...
|
...
|
@@ -1429,6 +1429,9 @@ static enum phish_status phishingCheck(const struct cl_engine* engine, struct ur
|
1429
|
1429
|
int phishy = 0;
|
1430
|
1430
|
const struct phishcheck* pchk = (const struct phishcheck*)engine->phishcheck;
|
1431
|
1431
|
|
|
1432
|
+ char* realData = NULL;
|
|
1433
|
+ char* displayData = NULL;
|
|
1434
|
+
|
1432
|
1435
|
if (!urls->realLink.data)
|
1433
|
1436
|
return CL_PHISH_CLEAN;
|
1434
|
1437
|
|
...
|
...
|
@@ -1486,9 +1489,23 @@ static enum phish_status phishingCheck(const struct cl_engine* engine, struct ur
|
1486
|
1486
|
* Eg:
|
1487
|
1487
|
* R:.+\.malicious\.net([/?].*)?:.+\.benign\.com
|
1488
|
1488
|
*/
|
1489
|
|
- if (domainlist_match(engine, urls->realLink.data, urls->displayLink.data, &urls->pre_fixup, 0)) {
|
|
1489
|
+ /* Provide copies of the oirinal URL's, because domainlist_match() may modify the buffer,
|
|
1490
|
+ and we don't want that to happen in this case. */
|
|
1491
|
+ realData = cli_strdup(urls->realLink.data);
|
|
1492
|
+ if (!realData) {
|
|
1493
|
+ cli_errmsg("Phishcheck: Failed to allocate memory for temporary real link string.\n");
|
|
1494
|
+ return CL_PHISH_CLEAN;
|
|
1495
|
+ }
|
|
1496
|
+ displayData = cli_strdup(urls->displayLink.data);
|
|
1497
|
+ if (!displayData) {
|
|
1498
|
+ cli_errmsg("Phishcheck: Failed to allocate memory for temporary display link string.\n");
|
|
1499
|
+ return CL_PHISH_CLEAN;
|
|
1500
|
+ }
|
|
1501
|
+ if (domainlist_match(engine, realData, displayData, &urls->pre_fixup, 0)) {
|
1490
|
1502
|
phishy |= DOMAIN_LISTED;
|
1491
|
1503
|
}
|
|
1504
|
+ free(realData);
|
|
1505
|
+ free(displayData);
|
1492
|
1506
|
|
1493
|
1507
|
/*
|
1494
|
1508
|
* Get copy of URLs stripped down to just the FQDN.
|