Browse code
strict whitelisting
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Tue Dec 19 21:44:13 CET 2006 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/regex_list.c: strict whitelisting (Edvin) |
|
| 4 |
+ |
|
| 1 | 5 |
Tue Dec 19 21:28:09 CET 2006 (tk) |
| 2 | 6 |
--------------------------------- |
| 3 | 7 |
* libclamav/phishcheck.c, regex_list.c: fix some compiler warnings, patch |
| ... | ... |
@@ -19,6 +19,9 @@ |
| 19 | 19 |
* MA 02110-1301, USA. |
| 20 | 20 |
* |
| 21 | 21 |
* $Log: regex_list.c,v $ |
| 22 |
+ * Revision 1.18 2006/12/19 20:47:45 tkojm |
|
| 23 |
+ * strict whitelisting |
|
| 24 |
+ * |
|
| 22 | 25 |
* Revision 1.17 2006/12/19 20:30:17 tkojm |
| 23 | 26 |
* fix some compiler warnings |
| 24 | 27 |
* |
| ... | ... |
@@ -356,7 +359,7 @@ int regex_list_match(struct regex_matcher* matcher,const char* real_url,const ch |
| 356 | 356 |
{
|
| 357 | 357 |
size_t real_len = strlen(real_url); |
| 358 | 358 |
size_t display_len = strlen(display_url); |
| 359 |
- size_t buffer_len = (hostOnly && !is_whitelist) ? real_len : real_len + display_len + 1; |
|
| 359 |
+ size_t buffer_len = (hostOnly && !is_whitelist) ? real_len : real_len + display_len + 1 + (is_whitelist ? 1 : 0); |
|
| 360 | 360 |
char* buffer = cli_malloc(buffer_len+1); |
| 361 | 361 |
size_t i; |
| 362 | 362 |
int rc = 0; |
| ... | ... |
@@ -369,6 +372,8 @@ int regex_list_match(struct regex_matcher* matcher,const char* real_url,const ch |
| 369 | 369 |
buffer[real_len]= (!is_whitelist && hostOnly) ? '\0' : ':'; |
| 370 | 370 |
if(!hostOnly || is_whitelist) {
|
| 371 | 371 |
strncpy(buffer+real_len+1,display_url,display_len); |
| 372 |
+ if(is_whitelist) |
|
| 373 |
+ buffer[buffer_len - 1] = '/'; |
|
| 372 | 374 |
buffer[buffer_len]=0; |
| 373 | 375 |
} |
| 374 | 376 |
cli_dbgmsg("Looking up in regex_list: %s\n", buffer);
|
| ... | ... |
@@ -637,6 +642,20 @@ int load_regex_matcher(struct regex_matcher* matcher,FILE* fd,unsigned int optio |
| 637 | 637 |
pattern[0]='\0'; |
| 638 | 638 |
flags = buffer+1; |
| 639 | 639 |
pattern++; |
| 640 |
+ |
|
| 641 |
+ if(is_whitelist) {
|
|
| 642 |
+ const size_t pattern_len = strlen(pattern); |
|
| 643 |
+ if(pattern_len < FILEBUFF) {
|
|
| 644 |
+ pattern[pattern_len] = '/'; |
|
| 645 |
+ pattern[pattern_len+1] = '\0'; |
|
| 646 |
+ } |
|
| 647 |
+ else {
|
|
| 648 |
+ cli_errmsg("Overlong regex line %d\n",line);
|
|
| 649 |
+ fatal_error(matcher); |
|
| 650 |
+ return CL_EMALFDB; |
|
| 651 |
+ } |
|
| 652 |
+ } |
|
| 653 |
+ |
|
| 640 | 654 |
if((buffer[0] == 'R' && !is_whitelist) || (buffer[0] == 'X' && is_whitelist)) {/*regex*/
|
| 641 | 655 |
if(( rc = add_pattern(matcher,(const unsigned char*)pattern,flags) )) |
| 642 | 656 |
return rc==CL_EMEM ? CL_EMEM : CL_EMALFDB; |