git-svn: trunk@3255
Török Edvin authored on 2007/09/29 03:05:17... | ... |
@@ -1,3 +1,14 @@ |
1 |
+Fri Sep 28 20:17:41 EEST 2007 (edwin) |
|
2 |
+------------------------------------- |
|
3 |
+ * libclamav/phishcheck.c: fix NULL deref. bug, use of uninitialized |
|
4 |
+ variable, and memory leak from yesterday's commit. (r3255) |
|
5 |
+ * Changelog: add log message for r3254 from svn log, forgot to update |
|
6 |
+ Changelog yesterday (oops) |
|
7 |
+ * libclamav/phish*.[ch], regex_list.[ch]: more improvements to the url extraction algorithm (more to come later). |
|
8 |
+ Reduces false negatives. False |
|
9 |
+ positives ratio should be same. |
|
10 |
+ (r3254) |
|
11 |
+ |
|
1 | 12 |
Wed Sep 26 23:36:06 CEST 2007 (tk) |
2 | 13 |
---------------------------------- |
3 | 14 |
* libclamav/matcher-ac.c: minor optimisation |
... | ... |
@@ -259,13 +259,9 @@ static const char* phishing_ret_toString(enum phish_status rc); |
259 | 259 |
|
260 | 260 |
static void url_check_init(struct url_check* urls) |
261 | 261 |
{ |
262 |
- urls->realLink.refcount=0; |
|
263 |
- urls->realLink.data=empty_string; |
|
264 |
- urls->realLink.ref=NULL; |
|
265 |
- urls->displayLink.refcount=0; |
|
266 |
- urls->displayLink.data=empty_string; |
|
267 |
- urls->displayLink.ref=NULL; |
|
268 |
- urls->pre_fixup.host_start = urls->pre_fixup.host_end = 0; |
|
262 |
+ string_init_c(&urls->realLink, NULL); |
|
263 |
+ string_init_c(&urls->displayLink, NULL); |
|
264 |
+ string_init_c(&urls->pre_fixup.pre_displayLink, NULL); |
|
269 | 265 |
} |
270 | 266 |
|
271 | 267 |
/* string reference counting implementation, |
... | ... |
@@ -305,7 +301,7 @@ static void string_assign(struct string* dest,struct string* src) |
305 | 305 |
* */ |
306 | 306 |
static void string_init_c(struct string* dest,char* data) |
307 | 307 |
{ |
308 |
- dest->refcount = 1; |
|
308 |
+ dest->refcount = data ? 1 : 0; |
|
309 | 309 |
dest->data = data ? data : empty_string; |
310 | 310 |
dest->ref = NULL; |
311 | 311 |
} |
... | ... |
@@ -328,10 +324,12 @@ static int string_assign_dup(struct string* dest,const char* start,const char* e |
328 | 328 |
|
329 | 329 |
static void string_assign_null(struct string* dest) |
330 | 330 |
{ |
331 |
- string_free(dest); |
|
332 |
- dest->data=empty_string; |
|
333 |
- dest->refcount=-1;/* don't free it! */ |
|
334 |
- dest->ref=NULL; |
|
331 |
+ if(dest) { |
|
332 |
+ string_free(dest); |
|
333 |
+ dest->data=empty_string; |
|
334 |
+ dest->refcount=-1;/* don't free it! */ |
|
335 |
+ dest->ref=NULL; |
|
336 |
+ } |
|
335 | 337 |
} |
336 | 338 |
|
337 | 339 |
/* this string uses portion of another string*/ |
... | ... |
@@ -348,6 +346,7 @@ static void free_if_needed(struct url_check* url) |
348 | 348 |
{ |
349 | 349 |
string_free(&url->realLink); |
350 | 350 |
string_free(&url->displayLink); |
351 |
+ string_free(&url->pre_fixup.pre_displayLink); |
|
351 | 352 |
} |
352 | 353 |
|
353 | 354 |
static int build_regex(regex_t* preg,const char* regex,int nosub) |
... | ... |
@@ -686,7 +685,7 @@ cleanupURL(struct string *URL,struct string *pre_URL, int isReal) |
686 | 686 |
char *begin = URL->data; |
687 | 687 |
const char *end; |
688 | 688 |
size_t len; |
689 |
- |
|
689 |
+ |
|
690 | 690 |
clear_msb(begin); |
691 | 691 |
/*if(begin == NULL) |
692 | 692 |
return;*/ |
... | ... |
@@ -797,11 +796,12 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
797 | 797 |
} |
798 | 798 |
string_init_c(&urls.realLink,(char*)hrefs->value[i]); |
799 | 799 |
string_init_c(&urls.displayLink,(char*)blobGetData(hrefs->contents[i])); |
800 |
- |
|
800 |
+ string_init_c(&urls.pre_fixup.pre_displayLink, NULL); |
|
801 | 801 |
if (urls.displayLink.data[blobGetDataSize(hrefs->contents[i])-1]) { |
802 | 802 |
cli_warnmsg("urls.displayLink.data[...]"); |
803 | 803 |
return CL_CLEAN; |
804 | 804 |
} |
805 |
+ |
|
805 | 806 |
urls.realLink.refcount=-1; |
806 | 807 |
urls.displayLink.refcount=-1;/*don't free these, caller will free*/ |
807 | 808 |
if(strcmp((char*)hrefs->tag[i],"href")) { |