From: Vsevolod Stakhov Date: Wed, 28 Jul 2010 16:35:51 +0000 (+0400) Subject: * Fix parsing txt records to avoid reading of uninitialized data X-Git-Tag: 0.3.1~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1b106b62bc140af89e14cb91b10f7978a47932fc;p=thirdparty%2Frspamd.git * Fix parsing txt records to avoid reading of uninitialized data --- diff --git a/src/dns.c b/src/dns.c index cd80163f03..5197aae66d 100644 --- a/src/dns.c +++ b/src/dns.c @@ -762,7 +762,7 @@ end: static gint dns_parse_rr (guint8 *in, union rspamd_reply_element *elt, guint8 **pos, struct rspamd_dns_reply *rep, int *remain) { - guint8 *p = *pos; + guint8 *p = *pos, parts; guint16 type, datalen, txtlen, copied; gboolean parsed = FALSE; @@ -831,9 +831,11 @@ dns_parse_rr (guint8 *in, union rspamd_reply_element *elt, guint8 **pos, struct elt->txt.data = memory_pool_alloc (rep->request->pool, datalen + 1); /* Now we should compose data from parts */ copied = 0; - while (copied < datalen) { + parts = 0; + while (copied + parts < datalen) { txtlen = *p; - if (txtlen + copied < datalen) { + if (txtlen + copied + parts <= datalen) { + parts ++; memcpy (elt->txt.data + copied, p + 1, txtlen); copied += txtlen; p += txtlen + 1; diff --git a/src/plugins/fuzzy_check.c b/src/plugins/fuzzy_check.c index 971e747f2a..4567f62cf1 100644 --- a/src/plugins/fuzzy_check.c +++ b/src/plugins/fuzzy_check.c @@ -349,6 +349,7 @@ fuzzy_io_callback (int fd, short what, void *arg) cmd.value = 0; memcpy (cmd.hash, session->h->hash_pipe, sizeof (cmd.hash)); cmd.cmd = FUZZY_CHECK; + cmd.flag = 0; if (write (fd, &cmd, sizeof (struct fuzzy_cmd)) == -1) { goto err; } @@ -560,8 +561,7 @@ fuzzy_symbol_callback (struct worker_task *task, void *unused) mime_part = cur->data; if (mime_part->content->len > 0 && mime_part->checksum != NULL) { /* Construct fake fuzzy hash */ - fake_fuzzy = memory_pool_alloc (task->task_pool, sizeof (fuzzy_hash_t)); - fake_fuzzy->block_size = 0; + fake_fuzzy = memory_pool_alloc0 (task->task_pool, sizeof (fuzzy_hash_t)); g_strlcpy (fake_fuzzy->hash_pipe, mime_part->checksum, sizeof (fake_fuzzy->hash_pipe)); register_fuzzy_call (task, fake_fuzzy); } @@ -695,6 +695,7 @@ fuzzy_process_handler (struct controller_session *session, f_str_t * in) if (mime_part->content->len > 0 && mime_part->checksum != NULL) { /* Construct fake fuzzy hash */ fake_fuzzy.block_size = 0; + bzero (fake_fuzzy.hash_pipe, sizeof (fake_fuzzy.hash_pipe)); g_strlcpy (fake_fuzzy.hash_pipe, mime_part->checksum, sizeof (fake_fuzzy.hash_pipe)); if (! register_fuzzy_controller_call (session, task, &fake_fuzzy, cmd, value, flag, saved)) { /* Cannot write hash */