...
|
...
|
@@ -191,7 +191,7 @@ static const unsigned short int char_class[256] = {
|
191
|
191
|
static const size_t std_class_cnt = sizeof(std_class)/sizeof(std_class[0]);
|
192
|
192
|
|
193
|
193
|
/* Prototypes */
|
194
|
|
-static int add_pattern(struct regex_matcher* matcher,const unsigned char* pat,const char* info);
|
|
194
|
+static int add_pattern(struct regex_matcher* matcher,const unsigned char* pat,const char* info,int hostOnly);
|
195
|
195
|
static int match_node(struct tree_node* node,const unsigned char* c,size_t len,const char** info);
|
196
|
196
|
static void destroy_tree(struct regex_matcher* matcher);
|
197
|
197
|
static struct tree_node* tree_root_alloc(void);
|
...
|
...
|
@@ -271,8 +271,8 @@ int regex_list_match(struct regex_matcher* matcher,const char* real_url,const ch
|
271
|
271
|
} else
|
272
|
272
|
rc = 0;
|
273
|
273
|
|
274
|
|
- if(!rc && !hostOnly)
|
275
|
|
- rc = match_node(matcher->root_regex,(unsigned char*)buffer,buffer_len,info) == MATCH_SUCCESS ? CL_VIRUS : CL_SUCCESS;
|
|
274
|
+ if(!rc)
|
|
275
|
+ rc = match_node(hostOnly ? matcher->root_regex_hostonly : matcher->root_regex,(unsigned char*)buffer,buffer_len,info) == MATCH_SUCCESS ? CL_VIRUS : CL_SUCCESS;
|
276
|
276
|
free(buffer);
|
277
|
277
|
if(!rc)
|
278
|
278
|
cli_dbgmsg("not in regex list\n");
|
...
|
...
|
@@ -349,11 +349,19 @@ int init_regex_list(struct regex_matcher* matcher)
|
349
|
349
|
return CL_EMEM;
|
350
|
350
|
}
|
351
|
351
|
|
|
352
|
+ matcher->root_regex_hostonly = tree_root_alloc();
|
|
353
|
+ if(!matcher->root_regex_hostonly) {
|
|
354
|
+ free(matcher->root_regex);
|
|
355
|
+ return CL_EMEM;
|
|
356
|
+ }
|
|
357
|
+
|
352
|
358
|
if(( rc = stack_init(&matcher->node_stack) )) {
|
|
359
|
+ free(matcher->root_regex_hostonly);
|
353
|
360
|
free(matcher->root_regex);
|
354
|
361
|
return rc;
|
355
|
362
|
}
|
356
|
363
|
if(( rc = stack_init(&matcher->node_stack_alt) )) {
|
|
364
|
+ free(matcher->root_regex_hostonly);
|
357
|
365
|
free(matcher->root_regex);
|
358
|
366
|
stack_destroy(&matcher->node_stack);
|
359
|
367
|
return rc;
|
...
|
...
|
@@ -489,10 +497,17 @@ int load_regex_matcher(struct regex_matcher* matcher,FILE* fd,unsigned int optio
|
489
|
489
|
* Multiple lines of form, (empty lines are skipped):
|
490
|
490
|
* Flags RealURL DisplayedURL
|
491
|
491
|
* Where:
|
492
|
|
- * Flags: R - regex, H - host-only, followed by (optional) 3-digit hexnumber representing
|
|
492
|
+ * Flags:
|
|
493
|
+ *
|
|
494
|
+ * .pdb files:
|
|
495
|
+ * R - regex, H - host-only, followed by (optional) 3-digit hexnumber representing
|
493
|
496
|
* flags that should be filtered.
|
494
|
497
|
* [i.e. phishcheck urls.flags that we don't want to be done for this particular host]
|
495
|
|
- * Note:Flag filtering only makes sense in .pdb files.
|
|
498
|
+ *
|
|
499
|
+ * .wdb files:
|
|
500
|
+ * X - full URL regex
|
|
501
|
+ * Y - host-only regex
|
|
502
|
+ * M - host simple pattern
|
496
|
503
|
*
|
497
|
504
|
* If a line in the file doesn't conform to this format, loading fails
|
498
|
505
|
*
|
...
|
...
|
@@ -531,8 +546,8 @@ int load_regex_matcher(struct regex_matcher* matcher,FILE* fd,unsigned int optio
|
531
|
531
|
}
|
532
|
532
|
}
|
533
|
533
|
|
534
|
|
- if((buffer[0] == 'R' && !is_whitelist) || (buffer[0] == 'X' && is_whitelist)) {/*regex*/
|
535
|
|
- if(( rc = add_pattern(matcher,(const unsigned char*)pattern,flags) ))
|
|
534
|
+ if((buffer[0] == 'R' && !is_whitelist) || ((buffer[0] == 'X' || buffer[0] == 'Y') && is_whitelist)) {/*regex*/
|
|
535
|
+ if(( rc = add_pattern(matcher,(const unsigned char*)pattern,flags, buffer[0] == 'Y') ))
|
536
|
536
|
return rc==CL_EMEM ? CL_EMEM : CL_EMALFDB;
|
537
|
537
|
}
|
538
|
538
|
else if( ( buffer[0] == 'H' && !is_whitelist) || (buffer[0] == 'M' && is_whitelist)) {/*matches displayed host*/
|
...
|
...
|
@@ -1030,7 +1045,7 @@ int is_regex_ok(struct regex_matcher* matcher)
|
1030
|
1030
|
}
|
1031
|
1031
|
|
1032
|
1032
|
/* returns 0 on success, regexec error code otherwise */
|
1033
|
|
-static int add_pattern(struct regex_matcher* matcher,const unsigned char* pat,const char* info)
|
|
1033
|
+static int add_pattern(struct regex_matcher* matcher,const unsigned char* pat,const char* info, int hostonly)
|
1034
|
1034
|
{
|
1035
|
1035
|
int bol=1;
|
1036
|
1036
|
const unsigned char* pat_end = find_regex_start(pat);
|
...
|
...
|
@@ -1039,7 +1054,7 @@ static int add_pattern(struct regex_matcher* matcher,const unsigned char* pat,co
|
1039
|
1039
|
|
1040
|
1040
|
massert(matcher);
|
1041
|
1041
|
|
1042
|
|
- node = matcher->root_regex;
|
|
1042
|
+ node = hostonly ? matcher->root_regex_hostonly : matcher->root_regex;
|
1043
|
1043
|
|
1044
|
1044
|
stack_reset(&matcher->node_stack);
|
1045
|
1045
|
stack_reset(&matcher->node_stack_alt);
|
...
|
...
|
@@ -1387,6 +1402,7 @@ static void destroy_tree(struct regex_matcher* matcher)
|
1387
|
1387
|
|
1388
|
1388
|
stack_reset(&matcher->node_stack);
|
1389
|
1389
|
destroy_tree_internal(matcher,matcher->root_regex);
|
|
1390
|
+ destroy_tree_internal(matcher,matcher->root_regex_hostonly);
|
1390
|
1391
|
while (matcher->node_stack.cnt) {
|
1391
|
1392
|
struct tree_node* node = stack_pop(&matcher->node_stack);
|
1392
|
1393
|
if(node)
|