]> git.ipfire.org Git - thirdparty/rspamd.git/commitdiff
projects / thirdparty / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afbdb46)
[Fix] Fix encrypted legacy reply in fuzzy storage
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Tue, 28 Nov 2017 20:21:45 +0000 (20:21 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Tue, 28 Nov 2017 20:21:45 +0000 (20:21 +0000)
src/fuzzy_storage.c patch | blob | blame | history

diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index 267ece15612ce18520f8bcfdccd81dbfb2f9be69..7ef9daa07458d709987a1ad45be9ecfa91a257bb 100644 (file)
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -711,6 +711,8 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd,
                struct fuzzy_session *session,
                gboolean encrypted, gboolean is_shingle)
 {
+       gsize len;
+
        if (cmd) {
                result->v1.tag = cmd->tag;
 
@@ -729,8 +731,21 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd,
                        /* We need also to encrypt reply */
                        ottery_rand_bytes (session->reply.hdr.nonce,
                                        sizeof (session->reply.hdr.nonce));
+
+                       /*
+                        * For old replies we need to encrypt just old part, otherwise
+                        * decryption would fail due to mac verification mistake
+                        */
+
+                       if (session->epoch > RSPAMD_FUZZY_EPOCH10) {
+                               len = sizeof (session->reply.rep);
+                       }
+                       else {
+                               len = sizeof (session->reply.rep.v1);
+                       }
+
                        rspamd_cryptobox_encrypt_nm_inplace ((guchar *)&session->reply.rep,
-                                       sizeof (session->reply.rep),
+                                       len,
                                        session->reply.hdr.nonce,
                                        session->nm,
                                        session->reply.hdr.mac,
@@ -808,6 +823,9 @@ rspamd_fuzzy_process_command (struct fuzzy_session *session)
                break;
        }
 
+       memcpy (session->reply.rep.digest, cmd->digest,
+                       sizeof (session->reply.rep.digest));
+
        if (G_UNLIKELY (cmd == NULL || up_len == 0)) {
                result.v1.value = 500;
                result.v1.prob = 0.0;
Mirror of https://github.com/rspamd/rspamd.git