aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/CMakeLists.txt4
-rw-r--r--src/client/CMakeLists.txt4
-rw-r--r--src/client/rspamdclient.c1
-rw-r--r--src/libcryptobox/cryptobox.c19
-rw-r--r--src/libcryptobox/cryptobox.h3
-rw-r--r--src/libserver/dkim.c53
-rw-r--r--src/libserver/protocol.c481
-rw-r--r--src/libserver/protocol_internal.h2
-rw-r--r--src/libserver/ssl_util.c19
-rw-r--r--src/libserver/task.c6
-rw-r--r--src/libserver/worker_util.c3
-rw-r--r--src/libstat/stat_internal.h10
-rw-r--r--src/libstat/stat_process.c3
-rw-r--r--src/lua/lua_http.c3
-rw-r--r--src/ragel/smtp_base.rl1
-rw-r--r--src/rspamadm/CMakeLists.txt4
-rw-r--r--src/rspamd.c2
-rw-r--r--src/rspamd_proxy.c3
18 files changed, 343 insertions, 278 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 173917703..f7fdcef7b 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -235,9 +235,9 @@ ADD_EXECUTABLE(rspamd ${RSPAMDSRC} ${CMAKE_CURRENT_BINARY_DIR}/workers.c ${CMAKE
ADD_BACKWARD(rspamd)
SET_TARGET_PROPERTIES(rspamd PROPERTIES LINKER_LANGUAGE CXX)
SET_TARGET_PROPERTIES(rspamd-server PROPERTIES LINKER_LANGUAGE CXX)
-IF(NOT DEBIAN_BUILD)
+IF(NOT NO_TARGET_VERSIONS)
SET_TARGET_PROPERTIES(rspamd PROPERTIES VERSION ${RSPAMD_VERSION})
-ENDIF(NOT DEBIAN_BUILD)
+ENDIF()
#TARGET_LINK_LIBRARIES(rspamd ${RSPAMD_REQUIRED_LIBRARIES})
TARGET_LINK_LIBRARIES(rspamd rspamd-server)
diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt
index edf3cc1c4..543fc629c 100644
--- a/src/client/CMakeLists.txt
+++ b/src/client/CMakeLists.txt
@@ -9,8 +9,8 @@ SET_TARGET_PROPERTIES(rspamc PROPERTIES COMPILE_FLAGS "-I${CMAKE_SOURCE_DIR}/lib
TARGET_LINK_LIBRARIES(rspamc rspamd-server)
SET_TARGET_PROPERTIES(rspamc PROPERTIES LINKER_LANGUAGE CXX)
-IF(NOT DEBIAN_BUILD)
+IF(NOT NO_TARGET_VERSIONS)
SET_TARGET_PROPERTIES(rspamc PROPERTIES VERSION ${RSPAMD_VERSION})
-ENDIF(NOT DEBIAN_BUILD)
+ENDIF()
INSTALL(TARGETS rspamc RUNTIME DESTINATION bin)
diff --git a/src/client/rspamdclient.c b/src/client/rspamdclient.c
index bcb3cf67c..d07b24332 100644
--- a/src/client/rspamdclient.c
+++ b/src/client/rspamdclient.c
@@ -441,6 +441,7 @@ rspamd_client_command(struct rspamd_client_connection *conn,
if (compressed) {
rspamd_http_message_add_header(req->msg, COMPRESSION_HEADER, "zstd");
+ rspamd_http_message_add_header(req->msg, CONTENT_ENCODING_HEADER, "zstd");
if (dict_id != 0) {
char dict_str[32];
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index a976653df..190d0e4a3 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -40,6 +40,7 @@
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
+#include <openssl/err.h>
#endif
#include <signal.h>
@@ -456,9 +457,10 @@ bool rspamd_cryptobox_verify_evp_rsa(int nid,
gsize siglen,
const unsigned char *digest,
gsize dlen,
- EVP_PKEY *pub_key)
+ EVP_PKEY *pub_key,
+ GError **err)
{
- bool ret = false;
+ bool ret = false, r;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pub_key, NULL);
g_assert(pctx != NULL);
@@ -467,7 +469,18 @@ bool rspamd_cryptobox_verify_evp_rsa(int nid,
g_assert(EVP_PKEY_verify_init(pctx) == 1);
g_assert(EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) == 1);
- g_assert(EVP_PKEY_CTX_set_signature_md(pctx, md) == 1);
+
+ if ((r = EVP_PKEY_CTX_set_signature_md(pctx, md)) <= 0) {
+ g_set_error(err, g_quark_from_static_string("OpenSSL"),
+ r,
+ "cannot set digest %s for RSA verification (%s returned from OpenSSL), try use `update-crypto-policies --set LEGACY` on RH",
+ EVP_MD_name(md),
+ ERR_lib_error_string(ERR_get_error()));
+ EVP_PKEY_CTX_free(pctx);
+ EVP_MD_CTX_free(mdctx);
+
+ return false;
+ }
ret = (EVP_PKEY_verify(pctx, sig, siglen, digest, dlen) == 1);
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index afe9c4f9a..8d1f5669e 100644
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -238,7 +238,8 @@ bool rspamd_cryptobox_verify_evp_rsa(int nid,
gsize siglen,
const unsigned char *digest,
gsize dlen,
- EVP_PKEY *pub_key);
+ EVP_PKEY *pub_key,
+ GError **err);
#endif
/**
diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index a76ed31ab..0f51c66c0 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2871,25 +2871,48 @@ rspamd_dkim_check(rspamd_dkim_context_t *ctx,
nid = NID_sha1;
}
switch (key->type) {
- case RSPAMD_DKIM_KEY_RSA:
+ case RSPAMD_DKIM_KEY_RSA: {
+ GError *err = NULL;
+
if (!rspamd_cryptobox_verify_evp_rsa(nid, ctx->b, ctx->blen, raw_digest, dlen,
- key->specific.key_ssl.key_evp)) {
- msg_debug_dkim("headers rsa verify failed");
- ERR_clear_error();
- res->rcode = DKIM_REJECT;
- res->fail_reason = "headers rsa verify failed";
+ key->specific.key_ssl.key_evp, &err)) {
- msg_info_dkim(
- "%s: headers RSA verification failure; "
- "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s",
- rspamd_dkim_type_to_string(ctx->common.type),
- (int) (body_end - body_start), ctx->common.body_canonicalised,
- ctx->common.headers_canonicalised,
- ctx->domain, ctx->selector,
- RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key),
- ctx->dkim_header);
+ if (err == NULL) {
+ msg_debug_dkim("headers rsa verify failed");
+ ERR_clear_error();
+ res->rcode = DKIM_REJECT;
+ res->fail_reason = "headers rsa verify failed";
+
+ msg_info_dkim(
+ "%s: headers RSA verification failure; "
+ "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s",
+ rspamd_dkim_type_to_string(ctx->common.type),
+ (int) (body_end - body_start), ctx->common.body_canonicalised,
+ ctx->common.headers_canonicalised,
+ ctx->domain, ctx->selector,
+ RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key),
+ ctx->dkim_header);
+ }
+ else {
+ res->rcode = DKIM_PERM_ERROR;
+ res->fail_reason = "openssl internal error";
+ msg_err_dkim("internal OpenSSL error: %s", err->message);
+ msg_info_dkim(
+ "%s: headers RSA verification failure due to OpenSSL internal error; "
+ "body length %d->%d; headers length %d; d=%s; s=%s; key_md5=%*xs; orig header: %s",
+ rspamd_dkim_type_to_string(ctx->common.type),
+ (int) (body_end - body_start), ctx->common.body_canonicalised,
+ ctx->common.headers_canonicalised,
+ ctx->domain, ctx->selector,
+ RSPAMD_DKIM_KEY_ID_LEN, rspamd_dkim_key_id(key),
+ ctx->dkim_header);
+
+ ERR_clear_error();
+ g_error_free(err);
+ }
}
break;
+ }
case RSPAMD_DKIM_KEY_ECDSA:
if (rspamd_cryptobox_verify_evp_ecdsa(nid, ctx->b, ctx->blen, raw_digest, dlen,
key->specific.key_ssl.key_evp) != 1) {
diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c
index a86111ff2..7d007370b 100644
--- a/src/libserver/protocol.c
+++ b/src/libserver/protocol.c
@@ -490,271 +490,271 @@ rspamd_protocol_handle_headers(struct rspamd_task *task,
hv_tok->len = h->value.len;
switch (*hn_tok->begin) {
- case 'd':
- case 'D':
- IF_HEADER(DELIVER_TO_HEADER)
- {
- task->deliver_to = rspamd_protocol_escape_braces(task, hv_tok);
- msg_debug_protocol("read deliver-to header, value: %s",
- task->deliver_to);
- }
- else
- {
- msg_debug_protocol("wrong header: %T", hn_tok);
- }
- break;
- case 'h':
- case 'H':
- IF_HEADER(HELO_HEADER)
- {
- task->helo = rspamd_mempool_ftokdup(task->task_pool, hv_tok);
- msg_debug_protocol("read helo header, value: %s", task->helo);
- }
- IF_HEADER(HOSTNAME_HEADER)
- {
- task->hostname = rspamd_mempool_ftokdup(task->task_pool,
- hv_tok);
- msg_debug_protocol("read hostname header, value: %s", task->hostname);
- }
- break;
- case 'f':
- case 'F':
- IF_HEADER(FROM_HEADER)
- {
- if (hv_tok->len == 0) {
- /* Replace '' with '<>' to fix parsing issue */
- RSPAMD_FTOK_ASSIGN(hv_tok, "<>");
+ case 'd':
+ case 'D':
+ IF_HEADER(DELIVER_TO_HEADER)
+ {
+ task->deliver_to = rspamd_protocol_escape_braces(task, hv_tok);
+ msg_debug_protocol("read deliver-to header, value: %s",
+ task->deliver_to);
}
- task->from_envelope = rspamd_email_address_from_smtp(
- hv_tok->begin,
- hv_tok->len);
- msg_debug_protocol("read from header, value: %T", hv_tok);
-
- if (!task->from_envelope) {
- msg_err_protocol("bad from header: '%T'", hv_tok);
- task->flags |= RSPAMD_TASK_FLAG_BROKEN_HEADERS;
+ else
+ {
+ msg_debug_protocol("wrong header: %T", hn_tok);
}
- }
- IF_HEADER(FILENAME_HEADER)
- {
- task->msg.fpath = rspamd_mempool_ftokdup(task->task_pool,
- hv_tok);
- msg_debug_protocol("read filename header, value: %s", task->msg.fpath);
- }
- IF_HEADER(FLAGS_HEADER)
- {
- msg_debug_protocol("read flags header, value: %T", hv_tok);
- rspamd_protocol_process_flags(task, hv_tok);
- }
- break;
- case 'q':
- case 'Q':
- IF_HEADER(QUEUE_ID_HEADER)
- {
- task->queue_id = rspamd_mempool_ftokdup(task->task_pool,
- hv_tok);
- msg_debug_protocol("read queue_id header, value: %s", task->queue_id);
- }
- else
- {
- msg_debug_protocol("wrong header: %T", hn_tok);
- }
- break;
- case 'r':
- case 'R':
- IF_HEADER(RCPT_HEADER)
- {
- rspamd_protocol_process_recipients(task, hv_tok);
- msg_debug_protocol("read rcpt header, value: %T", hv_tok);
- }
- IF_HEADER(RAW_DATA_HEADER)
- {
- srch.begin = "yes";
- srch.len = 3;
-
- msg_debug_protocol("read raw data header, value: %T", hv_tok);
+ break;
+ case 'h':
+ case 'H':
+ IF_HEADER(HELO_HEADER)
+ {
+ task->helo = rspamd_mempool_ftokdup(task->task_pool, hv_tok);
+ msg_debug_protocol("read helo header, value: %s", task->helo);
+ }
+ IF_HEADER(HOSTNAME_HEADER)
+ {
+ task->hostname = rspamd_mempool_ftokdup(task->task_pool,
+ hv_tok);
+ msg_debug_protocol("read hostname header, value: %s", task->hostname);
+ }
+ break;
+ case 'f':
+ case 'F':
+ IF_HEADER(FROM_HEADER)
+ {
+ if (hv_tok->len == 0) {
+ /* Replace '' with '<>' to fix parsing issue */
+ RSPAMD_FTOK_ASSIGN(hv_tok, "<>");
+ }
+ task->from_envelope = rspamd_email_address_from_smtp(
+ hv_tok->begin,
+ hv_tok->len);
+ msg_debug_protocol("read from header, value: %T", hv_tok);
- if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
- task->flags &= ~RSPAMD_TASK_FLAG_MIME;
- msg_debug_protocol("disable mime parsing");
+ if (!task->from_envelope) {
+ msg_err_protocol("bad from header: '%T'", hv_tok);
+ task->flags |= RSPAMD_TASK_FLAG_BROKEN_HEADERS;
+ }
}
- }
- break;
- case 'i':
- case 'I':
- IF_HEADER(IP_ADDR_HEADER)
- {
- if (!rspamd_parse_inet_address(&task->from_addr,
- hv_tok->begin, hv_tok->len,
- RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) {
- msg_err_protocol("bad ip header: '%T'", hv_tok);
+ IF_HEADER(FILENAME_HEADER)
+ {
+ task->msg.fpath = rspamd_mempool_ftokdup(task->task_pool,
+ hv_tok);
+ msg_debug_protocol("read filename header, value: %s", task->msg.fpath);
}
- else {
- msg_debug_protocol("read IP header, value: %T", hv_tok);
- has_ip = TRUE;
+ IF_HEADER(FLAGS_HEADER)
+ {
+ msg_debug_protocol("read flags header, value: %T", hv_tok);
+ rspamd_protocol_process_flags(task, hv_tok);
}
- }
- else
- {
- msg_debug_protocol("wrong header: %T", hn_tok);
- }
- break;
- case 'p':
- case 'P':
- IF_HEADER(PASS_HEADER)
- {
- srch.begin = "all";
- srch.len = 3;
+ break;
+ case 'q':
+ case 'Q':
+ IF_HEADER(QUEUE_ID_HEADER)
+ {
+ task->queue_id = rspamd_mempool_ftokdup(task->task_pool,
+ hv_tok);
+ msg_debug_protocol("read queue_id header, value: %s", task->queue_id);
+ }
+ else
+ {
+ msg_debug_protocol("wrong header: %T", hn_tok);
+ }
+ break;
+ case 'r':
+ case 'R':
+ IF_HEADER(RCPT_HEADER)
+ {
+ rspamd_protocol_process_recipients(task, hv_tok);
+ msg_debug_protocol("read rcpt header, value: %T", hv_tok);
+ }
+ IF_HEADER(RAW_DATA_HEADER)
+ {
+ srch.begin = "yes";
+ srch.len = 3;
- msg_debug_protocol("read pass header, value: %T", hv_tok);
+ msg_debug_protocol("read raw data header, value: %T", hv_tok);
- if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
- task->flags |= RSPAMD_TASK_FLAG_PASS_ALL;
- msg_debug_protocol("pass all filters");
+ if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
+ task->flags &= ~RSPAMD_TASK_FLAG_MIME;
+ msg_debug_protocol("disable mime parsing");
+ }
}
- }
- IF_HEADER(PROFILE_HEADER)
- {
- msg_debug_protocol("read profile header, value: %T", hv_tok);
- task->flags |= RSPAMD_TASK_FLAG_PROFILE;
- }
- break;
- case 's':
- case 'S':
- IF_HEADER(SETTINGS_ID_HEADER)
- {
- msg_debug_protocol("read settings-id header, value: %T", hv_tok);
- task->settings_elt = rspamd_config_find_settings_name_ref(
- task->cfg, hv_tok->begin, hv_tok->len);
-
- if (task->settings_elt == NULL) {
- GString *known_ids = g_string_new(NULL);
- struct rspamd_config_settings_elt *cur;
-
- DL_FOREACH(task->cfg->setting_ids, cur)
- {
- rspamd_printf_gstring(known_ids, "%s(%ud);",
- cur->name, cur->id);
+ break;
+ case 'i':
+ case 'I':
+ IF_HEADER(IP_ADDR_HEADER)
+ {
+ if (!rspamd_parse_inet_address(&task->from_addr,
+ hv_tok->begin, hv_tok->len,
+ RSPAMD_INET_ADDRESS_PARSE_DEFAULT)) {
+ msg_err_protocol("bad ip header: '%T'", hv_tok);
+ }
+ else {
+ msg_debug_protocol("read IP header, value: %T", hv_tok);
+ has_ip = TRUE;
}
+ }
+ else
+ {
+ msg_debug_protocol("wrong header: %T", hn_tok);
+ }
+ break;
+ case 'p':
+ case 'P':
+ IF_HEADER(PASS_HEADER)
+ {
+ srch.begin = "all";
+ srch.len = 3;
+
+ msg_debug_protocol("read pass header, value: %T", hv_tok);
+
+ if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
+ task->flags |= RSPAMD_TASK_FLAG_PASS_ALL;
+ msg_debug_protocol("pass all filters");
+ }
+ }
+ IF_HEADER(PROFILE_HEADER)
+ {
+ msg_debug_protocol("read profile header, value: %T", hv_tok);
+ task->flags |= RSPAMD_TASK_FLAG_PROFILE;
+ }
+ break;
+ case 's':
+ case 'S':
+ IF_HEADER(SETTINGS_ID_HEADER)
+ {
+ msg_debug_protocol("read settings-id header, value: %T", hv_tok);
+ task->settings_elt = rspamd_config_find_settings_name_ref(
+ task->cfg, hv_tok->begin, hv_tok->len);
+
+ if (task->settings_elt == NULL) {
+ GString *known_ids = g_string_new(NULL);
+ struct rspamd_config_settings_elt *cur;
+
+ DL_FOREACH(task->cfg->setting_ids, cur)
+ {
+ rspamd_printf_gstring(known_ids, "%s(%ud);",
+ cur->name, cur->id);
+ }
- msg_warn_protocol("unknown settings id: %T(%d); known_ids: %v",
- hv_tok,
- rspamd_config_name_to_id(hv_tok->begin, hv_tok->len),
- known_ids);
+ msg_warn_protocol("unknown settings id: %T(%d); known_ids: %v",
+ hv_tok,
+ rspamd_config_name_to_id(hv_tok->begin, hv_tok->len),
+ known_ids);
- g_string_free(known_ids, TRUE);
+ g_string_free(known_ids, TRUE);
+ }
+ else {
+ msg_debug_protocol("applied settings id %T -> %ud", hv_tok,
+ task->settings_elt->id);
+ }
}
- else {
- msg_debug_protocol("applied settings id %T -> %ud", hv_tok,
- task->settings_elt->id);
+ IF_HEADER(SETTINGS_HEADER)
+ {
+ msg_debug_protocol("read settings header, value: %T", hv_tok);
+ seen_settings_header = TRUE;
}
- }
- IF_HEADER(SETTINGS_HEADER)
- {
- msg_debug_protocol("read settings header, value: %T", hv_tok);
- seen_settings_header = TRUE;
- }
- break;
- case 'u':
- case 'U':
- IF_HEADER(USER_HEADER)
- {
- /*
+ break;
+ case 'u':
+ case 'U':
+ IF_HEADER(USER_HEADER)
+ {
+ /*
* We must ignore User header in case of spamc, as SA has
* different meaning of this header
*/
- msg_debug_protocol("read user header, value: %T", hv_tok);
- if (!RSPAMD_TASK_IS_SPAMC(task)) {
- task->auth_user = rspamd_mempool_ftokdup(task->task_pool,
- hv_tok);
- }
- else {
- msg_info_protocol("ignore user header: legacy SA protocol");
+ msg_debug_protocol("read user header, value: %T", hv_tok);
+ if (!RSPAMD_TASK_IS_SPAMC(task)) {
+ task->auth_user = rspamd_mempool_ftokdup(task->task_pool,
+ hv_tok);
+ }
+ else {
+ msg_info_protocol("ignore user header: legacy SA protocol");
+ }
}
- }
- IF_HEADER(URLS_HEADER)
- {
- msg_debug_protocol("read urls header, value: %T", hv_tok);
+ IF_HEADER(URLS_HEADER)
+ {
+ msg_debug_protocol("read urls header, value: %T", hv_tok);
- srch.begin = "extended";
- srch.len = 8;
+ srch.begin = "extended";
+ srch.len = 8;
- if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
- task->protocol_flags |= RSPAMD_TASK_PROTOCOL_FLAG_EXT_URLS;
- msg_debug_protocol("extended urls information");
- }
-
- /* TODO: add more formats there */
- }
- IF_HEADER(USER_AGENT_HEADER)
- {
- msg_debug_protocol("read user-agent header, value: %T", hv_tok);
+ if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
+ task->protocol_flags |= RSPAMD_TASK_PROTOCOL_FLAG_EXT_URLS;
+ msg_debug_protocol("extended urls information");
+ }
- if (hv_tok->len == 6 &&
- rspamd_lc_cmp(hv_tok->begin, "rspamc", 6) == 0) {
- task->protocol_flags |= RSPAMD_TASK_PROTOCOL_FLAG_LOCAL_CLIENT;
+ /* TODO: add more formats there */
}
- }
- break;
- case 'l':
- case 'L':
- IF_HEADER(NO_LOG_HEADER)
- {
- msg_debug_protocol("read log header, value: %T", hv_tok);
- srch.begin = "no";
- srch.len = 2;
+ IF_HEADER(USER_AGENT_HEADER)
+ {
+ msg_debug_protocol("read user-agent header, value: %T", hv_tok);
- if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
- task->flags |= RSPAMD_TASK_FLAG_NO_LOG;
+ if (hv_tok->len == 6 &&
+ rspamd_lc_cmp(hv_tok->begin, "rspamc", 6) == 0) {
+ task->protocol_flags |= RSPAMD_TASK_PROTOCOL_FLAG_LOCAL_CLIENT;
+ }
}
- }
- IF_HEADER(LOG_TAG_HEADER)
- {
- msg_debug_protocol("read log-tag header, value: %T", hv_tok);
- /* Ensure that a tag is valid */
- if (rspamd_fast_utf8_validate(hv_tok->begin, hv_tok->len) == 0) {
- memcpy(task->task_pool->tag.uid, hv_tok->begin,
- MIN(hv_tok->len, sizeof(task->task_pool->tag.uid)));
+ break;
+ case 'l':
+ case 'L':
+ IF_HEADER(NO_LOG_HEADER)
+ {
+ msg_debug_protocol("read log header, value: %T", hv_tok);
+ srch.begin = "no";
+ srch.len = 2;
+
+ if (rspamd_ftok_casecmp(hv_tok, &srch) == 0) {
+ task->flags |= RSPAMD_TASK_FLAG_NO_LOG;
+ }
}
- }
- break;
- case 'm':
- case 'M':
- IF_HEADER(MTA_TAG_HEADER)
- {
- char *mta_tag;
- mta_tag = rspamd_mempool_ftokdup(task->task_pool, hv_tok);
- rspamd_mempool_set_variable(task->task_pool,
- RSPAMD_MEMPOOL_MTA_TAG,
- mta_tag, NULL);
- msg_debug_protocol("read MTA-Tag header, value: %s", mta_tag);
- }
- IF_HEADER(MTA_NAME_HEADER)
- {
- char *mta_name;
- mta_name = rspamd_mempool_ftokdup(task->task_pool, hv_tok);
- rspamd_mempool_set_variable(task->task_pool,
- RSPAMD_MEMPOOL_MTA_NAME,
- mta_name, NULL);
- msg_debug_protocol("read MTA-Name header, value: %s", mta_name);
- }
- IF_HEADER(MILTER_HEADER)
- {
- task->protocol_flags |= RSPAMD_TASK_PROTOCOL_FLAG_MILTER;
- msg_debug_protocol("read Milter header, value: %T", hv_tok);
- }
- break;
- case 't':
- case 'T':
- IF_HEADER(TLS_CIPHER_HEADER)
- {
- task->flags |= RSPAMD_TASK_FLAG_SSL;
- msg_debug_protocol("read TLS cipher header, value: %T", hv_tok);
- }
- break;
- default:
- msg_debug_protocol("generic header: %T", hn_tok);
- break;
+ IF_HEADER(LOG_TAG_HEADER)
+ {
+ msg_debug_protocol("read log-tag header, value: %T", hv_tok);
+ /* Ensure that a tag is valid */
+ if (rspamd_fast_utf8_validate(hv_tok->begin, hv_tok->len) == 0) {
+ memcpy(task->task_pool->tag.uid, hv_tok->begin,
+ MIN(hv_tok->len, sizeof(task->task_pool->tag.uid)));
+ }
+ }
+ break;
+ case 'm':
+ case 'M':
+ IF_HEADER(MTA_TAG_HEADER)
+ {
+ char *mta_tag;
+ mta_tag = rspamd_mempool_ftokdup(task->task_pool, hv_tok);
+ rspamd_mempool_set_variable(task->task_pool,
+ RSPAMD_MEMPOOL_MTA_TAG,
+ mta_tag, NULL);
+ msg_debug_protocol("read MTA-Tag header, value: %s", mta_tag);
+ }
+ IF_HEADER(MTA_NAME_HEADER)
+ {
+ char *mta_name;
+ mta_name = rspamd_mempool_ftokdup(task->task_pool, hv_tok);
+ rspamd_mempool_set_variable(task->task_pool,
+ RSPAMD_MEMPOOL_MTA_NAME,
+ mta_name, NULL);
+ msg_debug_protocol("read MTA-Name header, value: %s", mta_name);
+ }
+ IF_HEADER(MILTER_HEADER)
+ {
+ task->protocol_flags |= RSPAMD_TASK_PROTOCOL_FLAG_MILTER;
+ msg_debug_protocol("read Milter header, value: %T", hv_tok);
+ }
+ break;
+ case 't':
+ case 'T':
+ IF_HEADER(TLS_CIPHER_HEADER)
+ {
+ task->flags |= RSPAMD_TASK_FLAG_SSL;
+ msg_debug_protocol("read TLS cipher header, value: %T", hv_tok);
+ }
+ break;
+ default:
+ msg_debug_protocol("generic header: %T", hn_tok);
+ break;
}
rspamd_task_add_request_header (task, hn_tok, hv_tok);
@@ -1716,6 +1716,7 @@ void rspamd_protocol_http_reply(struct rspamd_http_message *msg,
rspamd_fstring_free(reply);
rspamd_http_message_set_body_from_fstring_steal(msg, compressed_reply);
rspamd_http_message_add_header(msg, COMPRESSION_HEADER, "zstd");
+ rspamd_http_message_add_header(msg, CONTENT_ENCODING_HEADER, "zstd");
if (task->cfg->libs_ctx->out_dict &&
task->cfg->libs_ctx->out_dict->id != 0) {
diff --git a/src/libserver/protocol_internal.h b/src/libserver/protocol_internal.h
index 11f21430e..5582908c2 100644
--- a/src/libserver/protocol_internal.h
+++ b/src/libserver/protocol_internal.h
@@ -93,6 +93,8 @@ extern "C" {
#define RAW_DATA_HEADER "Raw"
#define COMPRESSION_HEADER "Compression"
#define MESSAGE_OFFSET_HEADER "Message-Offset"
+#define CONTENT_ENCODING_HEADER "Content-Encoding"
+#define ACCEPT_ENCODING_HEADER "Accept-Enconding"
#ifdef __cplusplus
}
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index b739961a8..c0443ecd9 100644
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -1,11 +1,11 @@
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -1054,6 +1054,9 @@ gpointer rspamd_init_ssl_ctx_noverify(void)
return ssl_ctx_noverify;
}
+#if defined(RSPAMD_LEGACY_SSL_PROVIDER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
void rspamd_openssl_maybe_init(void)
{
@@ -1075,6 +1078,16 @@ void rspamd_openssl_maybe_init(void)
#else
OPENSSL_init_ssl(0, NULL);
#endif
+#if defined(RSPAMD_LEGACY_SSL_PROVIDER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (OSSL_PROVIDER_load(NULL, "legacy") == NULL) {
+ msg_err("cannot load legacy OpenSSL provider: %s", ERR_lib_error_string(ERR_get_error()));
+ ERR_clear_error();
+ }
+ if (OSSL_PROVIDER_load(NULL, "default") == NULL) {
+ msg_err("cannot load default OpenSSL provider: %s", ERR_lib_error_string(ERR_get_error()));
+ ERR_clear_error();
+ }
+#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_config(NULL);
diff --git a/src/libserver/task.c b/src/libserver/task.c
index 833046470..bd1e07549 100644
--- a/src/libserver/task.c
+++ b/src/libserver/task.c
@@ -519,7 +519,11 @@ rspamd_task_load_message(struct rspamd_task *task,
debug_task("got input of length %z", task->msg.len);
/* Check compression */
- tok = rspamd_task_get_request_header(task, "compression");
+ tok = rspamd_task_get_request_header(task, COMPRESSION_HEADER);
+
+ if (!tok) {
+ tok = rspamd_task_get_request_header(task, CONTENT_ENCODING_HEADER);
+ }
if (tok) {
/* Need to uncompress */
diff --git a/src/libserver/worker_util.c b/src/libserver/worker_util.c
index 383d89c14..75836573f 100644
--- a/src/libserver/worker_util.c
+++ b/src/libserver/worker_util.c
@@ -57,6 +57,7 @@
#include "contrib/libev/ev.h"
#include "libstat/stat_api.h"
+#include "libserver/protocol_internal.h"
struct rspamd_worker *rspamd_current_worker = NULL;
@@ -600,7 +601,7 @@ rspamd_controller_maybe_compress(struct rspamd_http_connection_entry *entry,
{
if (entry->support_gzip) {
if (rspamd_fstring_gzip(&buf)) {
- rspamd_http_message_add_header(msg, "Content-Encoding", "gzip");
+ rspamd_http_message_add_header(msg, CONTENT_ENCODING_HEADER, "gzip");
}
}
diff --git a/src/libstat/stat_internal.h b/src/libstat/stat_internal.h
index 96d67cbf6..663c39df5 100644
--- a/src/libstat/stat_internal.h
+++ b/src/libstat/stat_internal.h
@@ -1,11 +1,11 @@
-/*-
- * Copyright 2016 Vsevolod Stakhov
+/*
+ * Copyright 2024 Vsevolod Stakhov
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -41,8 +41,8 @@ struct rspamd_classifier {
GArray *statfiles_ids; /* int */
struct rspamd_stat_cache *cache;
gpointer cachecf;
- gulong spam_learns;
- gulong ham_learns;
+ guint64 spam_learns;
+ guint64 ham_learns;
int autolearn_cbref;
struct rspamd_classifier_config *cfg;
struct rspamd_stat_classifier *subrs;
diff --git a/src/libstat/stat_process.c b/src/libstat/stat_process.c
index 5db3af6ce..17caf4cc6 100644
--- a/src/libstat/stat_process.c
+++ b/src/libstat/stat_process.c
@@ -1017,6 +1017,9 @@ rspamd_stat_check_autolearn(struct rspamd_task *task)
cl = g_ptr_array_index(st_ctx->classifiers, i);
ret = FALSE;
+ rspamd_mempool_set_variable(task->task_pool, RSPAMD_MEMPOOL_HAM_LEARNS, (void *) &cl->ham_learns, NULL);
+ rspamd_mempool_set_variable(task->task_pool, RSPAMD_MEMPOOL_SPAM_LEARNS, (void *) &cl->spam_learns, NULL);
+
if (cl->cfg->opts) {
obj = ucl_object_lookup(cl->cfg->opts, "autolearn");
diff --git a/src/lua/lua_http.c b/src/lua/lua_http.c
index 8ba612c1b..904f1cbbf 100644
--- a/src/lua/lua_http.c
+++ b/src/lua/lua_http.c
@@ -21,6 +21,7 @@
#include "unix-std.h"
#include "zlib.h"
#include "utlist.h"
+#include "libserver/protocol_internal.h"
/***
* @module rspamd_http
@@ -1107,7 +1108,7 @@ lua_http_request(lua_State *L)
if (body) {
if (gzip) {
if (rspamd_fstring_gzip(&body)) {
- rspamd_http_message_add_header(msg, "Content-Encoding", "gzip");
+ rspamd_http_message_add_header(msg, CONTENT_ENCODING_HEADER, "gzip");
}
}
diff --git a/src/ragel/smtp_base.rl b/src/ragel/smtp_base.rl
index eefc430d5..952c3a5c3 100644
--- a/src/ragel/smtp_base.rl
+++ b/src/ragel/smtp_base.rl
@@ -1,5 +1,6 @@
%%{
machine smtp_base;
+ alphtype unsigned char;
# Base SMTP definitions
# Dependencies: none
diff --git a/src/rspamadm/CMakeLists.txt b/src/rspamadm/CMakeLists.txt
index 5e88ec8dd..2f32a95f5 100644
--- a/src/rspamadm/CMakeLists.txt
+++ b/src/rspamadm/CMakeLists.txt
@@ -22,9 +22,9 @@ ENDIF()
ADD_EXECUTABLE(rspamadm ${RSPAMADMSRC})
TARGET_LINK_LIBRARIES(rspamadm rspamd-server)
-IF (NOT DEBIAN_BUILD)
+IF (NOT NO_TARGET_VERSIONS)
SET_TARGET_PROPERTIES(rspamadm PROPERTIES VERSION ${RSPAMD_VERSION})
-ENDIF (NOT DEBIAN_BUILD)
+ENDIF ()
SET_TARGET_PROPERTIES(rspamadm PROPERTIES LINKER_LANGUAGE CXX)
ADD_BACKWARD(rspamadm)
diff --git a/src/rspamd.c b/src/rspamd.c
index b6c361cb2..6c204e266 100644
--- a/src/rspamd.c
+++ b/src/rspamd.c
@@ -1326,7 +1326,7 @@ version(struct rspamd_main *rspamd_main)
#ifndef __has_feature
#define __has_feature(x) 0
#endif
-#if (defined(__has_feature) && __has_feature(address_sanitizer)) || defined(ADDRESS_SANITIZER)
+#if (defined(__has_feature) && __has_feature(address_sanitizer)) || defined(ADDRESS_SANITIZER) || defined(__SANITIZE_ADDRESS__)
rspamd_printf("ASAN enabled: TRUE\n");
#else
rspamd_printf("ASAN enabled: FALSE\n");
diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c
index dbdd2e5a7..e2a866178 100644
--- a/src/rspamd_proxy.c
+++ b/src/rspamd_proxy.c
@@ -38,6 +38,7 @@
#include "libmime/lang_detection.h"
#include <math.h>
+#include <string.h>
#ifdef HAVE_NETINET_TCP_H
#include <netinet/tcp.h> /* for TCP_NODELAY */
@@ -2205,7 +2206,7 @@ proxy_client_finish_handler(struct rspamd_http_connection *conn,
rspamd_http_message_remove_header(msg, "Connection");
rspamd_http_message_remove_header(msg, "Key");
rspamd_http_message_add_header_len(msg, LOG_TAG_HEADER, session->pool->tag.uid,
- sizeof(session->pool->tag.uid));
+ strnlen(session->pool->tag.uid, sizeof(session->pool->tag.uid)));
proxy_open_mirror_connections(session);
rspamd_http_connection_reset(session->client_conn);