1.70b: improve SQL syntax detection and allocator flag cleanup
- Improved SQL syntax detection slightly to avoid phone number FP. - Removed obsolete allocator flags.
This commit is contained in:
parent
69e6c20648
commit
e5f6c3e1b1
|
@ -1,3 +1,10 @@
|
|||
Version 1.70b:
|
||||
--------------
|
||||
|
||||
- Improved SQL syntax detection slightly to avoid phone number FP.
|
||||
|
||||
- Removed obsolete allocator flags.
|
||||
|
||||
Version 1.69b:
|
||||
--------------
|
||||
|
||||
|
|
5
Makefile
5
Makefile
|
@ -20,15 +20,14 @@
|
|||
#
|
||||
|
||||
PROGNAME = skipfish
|
||||
VERSION = 1.69b
|
||||
VERSION = 1.70b
|
||||
|
||||
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
||||
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
||||
database.h crawler.h analysis.h config.h report.h
|
||||
|
||||
CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -I/usr/local/include/ \
|
||||
-I/opt/local/include/ $(CFLAGS) -D_FORTIFY_SOURCE=0 \
|
||||
-DVERSION=\"$(VERSION)\"
|
||||
-I/opt/local/include/ $(CFLAGS) -DVERSION=\"$(VERSION)\"
|
||||
CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 $(CFLAGS_GEN)
|
||||
CFLAGS_OPT = -O3 -Wno-format $(CFLAGS_GEN)
|
||||
|
||||
|
|
|
@ -386,7 +386,7 @@ static u8* make_up_form_value(u8* name, struct http_request* req,
|
|||
}
|
||||
|
||||
|
||||
/* Helper for collect_form_data() - checks for a probable anti-XSRF token
|
||||
/* Helper for collect_form_data() - checks for probable anti-XSRF token
|
||||
values. */
|
||||
|
||||
static u8 maybe_xsrf(u8* token) {
|
||||
|
|
2
config.h
2
config.h
|
@ -124,7 +124,7 @@
|
|||
"?_test1=ccddeeeimmnossstwwxy.:\\\\\\" \
|
||||
"&_test2=acdepsstw//" \
|
||||
"&_test3=bhins//" \
|
||||
"&_test4=CEEFLMORSTeeinnnosttx--*" \
|
||||
"&_test4=CEEFLMORSTeeinnnosttx-*" \
|
||||
"&_test5=cefhilnosu///" \
|
||||
"&_test6=acceiilpprrrssttt1)(" \
|
||||
"&_test7=aaaceijlprrsttv1):("
|
||||
|
|
4
report.c
4
report.c
|
@ -130,8 +130,8 @@ static void sort_annotate_pivot(struct pivot_desc* pv) {
|
|||
|
||||
if (pv->fuzz_par != -1 && !pv->bogus_par &&
|
||||
(((q1 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], '(')) &&
|
||||
(q2 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], ')')) && q1 < q2)
|
||||
||
|
||||
(q2 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], ')')) && q1 < q2 &&
|
||||
!isdigit(q1[1])) ||
|
||||
((inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)"SELECT ") ||
|
||||
inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)"DELETE ") ) &&
|
||||
inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)" FROM ")) ||
|
||||
|
|
|
@ -49,12 +49,6 @@ struct __AD_trk_obj* __AD_trk[ALLOC_BUCKETS];
|
|||
u32 __AD_trk_cnt[ALLOC_BUCKETS];
|
||||
#endif /* DEBUG_ALLOCATOR */
|
||||
|
||||
|
||||
/* *BSD where J or Z is set are incompatible with our allocator. */
|
||||
const char* malloc_options = "jz";
|
||||
const char* _malloc_options = "jz";
|
||||
|
||||
|
||||
/* Ctrl-C handler... */
|
||||
|
||||
static u8 stop_soon, clear_screen;
|
||||
|
@ -200,8 +194,6 @@ int main(int argc, char** argv) {
|
|||
struct timeval tv;
|
||||
u64 st_time, en_time;
|
||||
|
||||
unsetenv("MALLOC_CHECK_");
|
||||
|
||||
signal(SIGINT, ctrlc_handler);
|
||||
signal(SIGWINCH, resize_handler);
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
|
Loading…
Reference in New Issue