@@ -1,3 +1,8 @@

+Sat Sep 16 17:46:49 CEST 2006 (acab)

+------------------------------------

+  * phishing: fixed string truncation, crashes and updated relevant

+              documentation (patch from Edvin)

+

 Sat Sep 16 14:30:29 CEST 2006 (acab)

 ------------------------------------

   * libclamav/petite.h: fixed inconsistent function declaration.

@@ -63,6 +63,16 @@ RealURL\InsetSpace ~

 DisplayedURL

 \end_layout

+\begin_layout Standard

+or:

+\end_layout

+

+\begin_layout Standard

+

+\series bold

+H RealURL

+\end_layout

+

 \begin_layout Itemize

 Where 

 \noun on

@@ -82,7 +92,11 @@ R regex, has to match entire url, see section

 \end_layout

 \begin_layout Description

-H has to match the host part of url only (a simple pattern, i.e.

+H has to match the host part of 

+\noun on

+realURL 

+\noun default

+only (a simple pattern, i.e.

  it is matched literally)

 \end_layout

@@ -138,7 +152,8 @@ realURL

 \noun default

 , and its contents is the 

 \noun on

-displayedURL

+displayedURL.

+ 

 \end_layout

 \begin_layout Itemize

@@ -242,7 +257,23 @@ H

 \noun default

 \series default

-flag, then the 2nd href will match too.

+flag, then a line like:

+\end_layout

+

+\begin_layout Quote

+H paypal.com

+\end_layout

+

+\begin_layout Standard

+Will match <a href=

+\begin_inset Quotes erd

+\end_inset

+

+http://owned.com

+\begin_inset Quotes erd

+\end_inset

+

+>paypal.com</a>.

 \end_layout

 \begin_layout Subsubsection

Binary files a/clamav-devel/docs/phishsigs_howto.pdf and b/clamav-devel/docs/phishsigs_howto.pdf differ

@@ -19,6 +19,9 @@

  *  MA 02110-1301, USA.

  *

  *  $Log: phishcheck.c,v $

+ *  Revision 1.6  2006/09/16 15:49:27  acab

+ *  phishing: fixed bugs and updated docs

+ *

  *  Revision 1.5  2006/09/16 05:59:14  njh

  *  Fixed compiler warning

  *

@@ -639,7 +642,7 @@ str_strip(char **begin, const char **end, const char *what, size_t what_len)

 	/* strip trailing @what */

 	if(what_len <= (size_t)(str_end - sbegin)) {

-		str_end_what = str_end - what_len;

+		str_end_what = str_end - what_len + 1;

 		while((str_end_what > sbegin) &&

 		      (strncmp(str_end_what, what, what_len) == 0)) {

 			str_end -= what_len;

@@ -648,8 +651,8 @@ str_strip(char **begin, const char **end, const char *what, size_t what_len)

 	}

 	*begin = sbegin++;

-	while(sbegin+what_len < str_end) {

-		while(sbegin+what_len<str_end && !strncmp(sbegin,what,what_len)) {

+	while(sbegin+what_len <= str_end) {

+		while(sbegin+what_len<=str_end && !strncmp(sbegin,what,what_len)) {

 			const char* src = sbegin+what_len;

 			/* move string */

 			memmove(sbegin,src,str_end-src+1);

@@ -19,6 +19,9 @@

  *  MA 02110-1301, USA.

  *

  *  $Log: regex_list.c,v $

+ *  Revision 1.2  2006/09/16 15:49:27  acab

+ *  phishing: fixed bugs and updated docs

+ *

  *  Revision 1.1  2006/09/12 19:38:39  acab

  *  Phishing module merge - libclamav

  *

@@ -232,9 +235,11 @@ int regex_list_match(struct regex_matcher* matcher,const char* real_url,const ch

 			return CL_EMEM;

 		strncpy(buffer,real_url,real_len);

-		buffer[real_len]=' ';

+		buffer[real_len]=hostOnly ? '\0' : ' ';

+		if(!hostOnly) {

 		strncpy(buffer+real_len+1,display_url,display_len);

 		buffer[buffer_len]=0;

+		}

 		cli_dbgmsg("Looking up in regex_list: %s\n");

 		rc = cli_ac_scanbuff(buffer,buffer_len,info,hostOnly ? matcher->root_hosts : matcher->root_urls,&partcnt,0,0,&partoff,0,-1,NULL);

@@ -359,7 +364,7 @@ int init_regex_list(struct regex_matcher* matcher)

  * although the name might be confusing, @pattern is not a regex!*/

 static int add_regex_list_element(struct cli_matcher* root,const char* pattern,char* info)

 {

-       int ret;

+       int ret,i;

        struct cli_ac_patt *new = cli_calloc(1,sizeof(*new));

        size_t len;

@@ -386,7 +391,8 @@ static int add_regex_list_element(struct cli_matcher* root,const char* pattern,c

 	       free(new);

 	       return CL_EMEM;

        }

-       strncpy((char*)new->pattern,(const char*)pattern,len);

+       for(i=0;i<len;i++)

+	       new->pattern[i]=pattern[i];/*new->pattern is short int* */

        new->virname = info;

        if((ret = cli_ac_addpatt(root,new))) {

@@ -462,7 +468,7 @@ int load_regex_matcher(struct regex_matcher* matcher,FILE* fd,unsigned int optio

 			return CL_EMALFDB;

 		}

 		pattern[0]='\0';

-		flags=buffer+1;

+		flags=strdup(buffer+1);

 		pattern++;

 		if(buffer[0] == 'R') {

 			if(( rc = add_pattern(matcher,(const unsigned char*)pattern,flags) ))

@@ -724,7 +730,7 @@ struct token_t

 	size_t len;

 	char   type;

 	union {

-		const unsigned char* start;

+		unsigned char* start;

 		char_bitmap_p        bitmap;

 	} u;

 };

@@ -740,7 +746,7 @@ static const unsigned char* getNextToken(const unsigned char* pat,struct token_t

 		case '\\':

 			token->type=TOKEN_CHAR;

 			token->u.start = ++pat;

-			if(islower(token->u.start)) {

+			if(islower(*token->u.start)) {

 				/* handle \n, \t, etc. */

 				char c;

 				if(snprintf(&c,1,"\%c",token->u.start)!=1)

@@ -1239,6 +1245,8 @@ static int match_node(struct tree_node* node,const unsigned char* c,size_t len,c

 	assert(c);

 	assert(info);

+	if(!node->u.children)

+		return MATCH_FAILED;/* tree empty */

 	*info = NULL;

 	len++;

 	c--;