git-svn: trunk@4248
Török Edvin authored on 2008/10/11 19:27:34... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Sat Oct 11 13:17:29 EEST 2008 (edwin) |
|
2 |
+------------------------------------- |
|
3 |
+ * libclamav/phishcheck.c, unit_tests/check_clamscan.sh, |
|
4 |
+ unit_tests/input/phish-test-ssl: fix URL parsing, since we now parse |
|
5 |
+ the full URL |
|
6 |
+ |
|
1 | 7 |
Sat Oct 11 11:16:02 EEST 2008 (edwin) |
2 | 8 |
------------------------------------- |
3 | 9 |
* Makefile.am, Makefile.in, libclamav/jsparse/js-norm.c, |
... | ... |
@@ -997,7 +997,7 @@ static inline int validate_uri_ialpha(const char *start, const char *end) |
997 | 997 |
static int isURL(const struct phishcheck* pchk,const char* URL, int accept_anyproto) |
998 | 998 |
{ |
999 | 999 |
size_t len; |
1000 |
- const char *start = NULL, *p, *q; |
|
1000 |
+ const char *start = NULL, *p, *q, *end; |
|
1001 | 1001 |
if(!URL) |
1002 | 1002 |
return 0; |
1003 | 1003 |
|
... | ... |
@@ -1038,8 +1038,13 @@ static int isURL(const struct phishcheck* pchk,const char* URL, int accept_anypr |
1038 | 1038 |
} else |
1039 | 1039 |
start = URL; |
1040 | 1040 |
p = start; |
1041 |
+ end = strchr(p, '/'); |
|
1042 |
+ if (!end) |
|
1043 |
+ end = p + strlen(p); |
|
1041 | 1044 |
do { |
1042 | 1045 |
q = strchr(p, '.'); |
1046 |
+ if (q > end) |
|
1047 |
+ break; |
|
1043 | 1048 |
if(q) { |
1044 | 1049 |
if(!validate_uri_xpalphas_nodot(p, q)) |
1045 | 1050 |
return 0; |
... | ... |
@@ -1048,9 +1053,10 @@ static int isURL(const struct phishcheck* pchk,const char* URL, int accept_anypr |
1048 | 1048 |
} while(q); |
1049 | 1049 |
if (p == start) /* must have at least one dot in the URL */ |
1050 | 1050 |
return 0; |
1051 |
- len = strlen(p); |
|
1052 |
- while (len > 1 && p[len-1] == ' ') len--; |
|
1053 |
- return !!in_tld_set(p, len); |
|
1051 |
+ if (end < p) |
|
1052 |
+ end = p; |
|
1053 |
+ while (*end == ' ' && end > p) --end; |
|
1054 |
+ return !!in_tld_set(p, end - p); |
|
1054 | 1055 |
} |
1055 | 1056 |
|
1056 | 1057 |
/* |
... | ... |
@@ -58,7 +58,9 @@ if test $val != 1; then |
58 | 58 |
echo "Error running clamscan: $val" >&2; |
59 | 59 |
die 3; |
60 | 60 |
fi |
61 |
-if grep "phish-test-ssl: Phishing.Heuristics.SSL-Spoof FOUND" clamscan2.log && grep "phish-test-cloak: Phishing.Heuristics.Cloaked-Null FOUND" clamscan2.log; then |
|
62 |
- echo "FOUND" |
|
61 |
+grep "phish-test-ssl: Phishing.Heuristics.Email.SSL-Spoof FOUND" clamscan2.log >/dev/null && grep "phish-test-cloak: Phishing.Heuristics.Email.Cloaked.Null FOUND" clamscan2.log >/dev/null |
|
62 |
+if test $? -ne 0; then |
|
63 |
+ echo "Error on ssl/cloak phishing test" >&2; |
|
64 |
+ die 4; |
|
63 | 65 |
fi |
64 | 66 |
die 0; |