commit b083a2a: [Minor] Adopt lua_url stuff for the new PRG

Fri Mar 18 21:35:05 UTC 2022

Author: Vsevolod Stakhov
Date: 2022-03-18 21:33:31 +0000
URL: https://github.com/rspamd/rspamd/commit/b083a2a17f190d7e15ba0a80aa811746f974a8ed (HEAD -> master)

[Minor] Adopt lua_url stuff for the new PRG

---
 src/lua/lua_url.c | 12 ++++++------
 src/lua/lua_url.h |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/lua/lua_url.c b/src/lua/lua_url.c
index af7dd5f4e..a2ce1d987 100644
--- a/src/lua/lua_url.c
+++ b/src/lua/lua_url.c
@@ -963,7 +963,7 @@ lua_tree_url_callback (gpointer key, gpointer value, gpointer ud)
 		}
 
 		if (cb->skip_prob > 0) {
-			gdouble coin = rspamd_random_double_fast_seed (cb->xoroshiro_state);
+			gdouble coin = rspamd_random_double_fast_seed (&cb->random_seed);
 
 			if (coin < cb->skip_prob) {
 				return;
@@ -1337,7 +1337,7 @@ lua_url_cbdata_dtor (struct lua_tree_cb_data *cbd)
 }
 
 gsize
-lua_url_adjust_skip_prob (gdouble timestamp,
+lua_url_adjust_skip_prob (float timestamp,
 						  guchar digest[16],
 						  struct lua_tree_cb_data *cb,
 						  gsize sz)
@@ -1347,11 +1347,11 @@ lua_url_adjust_skip_prob (gdouble timestamp,
 		/*
 		 * Use task dependent probabilistic seed to ensure that
 		 * consequent task:get_urls return the same list of urls
+		 * We use both digest and timestamp here to avoid attack surface
+		 * based just on digest.
 		 */
-		memset (cb->xoroshiro_state, 0, sizeof (cb->xoroshiro_state));
-		memcpy (&cb->xoroshiro_state[0], &timestamp,
-				MIN (sizeof (cb->xoroshiro_state[0]), sizeof (timestamp)));
-		memcpy (&cb->xoroshiro_state[1], digest, 16);
+		memcpy(&cb->random_seed, digest, 4);
+		memcpy(((unsigned char *)&cb->random_seed) + 4, &timestamp, 4);
 		sz = cb->max_urls;
 	}
 
diff --git a/src/lua/lua_url.h b/src/lua/lua_url.h
index 904a56da7..ac6adec50 100644
--- a/src/lua/lua_url.h
+++ b/src/lua/lua_url.h
@@ -37,7 +37,7 @@ struct lua_tree_cb_data {
 	gboolean sort;
 	gsize max_urls;
 	gdouble skip_prob;
-	guint64 xoroshiro_state[4];
+	guint64 random_seed;
 };
 
 void lua_tree_url_callback (gpointer key, gpointer value, gpointer ud);
@@ -75,7 +75,7 @@ void lua_url_cbdata_dtor (struct lua_tree_cb_data *cbd);
  * @param max_urls
  * @return
  */
-gsize lua_url_adjust_skip_prob (gdouble timestamp,
+gsize lua_url_adjust_skip_prob (float timestamp,
 								guchar *digest,
 								struct lua_tree_cb_data *cb,
 								gsize sz);
