From d09f23ffd9156ee5c63321a0b691715d3bcb4322 Mon Sep 17 00:00:00 2001 From: Chris Funderburg Date: Thu, 24 Oct 2024 10:00:43 +0100 Subject: [Project] Keep Changelog updated --- ChangeLog | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3bee75dd2..bd229a1e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +3.10.2: 21 Oct 2024 + * [CritFix] Fix ARC-Seal signing + * [Fix] add EOF to openmetrics response in proxy and server + +3.10.1: 16 Oct 2024 + * [Feature] Update effective_tld_names.dat by @wdhdev in #5176 + * [Fix] Use correct type for keylen in lua_ucl_newindex by @arkamar in #5169 + * [Fix] Avoid null-bytes in Log-Tag header value by @smarsching in #5179 + * [Fix] Do not abort when OpenSSL is broken, report that to a user by @vstakhov in #5188 + * [Fix] Update hiredis library removing all hacks by @vstakhov in #5167 + * [Fix] Remove proxy from url_redirector.conf as it not the option by @dragoangel in #5164 + * [Fix] Some build fixes by @vstakhov in #5189 + * [Fix] Some more fixes by @vstakhov in #5190 + 3.10.0: 30 Sep 2024 * [Conf] Add SenderScore RPBL return codes * [Conf] Add SenderScore Reputationlist RBL -- cgit v1.2.3 From 8fdb67f055ae12ff186e01675f67b06886726778 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Thu, 31 Oct 2024 13:04:49 +0000 Subject: [Test] Add some specific unit tests for Rspamd x25519 DH --- test/rspamd_cxx_unit_cryptobox.hxx | 52 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/test/rspamd_cxx_unit_cryptobox.hxx b/test/rspamd_cxx_unit_cryptobox.hxx index 5829b1e43..18ccd98ce 100644 --- a/test/rspamd_cxx_unit_cryptobox.hxx +++ b/test/rspamd_cxx_unit_cryptobox.hxx @@ -21,6 +21,7 @@ #include "libcryptobox/cryptobox.h" #include #include +#include TEST_SUITE("rspamd_cryptobox") { @@ -177,6 +178,57 @@ TEST_SUITE("rspamd_cryptobox") g_free(out); g_free(decrypted); } + + TEST_CASE("rspamd x25519 scalarmult") + { + rspamd_sk_t sk; + + // Use a fixed zero secret key + memset(sk, 0, sizeof(sk)); + + // Use a well known public key + const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay"; + gsize outlen; + auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT); + const unsigned char expected[32] = {95, 76, 225, 188, 0, 26, 146, 94, 70, 249, + 90, 189, 35, 51, 1, 42, 9, 37, 94, 254, 204, 55, 198, 91, 180, 90, + 46, 217, 140, 226, 211, 90}; + const auto expected_arr = std::to_array(expected); + + CHECK(outlen == 32); + unsigned char out[32]; + /* Clamp integer */ + sk[0] &= 248; + sk[31] &= 127; + sk[31] |= 64; + CHECK(crypto_scalarmult(out, sk, pk_decoded) != -1); + auto out_arr = std::to_array(out); + CHECK(out_arr == expected_arr); + } + + TEST_CASE("rspamd x25519 ecdh") + { + rspamd_sk_t sk; + + // Use a fixed zero secret key + memset(sk, 0, sizeof(sk)); + + // Use a well known public key + const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay"; + gsize outlen; + auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT); + const unsigned char expected[32] = {61, 109, 220, 195, 100, 174, 127, 237, 148, + 122, 154, 61, 165, 83, 93, 105, 127, 166, 153, 112, 103, 224, 2, 200, + 136, 243, 73, 51, 8, 163, 150, 7}; + const auto expected_arr = std::to_array(expected); + + CHECK(outlen == 32); + unsigned char out[32]; + + rspamd_cryptobox_nm(out, pk_decoded, sk); + auto out_arr = std::to_array(out); + CHECK(out_arr == expected_arr); + } } #endif -- cgit v1.2.3 From 51855128c784d0b70c29af1c9a5ca0915ad50354 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Thu, 31 Oct 2024 13:29:12 +0000 Subject: [Test] A workaround for brain-damaged libstdc++ from prehistoric ages --- test/rspamd_cxx_unit_cryptobox.hxx | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/test/rspamd_cxx_unit_cryptobox.hxx b/test/rspamd_cxx_unit_cryptobox.hxx index 18ccd98ce..7d9c76b4e 100644 --- a/test/rspamd_cxx_unit_cryptobox.hxx +++ b/test/rspamd_cxx_unit_cryptobox.hxx @@ -21,7 +21,23 @@ #include "libcryptobox/cryptobox.h" #include #include -#include +#include +#include + +namespace std// NOLINT(cert-dcl58-cpp) +{ +template +ostream &operator<<(ostream &stream, const vector &in) +{ + stream << "["; + for (size_t i = 0; i < in.size(); ++i) { + if (i != 0) { stream << ", "; } + stream << in[i]; + } + stream << "]"; + return stream; +} +}// namespace std TEST_SUITE("rspamd_cryptobox") { @@ -190,10 +206,10 @@ TEST_SUITE("rspamd_cryptobox") const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay"; gsize outlen; auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT); - const unsigned char expected[32] = {95, 76, 225, 188, 0, 26, 146, 94, 70, 249, - 90, 189, 35, 51, 1, 42, 9, 37, 94, 254, 204, 55, 198, 91, 180, 90, - 46, 217, 140, 226, 211, 90}; - const auto expected_arr = std::to_array(expected); + unsigned char expected[32] = {95, 76, 225, 188, 0, 26, 146, 94, 70, 249, + 90, 189, 35, 51, 1, 42, 9, 37, 94, 254, 204, 55, 198, 91, 180, 90, + 46, 217, 140, 226, 211, 90}; + const auto expected_arr = std::vector(std::begin(expected), std::end(expected)); CHECK(outlen == 32); unsigned char out[32]; @@ -202,7 +218,7 @@ TEST_SUITE("rspamd_cryptobox") sk[31] &= 127; sk[31] |= 64; CHECK(crypto_scalarmult(out, sk, pk_decoded) != -1); - auto out_arr = std::to_array(out); + auto out_arr = std::vector(std::begin(out), std::end(out)); CHECK(out_arr == expected_arr); } @@ -217,16 +233,16 @@ TEST_SUITE("rspamd_cryptobox") const char *pk = "k4nz984k36xmcynm1hr9kdbn6jhcxf4ggbrb1quay7f88rpm9kay"; gsize outlen; auto *pk_decoded = rspamd_decode_base32(pk, strlen(pk), &outlen, RSPAMD_BASE32_DEFAULT); - const unsigned char expected[32] = {61, 109, 220, 195, 100, 174, 127, 237, 148, - 122, 154, 61, 165, 83, 93, 105, 127, 166, 153, 112, 103, 224, 2, 200, - 136, 243, 73, 51, 8, 163, 150, 7}; - const auto expected_arr = std::to_array(expected); + unsigned char expected[32] = {61, 109, 220, 195, 100, 174, 127, 237, 148, + 122, 154, 61, 165, 83, 93, 105, 127, 166, 153, 112, 103, 224, 2, 200, + 136, 243, 73, 51, 8, 163, 150, 7}; + const auto expected_arr = std::vector(std::begin(expected), std::end(expected)); CHECK(outlen == 32); unsigned char out[32]; rspamd_cryptobox_nm(out, pk_decoded, sk); - auto out_arr = std::to_array(out); + auto out_arr = std::vector(std::begin(out), std::end(out)); CHECK(out_arr == expected_arr); } } -- cgit v1.2.3 From 80cb50dea482246656a49e54a915bdc343ffe897 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 1 Nov 2024 09:38:11 +0000 Subject: [Fix] Fix memory leak in `lua_new_text` invocations --- src/lua/lua_common.h | 5 ++--- src/lua/lua_compress.c | 12 +++++++----- src/lua/lua_text.c | 4 ++-- src/lua/lua_util.c | 11 +++++++++-- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/src/lua/lua_common.h b/src/lua/lua_common.h index 198735c66..1d39d0c52 100644 --- a/src/lua/lua_common.h +++ b/src/lua/lua_common.h @@ -94,8 +94,7 @@ static inline int lua_absindex(lua_State *L, int i) #define LUA_PUBLIC_FUNCTION_DEF(class, name) int lua_##class##_##name(lua_State *L) #define LUA_INTERFACE_DEF(class, name) \ { \ - #name, lua_##class##_##name \ - } + #name, lua_##class##_##name} extern const luaL_reg null_reg[]; @@ -281,7 +280,7 @@ struct rspamd_lua_text *lua_check_text_or_string(lua_State *L, int pos); * @return */ struct rspamd_lua_text *lua_new_text(lua_State *L, const char *start, - gsize len, gboolean own); + gsize len, gboolean allocate_memory); /** * Create new text object from task pool if allocation is needed * @param task diff --git a/src/lua/lua_compress.c b/src/lua/lua_compress.c index 4a348404c..c82394ed6 100644 --- a/src/lua/lua_compress.c +++ b/src/lua/lua_compress.c @@ -1,11 +1,11 @@ -/*- - * Copyright 2021 Vsevolod Stakhov +/* + * Copyright 2024 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -504,7 +504,8 @@ lua_zstd_compress_stream(lua_State *L) return lua_zstd_push_error(L, err); } - lua_new_text(L, onb.dst, onb.pos, TRUE); + t = lua_new_text(L, onb.dst, onb.pos, FALSE); + t->flags |= RSPAMD_TEXT_FLAG_OWN; return 1; } @@ -598,7 +599,8 @@ lua_zstd_decompress_stream(lua_State *L) return lua_zstd_push_error(L, err); } - lua_new_text(L, onb.dst, onb.pos, TRUE); + t = lua_new_text(L, onb.dst, onb.pos, FALSE); + t->flags |= RSPAMD_TEXT_FLAG_OWN; return 1; } diff --git a/src/lua/lua_text.c b/src/lua/lua_text.c index 4478314f1..3342fc95c 100644 --- a/src/lua/lua_text.c +++ b/src/lua/lua_text.c @@ -312,14 +312,14 @@ lua_check_text_or_string(lua_State *L, int pos) } struct rspamd_lua_text * -lua_new_text(lua_State *L, const char *start, gsize len, gboolean own) +lua_new_text(lua_State *L, const char *start, gsize len, gboolean allocate_memory) { struct rspamd_lua_text *t; t = lua_newuserdata(L, sizeof(*t)); t->flags = 0; - if (own) { + if (allocate_memory) { char *storage; if (len > 0) { diff --git a/src/lua/lua_util.c b/src/lua/lua_util.c index 92f831f6f..251d1e1e7 100644 --- a/src/lua/lua_util.c +++ b/src/lua/lua_util.c @@ -1025,7 +1025,12 @@ lua_util_encode_base64(lua_State *L) } if (out != NULL) { - lua_new_text(L, out, outlen, TRUE); + /* + * Manually set OWN flag, as `lua_new_text` will allocate another chunk of memory, + * and we will have memory leak of the memory allocated by `rspamd_encode_base64_fold` + */ + t = lua_new_text(L, out, outlen, FALSE); + t->flags = RSPAMD_TEXT_FLAG_OWN; } else { lua_pushnil(L); @@ -1650,7 +1655,9 @@ lua_util_transliterate(lua_State *L) gsize outlen; char *transliterated = rspamd_utf8_transliterate(t->start, t->len, &outlen); - lua_new_text(L, transliterated, outlen, TRUE); + + t = lua_new_text(L, transliterated, outlen, FALSE); + t->flags = RSPAMD_TEXT_FLAG_OWN; return 1; } -- cgit v1.2.3