git-svn: trunk@2565
Tomasz Kojm authored on 2006/12/20 05:47:45... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Tue Dec 19 21:44:13 CET 2006 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/regex_list.c: strict whitelisting (Edvin) |
|
4 |
+ |
|
1 | 5 |
Tue Dec 19 21:28:09 CET 2006 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav/phishcheck.c, regex_list.c: fix some compiler warnings, patch |
... | ... |
@@ -19,6 +19,9 @@ |
19 | 19 |
* MA 02110-1301, USA. |
20 | 20 |
* |
21 | 21 |
* $Log: regex_list.c,v $ |
22 |
+ * Revision 1.18 2006/12/19 20:47:45 tkojm |
|
23 |
+ * strict whitelisting |
|
24 |
+ * |
|
22 | 25 |
* Revision 1.17 2006/12/19 20:30:17 tkojm |
23 | 26 |
* fix some compiler warnings |
24 | 27 |
* |
... | ... |
@@ -356,7 +359,7 @@ int regex_list_match(struct regex_matcher* matcher,const char* real_url,const ch |
356 | 356 |
{ |
357 | 357 |
size_t real_len = strlen(real_url); |
358 | 358 |
size_t display_len = strlen(display_url); |
359 |
- size_t buffer_len = (hostOnly && !is_whitelist) ? real_len : real_len + display_len + 1; |
|
359 |
+ size_t buffer_len = (hostOnly && !is_whitelist) ? real_len : real_len + display_len + 1 + (is_whitelist ? 1 : 0); |
|
360 | 360 |
char* buffer = cli_malloc(buffer_len+1); |
361 | 361 |
size_t i; |
362 | 362 |
int rc = 0; |
... | ... |
@@ -369,6 +372,8 @@ int regex_list_match(struct regex_matcher* matcher,const char* real_url,const ch |
369 | 369 |
buffer[real_len]= (!is_whitelist && hostOnly) ? '\0' : ':'; |
370 | 370 |
if(!hostOnly || is_whitelist) { |
371 | 371 |
strncpy(buffer+real_len+1,display_url,display_len); |
372 |
+ if(is_whitelist) |
|
373 |
+ buffer[buffer_len - 1] = '/'; |
|
372 | 374 |
buffer[buffer_len]=0; |
373 | 375 |
} |
374 | 376 |
cli_dbgmsg("Looking up in regex_list: %s\n", buffer); |
... | ... |
@@ -637,6 +642,20 @@ int load_regex_matcher(struct regex_matcher* matcher,FILE* fd,unsigned int optio |
637 | 637 |
pattern[0]='\0'; |
638 | 638 |
flags = buffer+1; |
639 | 639 |
pattern++; |
640 |
+ |
|
641 |
+ if(is_whitelist) { |
|
642 |
+ const size_t pattern_len = strlen(pattern); |
|
643 |
+ if(pattern_len < FILEBUFF) { |
|
644 |
+ pattern[pattern_len] = '/'; |
|
645 |
+ pattern[pattern_len+1] = '\0'; |
|
646 |
+ } |
|
647 |
+ else { |
|
648 |
+ cli_errmsg("Overlong regex line %d\n",line); |
|
649 |
+ fatal_error(matcher); |
|
650 |
+ return CL_EMALFDB; |
|
651 |
+ } |
|
652 |
+ } |
|
653 |
+ |
|
640 | 654 |
if((buffer[0] == 'R' && !is_whitelist) || (buffer[0] == 'X' && is_whitelist)) {/*regex*/ |
641 | 655 |
if(( rc = add_pattern(matcher,(const unsigned char*)pattern,flags) )) |
642 | 656 |
return rc==CL_EMEM ? CL_EMEM : CL_EMALFDB; |