diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2022-01-29 13:44:50 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2022-01-29 13:44:50 +0000 |
| commit | 00927e0ef03a05916151c15c16f7e2697d655379 (patch) | |
| tree | 490515576c29ce6ec623d7a96a866c4f28666a11 /src | |
| parent | cc7c9000e05e1810d408f4e9b40e2073e85cb0fb (diff) | |
| download | rspamd-00927e0ef03a05916151c15c16f7e2697d655379.tar.gz rspamd-00927e0ef03a05916151c15c16f7e2697d655379.zip | |
[Fix] Fix host header usage in lua_http
The issue is that `rspamd_http_message_get_http_host` actually returns
non zero-terminated string in the case where `Host` header is found in a
message. Hence, we *cannot* treat it as a zero terminated string.
The proper approach is to use `rspamd_ftok_t` everywhere for strings
but the change will be too intrusive, since it also involves many libraries,
e.g. `rdns` and others.
The current approach is much simplier: just copy a string into a temporary
buffer ensuring that it is zero terminated in all the cases.
Issue: #4051
Diffstat (limited to 'src')
| -rw-r--r-- | src/libserver/http/http_message.c | 6 | ||||
| -rw-r--r-- | src/libserver/http/http_message.h | 4 | ||||
| -rw-r--r-- | src/lua/lua_http.c | 22 |
3 files changed, 25 insertions, 7 deletions
diff --git a/src/libserver/http/http_message.c b/src/libserver/http/http_message.c index a313283f3..23ff85cd7 100644 --- a/src/libserver/http/http_message.c +++ b/src/libserver/http/http_message.c @@ -693,7 +693,8 @@ rspamd_http_message_remove_header (struct rspamd_http_message *msg, } const gchar* -rspamd_http_message_get_http_host (struct rspamd_http_message *msg) +rspamd_http_message_get_http_host (struct rspamd_http_message *msg, + gsize *hostlen) { if (msg->flags & RSPAMD_HTTP_FLAG_HAS_HOST_HEADER) { rspamd_ftok_t srch; @@ -703,14 +704,17 @@ rspamd_http_message_get_http_host (struct rspamd_http_message *msg) khiter_t k = kh_get (rspamd_http_headers_hash, msg->headers, &srch); if (k != kh_end (msg->headers)) { + *hostlen = (kh_value (msg->headers, k)->value).len; return (kh_value (msg->headers, k)->value).begin; } else if (msg->host) { + *hostlen = msg->host->len; return msg->host->str; } } else { if (msg->host) { + *hostlen = msg->host->len; return msg->host->str; } } diff --git a/src/libserver/http/http_message.h b/src/libserver/http/http_message.h index 1750c1dd6..38f599048 100644 --- a/src/libserver/http/http_message.h +++ b/src/libserver/http/http_message.h @@ -233,9 +233,11 @@ guint rspamd_http_message_get_flags (struct rspamd_http_message *msg); * Returns an HTTP hostname for a message, derived from a header if it has it * or from a url if it doesn't * @param msg + * @param hostlen output of the host length * @return */ -const gchar* rspamd_http_message_get_http_host (struct rspamd_http_message *msg); +const gchar* rspamd_http_message_get_http_host (struct rspamd_http_message *msg, + gsize *hostlen); #ifdef __cplusplus } diff --git a/src/lua/lua_http.c b/src/lua/lua_http.c index ce2a48d63..0ff8695d3 100644 --- a/src/lua/lua_http.c +++ b/src/lua/lua_http.c @@ -75,7 +75,7 @@ struct lua_http_cbdata { struct rspamd_cryptobox_pubkey *peer_pk; rspamd_inet_addr_t *addr; gchar *mime_type; - const gchar *host; + gchar *host; gchar *auth; const gchar *url; gsize max_size; @@ -134,6 +134,10 @@ lua_http_fin (gpointer arg) g_free (cbd->auth); } + if (cbd->host) { + g_free (cbd->host); + } + if (cbd->local_kp) { rspamd_keypair_unref (cbd->local_kp); } @@ -1060,13 +1064,18 @@ lua_http_request (lua_State *L) bool numeric_ip = false; /* Check if we can skip resolving */ - cbd->host = rspamd_http_message_get_http_host (msg); + gsize hostlen = 0; + const gchar *host = rspamd_http_message_get_http_host (msg, &hostlen); + + if (host) { + cbd->host = malloc (hostlen + 1); + rspamd_strlcpy (cbd->host, host, hostlen + 1); - if (cbd->host) { if (cbd->flags & RSPAMD_LUA_HTTP_FLAG_KEEP_ALIVE) { const rspamd_inet_addr_t *ka_addr = rspamd_http_context_has_keepalive(NULL, - rspamd_http_message_get_http_host (msg), - msg->port, msg->flags & RSPAMD_HTTP_FLAG_WANT_SSL); + cbd->host, + msg->port, + msg->flags & RSPAMD_HTTP_FLAG_WANT_SSL); if (ka_addr) { cbd->addr = rspamd_inet_address_copy(ka_addr); @@ -1083,6 +1092,9 @@ lua_http_request (lua_State *L) } } } + else { + cbd->host = NULL; + } if (numeric_ip) { /* Host is numeric IP, no need to resolve */ |