commit 0effbd0: [Fix] Avoid curse of dynamic array referencing
Vsevolod Stakhov
vsevolod at highsecure.ru
Mon Feb 1 14:21:09 UTC 2021
Author: Vsevolod Stakhov
Date: 2021-02-01 14:19:49 +0000
URL: https://github.com/rspamd/rspamd/commit/0effbd0b4d9dd5b7a7ad888968cea07a2566670f (HEAD -> master)
[Fix] Avoid curse of dynamic array referencing
---
src/libmime/scan_result.c | 20 ++++++++++----------
src/libmime/scan_result_private.h | 2 +-
src/libserver/protocol.c | 4 ++--
src/libserver/task.c | 2 +-
src/lua/lua_task.c | 6 +++---
5 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/libmime/scan_result.c b/src/libmime/scan_result.c
index b75dddb1f..0256ab485 100644
--- a/src/libmime/scan_result.c
+++ b/src/libmime/scan_result.c
@@ -39,7 +39,7 @@ static void
rspamd_scan_result_dtor (gpointer d)
{
struct rspamd_scan_result *r = (struct rspamd_scan_result *)d;
- struct rspamd_symbol_result sres;
+ struct rspamd_symbol_result *sres;
rspamd_set_counter_ema (&symbols_count, kh_size (r->symbols), 0.5);
@@ -48,8 +48,8 @@ rspamd_scan_result_dtor (gpointer d)
}
kh_foreach_value (r->symbols, sres, {
- if (sres.options) {
- kh_destroy (rspamd_options_hash, sres.options);
+ if (sres->options) {
+ kh_destroy (rspamd_options_hash, sres->options);
}
});
kh_destroy (rspamd_symbols_hash, r->symbols);
@@ -279,7 +279,7 @@ insert_metric_result (struct rspamd_task *task,
k = kh_get (rspamd_symbols_hash, metric_res->symbols, symbol);
if (k != kh_end (metric_res->symbols)) {
/* Existing metric score */
- s = &kh_value (metric_res->symbols, k);
+ s = kh_value (metric_res->symbols, k);
if (single) {
max_shots = 1;
}
@@ -399,8 +399,8 @@ insert_metric_result (struct rspamd_task *task,
k = kh_put (rspamd_symbols_hash, metric_res->symbols,
sym_cpy, &ret);
g_assert (ret > 0);
- s = &kh_value (metric_res->symbols, k);
- memset (s, 0, sizeof (*s));
+ s = rspamd_mempool_alloc0 (task->task_pool, sizeof (*s));
+ kh_value (metric_res->symbols, k) = s;
/* Handle grow factor */
if (metric_res->grow_factor && final_score > 0) {
@@ -916,7 +916,7 @@ rspamd_task_find_symbol_result (struct rspamd_task *task, const char *sym,
k = kh_get (rspamd_symbols_hash, result->symbols, sym);
if (k != kh_end (result->symbols)) {
- res = &kh_value (result->symbols, k);
+ res = kh_value (result->symbols, k);
}
return res;
@@ -938,7 +938,7 @@ struct rspamd_symbol_result* rspamd_task_remove_symbol_result (
k = kh_get (rspamd_symbols_hash, result->symbols, symbol);
if (k != kh_end (result->symbols)) {
- res = &kh_value (result->symbols, k);
+ res = kh_value (result->symbols, k);
if (!isnan (res->score)) {
/* Remove score from the result */
@@ -981,7 +981,7 @@ rspamd_task_symbol_result_foreach (struct rspamd_task *task,
gpointer ud)
{
const gchar *kk;
- struct rspamd_symbol_result res;
+ struct rspamd_symbol_result *res;
if (result == NULL) {
/* Use default result */
@@ -990,7 +990,7 @@ rspamd_task_symbol_result_foreach (struct rspamd_task *task,
if (func) {
kh_foreach (result->symbols, kk, res, {
- func ((gpointer)kk, (gpointer)&res, ud);
+ func ((gpointer)kk, (gpointer)res, ud);
});
}
}
diff --git a/src/libmime/scan_result_private.h b/src/libmime/scan_result_private.h
index cb4ff4cda..39e544146 100644
--- a/src/libmime/scan_result_private.h
+++ b/src/libmime/scan_result_private.h
@@ -32,7 +32,7 @@ KHASH_INIT (rspamd_options_hash, struct rspamd_symbol_option *, char,
/**
* Result of metric processing
*/
-KHASH_MAP_INIT_STR (rspamd_symbols_hash, struct rspamd_symbol_result);
+KHASH_MAP_INIT_STR (rspamd_symbols_hash, struct rspamd_symbol_result *);
#if UINTPTR_MAX <= UINT_MAX
/* 32 bit */
#define rspamd_ptr_hash_func(key) (khint32_t)(((uintptr_t)(key))>>1)
diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c
index 31b0308cb..7307c95c8 100644
--- a/src/libserver/protocol.c
+++ b/src/libserver/protocol.c
@@ -1251,7 +1251,7 @@ rspamd_scan_result_ucl (struct rspamd_task *task,
obj = ucl_object_typed_new (UCL_OBJECT);
}
- kh_foreach_value_ptr (mres->symbols, sym, {
+ kh_foreach_value (mres->symbols, sym, {
if (!(sym->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) {
sobj = rspamd_metric_symbol_ucl (task, sym);
ucl_object_insert_key (obj, sobj, sym->name, 0, false);
@@ -1968,7 +1968,7 @@ rspamd_protocol_write_log_pipe (struct rspamd_task *task)
i = 0;
- kh_foreach_value_ptr (mres->symbols, sym, {
+ kh_foreach_value (mres->symbols, sym, {
id = rspamd_symcache_find_symbol (task->cfg->cache,
sym->name);
diff --git a/src/libserver/task.c b/src/libserver/task.c
index 43ce59ee1..407f2c4d4 100644
--- a/src/libserver/task.c
+++ b/src/libserver/task.c
@@ -1120,7 +1120,7 @@ rspamd_task_log_metric_res (struct rspamd_task *task,
symbuf = rspamd_fstring_sized_new (128);
sorted_symbols = g_ptr_array_sized_new (kh_size (mres->symbols));
- kh_foreach_value_ptr (mres->symbols, sym, {
+ kh_foreach_value (mres->symbols, sym, {
if (!(sym->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) {
g_ptr_array_add (sorted_symbols, (gpointer)sym);
}
diff --git a/src/lua/lua_task.c b/src/lua/lua_task.c
index 38b22f489..3bd84d886 100644
--- a/src/lua/lua_task.c
+++ b/src/lua/lua_task.c
@@ -4657,7 +4657,7 @@ lua_task_get_symbols (lua_State *L)
lua_createtable (L, kh_size (mres->symbols), 0);
lua_createtable (L, kh_size (mres->symbols), 0);
- kh_foreach_value_ptr (mres->symbols, s, {
+ kh_foreach_value (mres->symbols, s, {
if (!(s->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) {
lua_pushstring (L, s->name);
lua_rawseti (L, -3, i);
@@ -4700,7 +4700,7 @@ lua_task_get_symbols_all (lua_State *L)
found = TRUE;
lua_createtable (L, kh_size (mres->symbols), 0);
- kh_foreach_value_ptr (mres->symbols, s, {
+ kh_foreach_value (mres->symbols, s, {
if (!(s->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) {
lua_push_symbol_result (L, task, s->name, s, mres, FALSE, TRUE);
lua_rawseti (L, -2, i++);
@@ -4742,7 +4742,7 @@ lua_task_get_symbols_numeric (lua_State *L)
lua_createtable (L, kh_size (mres->symbols), 0);
- kh_foreach_value_ptr (mres->symbols, s, {
+ kh_foreach_value (mres->symbols, s, {
if (!(s->flags & RSPAMD_SYMBOL_RESULT_IGNORED)) {
id = rspamd_symcache_find_symbol (task->cfg->cache,
s->name);
More information about the Commits
mailing list