char *)p - addr->user; } } action Domain_start { - addr->domain = p; + addr->domain = (const char *)p; } action Domain_end { if (addr->domain) { - addr->domain_len = p - addr->domain; + addr->domain_len = (const char *)p - addr->domain; } } action Domain_addr_start { - addr->domain = p; + addr->domain = (const char *)p; addr->flags |= RSPAMD_EMAIL_ADDR_IP; } action Domain_addr_end { if (addr->domain) { - addr->domain_len = p - addr->domain; + addr->domain_len = (const char *)p - addr->domain; } } @@ -64,12 +64,12 @@ } action Addr_start { - addr->addr = p; + addr->addr = (const char *)p; } action Addr_end { if (addr->addr) { - addr->addr_len = p - addr->addr; + addr->addr_len = (const char *)p - addr->addr; } } @@ -87,7 +87,7 @@ int rspamd_smtp_addr_parse (const char *data, size_t len, struct rspamd_email_address *addr) { - const char *p = data, *pe = data + len, *eof; + const unsigned char *p = (const unsigned char *)data, *pe = (const unsigned char *)data + len, *eof; int cs; g_assert (addr != NULL); diff --git a/test/lua/unit/smtp_addr.lua b/test/lua/unit/smtp_addr.lua index 2cb7755f8..16f59d07c 100644 --- a/test/lua/unit/smtp_addr.lua +++ b/test/lua/unit/smtp_addr.lua @@ -5,7 +5,7 @@ context("SMTP address check functions", function() local ffi = require("ffi") local util = require("rspamd_util") local fun = require "fun" - ffi.cdef[[ + ffi.cdef [[ struct rspamd_email_address { const char *raw; const char *addr; @@ -24,29 +24,31 @@ context("SMTP address check functions", function() ]] local cases_valid = { - {'<>', {addr = ''}}, - {'<a@example.com>', {user = 'a', domain = 'example.com', addr = 'a@example.com'}}, - {'<a-b@example.com>', {user = 'a-b', domain = 'example.com', addr = 'a-b@example.com'}}, - {'<a-b@ex-ample.com>', {user = 'a-b', domain = 'ex-ample.com', addr = 'a-b@ex-ample.com'}}, - {'1367=dec2a6ce-81bd-4fa9-ad02-ec5956466c04=9=1655370@example.220-volt.ru', - {user = '1367=dec2a6ce-81bd-4fa9-ad02-ec5956466c04=9=1655370', - domain = 'example.220-volt.ru', - addr = '1367=dec2a6ce-81bd-4fa9-ad02-ec5956466c04=9=1655370@example.220-volt.ru'}}, - {'notification+kjdm---m7wwd@facebookmail.com', {user = 'notification+kjdm---m7wwd'}}, - {'a@example.com', {user = 'a', domain = 'example.com', addr = 'a@example.com'}}, - {'a+b@example.com', {user = 'a+b', domain = 'example.com', addr = 'a+b@example.com'}}, - {'"a"@example.com', {user = 'a', domain = 'example.com', addr = 'a@example.com'}}, - {'"a+b"@example.com', {user = 'a+b', domain = 'example.com', addr = 'a+b@example.com'}}, - {'"<>"@example.com', {user = '<>', domain = 'example.com', addr = '<>@example.com'}}, - {'<"<>"@example.com>', {user = '<>', domain = 'example.com', addr = '<>@example.com'}}, - {'"\\""@example.com', {user = '"', domain = 'example.com', addr = '"@example.com'}}, - {'"\\"abc"@example.com', {user = '"abc', domain = 'example.com', addr = '"abc@example.com'}}, - {'<@domain1,@domain2,@domain3:abc@example.com>', - {user = 'abc', domain = 'example.com', addr = 'abc@example.com'}}, + { '<>', { addr = '' } }, + { '<a@example.com>', { user = 'a', domain = 'example.com', addr = 'a@example.com' } }, + { '<a-b@example.com>', { user = 'a-b', domain = 'example.com', addr = 'a-b@example.com' } }, + { '<a-b@ex-ample.com>', { user = 'a-b', domain = 'ex-ample.com', addr = 'a-b@ex-ample.com' } }, + { '1367=dec2a6ce-81bd-4fa9-ad02-ec5956466c04=9=1655370@example.220-volt.ru', + { user = '1367=dec2a6ce-81bd-4fa9-ad02-ec5956466c04=9=1655370', + domain = 'example.220-volt.ru', + addr = '1367=dec2a6ce-81bd-4fa9-ad02-ec5956466c04=9=1655370@example.220-volt.ru' } }, + { 'notification+kjdm---m7wwd@facebookmail.com', { user = 'notification+kjdm---m7wwd' } }, + { 'a@example.com', { user = 'a', domain = 'example.com', addr = 'a@example.com' } }, + { 'a+b@example.com', { user = 'a+b', domain = 'example.com', addr = 'a+b@example.com' } }, + { '"a"@example.com', { user = 'a', domain = 'example.com', addr = 'a@example.com' } }, + { '"a+b"@example.com', { user = 'a+b', domain = 'example.com', addr = 'a+b@example.com' } }, + { '"<>"@example.com', { user = '<>', domain = 'example.com', addr = '<>@example.com' } }, + { '<"<>"@example.com>', { user = '<>', domain = 'example.com', addr = '<>@example.com' } }, + { '"\\""@example.com', { user = '"', domain = 'example.com', addr = '"@example.com' } }, + { '"\\"abc"@example.com', { user = '"abc', domain = 'example.com', addr = '"abc@example.com' } }, + { '<@domain1,@domain2,@domain3:abc@example.com>', + { user = 'abc', domain = 'example.com', addr = 'abc@example.com' } }, + -- SMTP UTF8 + { 'ñ@example.com', { user = 'ñ', domain = 'example.com' } }, + { 'ñ@ололо.лол', { user = 'ñ', domain = 'ололо.лол' } } } - fun.each(function(case) test("Parse valid smtp addr: " .. case[1], function() local st = ffi.C.rspamd_email_address_from_smtp(case[1], #case[1]) @@ -69,17 +71,17 @@ context("SMTP address check functions", function() end) end, cases_valid) - local cases_invalid = { - 'a', - 'a"b"@example.com', - 'a"@example.com', - '"a@example.com', - '<a@example.com', - 'a@example.com>', - '<a@.example.com>', - '<a@example.com>>', - '<a@example.com><>', - } + local cases_invalid = { + 'a', + 'a"b"@example.com', + 'a"@example.com', + '"a@example.com', + '<a@example.com', + 'a@example.com>', + '<a@.example.com>', + '<a@example.com>>', + '<a@example.com><>', + } fun.each(function(case) test("Parse invalid smtp addr: " .. case, function() @@ -95,7 +97,7 @@ context("SMTP address check functions", function() local niter = 100000 local total = 0 - for i = 1,niter do + for i = 1, niter do local ncase = string.format(case, i) local t1 = util.get_ticks() local st = ffi.C.rspamd_email_address_from_smtp(ncase, #ncase) diff --git a/test/rspamd_cxx_unit_cryptobox.hxx b/test/rspamd_cxx_unit_cryptobox.hxx index 18ccd98ce..7d9c76b4e 100644 --- a/test/rspamd_cxx_unit_cryptobox.hxx +++ b/test/rspamd_cxx_unit_cryptobox.hxx @@ -21,7 +21,23 @@ #include "libcryptobox/cryptobox.h" #include <string> #include <string_view> -#include <array> +#include <vector> +#include <iosfwd> + +namespace std// NOLINT(cert-dcl58-cpp) +{ +template<typename T> +ostream &operator<<(ostream &stream, const vector<T> &in) +{ + stream << "["; + for (size_t i = 0; i < in.size(); ++i) { + if (i != 0) { stream << ", "; } + stream << in[i]; + } + stream << "]"; + return stream; +} +}// namespace std TEST_SUITE("rspamd_cryptobox") { @@ -190,10 +206,10 @@ TEST_SUITE("rspamd_cryptobox") const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay"; gsize outlen; auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT); - const unsigned char expected[32] = {95, 76, 225, 188, 0, 26, 146, 94, 70, 249, - 90, 189, 35, 51, 1, 42, 9, 37, 94, 254, 204, 55, 198, 91, 180, 90, - 46, 217, 140, 226, 211, 90}; - const auto expected_arr = std::to_array(expected); + unsigned char expected[32] = {95, 76, 225, 188, 0, 26, 146, 94, 70, 249, + 90, 189, 35, 51, 1, 42, 9, 37, 94, 254, 204, 55, 198, 91, 180, 90, + 46, 217, 140, 226, 211, 90}; + const auto expected_arr = std::vector(std::begin(expected), std::end(expected)); CHECK(outlen == 32); unsigned char out[32]; @@ -202,7 +218,7 @@ TEST_SUITE("rspamd_cryptobox") sk[31] &= 127; sk[31] |= 64; CHECK(crypto_scalarmult(out, sk, pk_decoded) != -1); - auto out_arr = std::to_array(out); + auto out_arr = std::vector(std::begin(out), std::end(out)); CHECK(out_arr == expected_arr); } @@ -217,16 +233,16 @@ TEST_SUITE("rspamd_cryptobox") const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay"; gsize outlen; auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT); - const unsigned char expected[32] = {61, 109, 220, 195, 100, 174, 127, 237, 148, - 122, 154, 61, 165, 83, 93, 105, 127, 166, 153, 112, 103, 224, 2, 200, - 136, 243, 73, 51, 8, 163, 150, 7}; - const auto expected_arr = std::to_array(expected); + unsigned char expected[32] = {61, 109, 220, 195, 100, 174, 127, 237, 148, + 122, 154, 61, 165, 83, 93, 105, 127, 166, 153, 112, 103, 224, 2, 200, + 136, 243, 73, 51, 8, 163, 150, 7}; + const auto expected_arr = std::vector(std::begin(expected), std::end(expected)); CHECK(outlen == 32); unsigned char out[32]; rspamd_cryptobox_nm(out, pk_decoded, sk); - auto out_arr = std::to_array(out); + auto out_arr = std::vector(std::begin(out), std::end(out)); CHECK(out_arr == expected_arr); } } |