diff options
| author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2010-07-28 20:35:51 +0400 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2010-07-28 20:35:51 +0400 |
| commit | 1b106b62bc140af89e14cb91b10f7978a47932fc (patch) | |
| tree | 9a5cb8528a535bafc27549eee3ff1cf2a1528224 /src | |
| parent | e0fac6fb14601522faf67071d2a163dfa38563a2 (diff) | |
| download | rspamd-1b106b62bc140af89e14cb91b10f7978a47932fc.tar.gz rspamd-1b106b62bc140af89e14cb91b10f7978a47932fc.zip | |
* Fix parsing txt records to avoid reading of uninitialized data
Diffstat (limited to 'src')
| -rw-r--r-- | src/dns.c | 8 | ||||
| -rw-r--r-- | src/plugins/fuzzy_check.c | 5 |
2 files changed, 8 insertions, 5 deletions
@@ -762,7 +762,7 @@ end: static gint dns_parse_rr (guint8 *in, union rspamd_reply_element *elt, guint8 **pos, struct rspamd_dns_reply *rep, int *remain) { - guint8 *p = *pos; + guint8 *p = *pos, parts; guint16 type, datalen, txtlen, copied; gboolean parsed = FALSE; @@ -831,9 +831,11 @@ dns_parse_rr (guint8 *in, union rspamd_reply_element *elt, guint8 **pos, struct elt->txt.data = memory_pool_alloc (rep->request->pool, datalen + 1); /* Now we should compose data from parts */ copied = 0; - while (copied < datalen) { + parts = 0; + while (copied + parts < datalen) { txtlen = *p; - if (txtlen + copied < datalen) { + if (txtlen + copied + parts <= datalen) { + parts ++; memcpy (elt->txt.data + copied, p + 1, txtlen); copied += txtlen; p += txtlen + 1; diff --git a/src/plugins/fuzzy_check.c b/src/plugins/fuzzy_check.c index 971e747f2..4567f62cf 100644 --- a/src/plugins/fuzzy_check.c +++ b/src/plugins/fuzzy_check.c @@ -349,6 +349,7 @@ fuzzy_io_callback (int fd, short what, void *arg) cmd.value = 0; memcpy (cmd.hash, session->h->hash_pipe, sizeof (cmd.hash)); cmd.cmd = FUZZY_CHECK; + cmd.flag = 0; if (write (fd, &cmd, sizeof (struct fuzzy_cmd)) == -1) { goto err; } @@ -560,8 +561,7 @@ fuzzy_symbol_callback (struct worker_task *task, void *unused) mime_part = cur->data; if (mime_part->content->len > 0 && mime_part->checksum != NULL) { /* Construct fake fuzzy hash */ - fake_fuzzy = memory_pool_alloc (task->task_pool, sizeof (fuzzy_hash_t)); - fake_fuzzy->block_size = 0; + fake_fuzzy = memory_pool_alloc0 (task->task_pool, sizeof (fuzzy_hash_t)); g_strlcpy (fake_fuzzy->hash_pipe, mime_part->checksum, sizeof (fake_fuzzy->hash_pipe)); register_fuzzy_call (task, fake_fuzzy); } @@ -695,6 +695,7 @@ fuzzy_process_handler (struct controller_session *session, f_str_t * in) if (mime_part->content->len > 0 && mime_part->checksum != NULL) { /* Construct fake fuzzy hash */ fake_fuzzy.block_size = 0; + bzero (fake_fuzzy.hash_pipe, sizeof (fake_fuzzy.hash_pipe)); g_strlcpy (fake_fuzzy.hash_pipe, mime_part->checksum, sizeof (fake_fuzzy.hash_pipe)); if (! register_fuzzy_controller_call (session, task, &fake_fuzzy, cmd, value, flag, saved)) { /* Cannot write hash */ |