1.70b: improve SQL syntax detection and allocator flag cleanup

- Improved SQL syntax detection slightly to avoid phone number FP. - Removed obsolete allocator flags.
2010-11-17 22:05:27 -05:00 · 2010-11-17 22:05:27 -05:00 · e5f6c3e1b1
parent 69e6c20648
commit e5f6c3e1b1
6 changed files with 13 additions and 15 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Version 1.70b:
+--------------
+
+  - Improved SQL syntax detection slightly to avoid phone number FP.
+
+  - Removed obsolete allocator flags.
+
 Version 1.69b:
 --------------

--- a/5
+++ b/5
@ -20,15 +20,14 @@
 #

 PROGNAME   = skipfish
-VERSION    = 1.69b
+VERSION    = 1.70b

 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
             database.h crawler.h analysis.h config.h report.h

 CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -I/usr/local/include/ \
-             -I/opt/local/include/ $(CFLAGS) -D_FORTIFY_SOURCE=0 \
-             -DVERSION=\"$(VERSION)\"
+             -I/opt/local/include/ $(CFLAGS) -DVERSION=\"$(VERSION)\"
 CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 $(CFLAGS_GEN) 
 CFLAGS_OPT = -O3 -Wno-format $(CFLAGS_GEN)

--- a/analysis.c
+++ b/analysis.c
@ -386,7 +386,7 @@ static u8* make_up_form_value(u8* name, struct http_request* req,
 }


-/* Helper for collect_form_data() - checks for a probable anti-XSRF token
+/* Helper for collect_form_data() - checks for probable anti-XSRF token
   values. */

 static u8 maybe_xsrf(u8* token) {
--- a/config.h
+++ b/config.h
@ -124,7 +124,7 @@
  "?_test1=ccddeeeimmnossstwwxy.:\\\\\\" \
  "&_test2=acdepsstw//" \
  "&_test3=bhins//" \
-  "&_test4=CEEFLMORSTeeinnnosttx--*" \
+  "&_test4=CEEFLMORSTeeinnnosttx-*" \
  "&_test5=cefhilnosu///" \
  "&_test6=acceiilpprrrssttt1)(" \
  "&_test7=aaaceijlprrsttv1):("
--- a/report.c
+++ b/report.c
@ -130,8 +130,8 @@ static void sort_annotate_pivot(struct pivot_desc* pv) {

  if (pv->fuzz_par != -1 && !pv->bogus_par &&
      (((q1 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], '(')) &&
-        (q2 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], ')')) && q1 < q2)
-      ||
+        (q2 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], ')')) && q1 < q2 &&
+         !isdigit(q1[1])) ||
      ((inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)"SELECT ") || 
        inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)"DELETE ") ) &&
        inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)" FROM ")) ||
--- a/skipfish.c
+++ b/skipfish.c
@ -49,12 +49,6 @@ struct __AD_trk_obj* __AD_trk[ALLOC_BUCKETS];
 u32 __AD_trk_cnt[ALLOC_BUCKETS];
 #endif /* DEBUG_ALLOCATOR */

-
-/* *BSD where J or Z is set are incompatible with our allocator. */
-const char* malloc_options  = "jz";
-const char* _malloc_options = "jz";
-
-
 /* Ctrl-C handler... */

 static u8 stop_soon, clear_screen;
@ -200,8 +194,6 @@ int main(int argc, char** argv) {
  struct timeval tv;
  u64 st_time, en_time;

-  unsetenv("MALLOC_CHECK_");
-
  signal(SIGINT, ctrlc_handler);
  signal(SIGWINCH, resize_handler);
  signal(SIGPIPE, SIG_IGN);