[Fix] Use null-terminated string for symbol lookup in composite dependency analysis

In composite_dep_callback, atom->begin from rspamd_ftok_t is not null-terminated,
but was being passed directly to symbol_needs_second_pass() which calls
rspamd_symcache_get_symbol_flags() expecting a null-terminated C string.

This could cause incorrect symbol lookups or undefined behavior. Fix by creating
a std::string to ensure null-termination before passing to the C API.

diff --git a/src/libserver/composites/composites_manager.cxx b/src/libserver/composites/composites_manager.cxx
index cc340be4c2a0adbeb8ec9315932a0bc043d858e7..c1bc1d94a29fc02dfa7bca822d6de3c837f7625f 100644 (file)
--- a/src/libserver/composites/composites_manager.cxx
+++ b/src/libserver/composites/composites_manager.cxx
@@ -383,9 +383,11 @@ composite_dep_callback(const rspamd_ftok_t *atom, gpointer ud)
        }
 
        /* Check if the symbol itself needs second pass */
-       if (symbol_needs_second_pass(cfg, atom->begin)) {
-               msg_debug_config("composite depends on second-pass symbol: %*s",
-                                                (int) atom->len, atom->begin);
+       /* Create null-terminated string for C API (rspamd_ftok_t is not null-terminated) */
+       std::string symbol_name(atom->begin, atom->len);
+       if (symbol_needs_second_pass(cfg, symbol_name.c_str())) {
+               msg_debug_config("composite depends on second-pass symbol: %s",
+                                                symbol_name.c_str());
                cbd->needs_second_pass = true;
        }
 }