diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-09-09 16:17:49 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-09-09 16:17:49 +0100 |
| commit | d3d7c4e4155119ad26500b1a60e224528d910130 (patch) | |
| tree | 1702603cb0094e57153e8106d4eef6d8d7903024 | |
| parent | 0ebb20db3d706069fa7e1bd13a3fcc211ee8e308 (diff) | |
| download | rspamd-d3d7c4e4155119ad26500b1a60e224528d910130.tar.gz rspamd-d3d7c4e4155119ad26500b1a60e224528d910130.zip | |
[CritFix] Fix hyperscan compilation on regexp change
Rspamd could use an incorrect hyperscan database in the case when a
single regexp has been changed. In this case, Rspamd did not recalculate
the cached files causing shifting of regexp IDs. Subsequently, that
caused random regexp to match whilst completely different patterns were
expected.
With this change, Rspamd also takes care about the order of regexps
(by including it in the crypto hash). This change eliminates the issue
and Rspamd can deal with regexps changes correctly.
MFH: true
| -rw-r--r-- | src/libserver/re_cache.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/libserver/re_cache.c b/src/libserver/re_cache.c index 07c637224..9719558f0 100644 --- a/src/libserver/re_cache.c +++ b/src/libserver/re_cache.c @@ -338,29 +338,39 @@ rspamd_re_cache_init (struct rspamd_re_cache *cache, struct rspamd_config *cfg) } /* Update hashes */ + /* Id of re class */ rspamd_cryptobox_hash_update (re_class->st, (gpointer) &re_class->id, sizeof (re_class->id)); rspamd_cryptobox_hash_update (&st_global, (gpointer) &re_class->id, sizeof (re_class->id)); + /* Id of re expression */ rspamd_cryptobox_hash_update (re_class->st, rspamd_regexp_get_id (re), rspamd_cryptobox_HASHBYTES); rspamd_cryptobox_hash_update (&st_global, rspamd_regexp_get_id (re), rspamd_cryptobox_HASHBYTES); + /* PCRE flags */ fl = rspamd_regexp_get_pcre_flags (re); rspamd_cryptobox_hash_update (re_class->st, (const guchar *)&fl, sizeof (fl)); rspamd_cryptobox_hash_update (&st_global, (const guchar *) &fl, sizeof (fl)); + /* Rspamd flags */ fl = rspamd_regexp_get_flags (re); rspamd_cryptobox_hash_update (re_class->st, (const guchar *) &fl, sizeof (fl)); rspamd_cryptobox_hash_update (&st_global, (const guchar *) &fl, sizeof (fl)); + /* Limit of hits */ fl = rspamd_regexp_get_maxhits (re); rspamd_cryptobox_hash_update (re_class->st, (const guchar *) &fl, sizeof (fl)); rspamd_cryptobox_hash_update (&st_global, (const guchar *) &fl, sizeof (fl)); + /* Numberic order */ + rspamd_cryptobox_hash_update (re_class->st, (const guchar *)&i, + sizeof (i)); + rspamd_cryptobox_hash_update (&st_global, (const guchar *)&i, + sizeof (i)); } rspamd_cryptobox_hash_final (&st_global, hash_out); |