From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 28 Nov 2017 20:21:45 +0000 (+0000)
Subject: [Fix] Fix encrypted legacy reply in fuzzy storage
X-Git-Tag: 1.7.0~396
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dda0fc37676b343a5709e75acbf952a99659aebc;p=thirdparty%2Frspamd.git

[Fix] Fix encrypted legacy reply in fuzzy storage
---

diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index 267ece1561..7ef9daa074 100644
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -711,6 +711,8 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd,
 		struct fuzzy_session *session,
 		gboolean encrypted, gboolean is_shingle)
 {
+	gsize len;
+
 	if (cmd) {
 		result->v1.tag = cmd->tag;
 
@@ -729,8 +731,21 @@ rspamd_fuzzy_make_reply (struct rspamd_fuzzy_cmd *cmd,
 			/* We need also to encrypt reply */
 			ottery_rand_bytes (session->reply.hdr.nonce,
 					sizeof (session->reply.hdr.nonce));
+
+			/*
+			 * For old replies we need to encrypt just old part, otherwise
+			 * decryption would fail due to mac verification mistake
+			 */
+
+			if (session->epoch > RSPAMD_FUZZY_EPOCH10) {
+				len = sizeof (session->reply.rep);
+			}
+			else {
+				len = sizeof (session->reply.rep.v1);
+			}
+
 			rspamd_cryptobox_encrypt_nm_inplace ((guchar *)&session->reply.rep,
-					sizeof (session->reply.rep),
+					len,
 					session->reply.hdr.nonce,
 					session->nm,
 					session->reply.hdr.mac,
@@ -808,6 +823,9 @@ rspamd_fuzzy_process_command (struct fuzzy_session *session)
 		break;
 	}
 
+	memcpy (session->reply.rep.digest, cmd->digest,
+			sizeof (session->reply.rep.digest));
+
 	if (G_UNLIKELY (cmd == NULL || up_len == 0)) {
 		result.v1.value = 500;
 		result.v1.prob = 0.0;