1.82b: NULL pointer in is_javascript() fixed.

spinkham · Jan 10, 2011 · 0717375 · 0717375
1 parent a347341
commit 0717375
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Version 1.82b:
+--------------
+
+  - NULL pointer in is_javascript() fixed.
+
 Version 1.81b:
 --------------
 

diff --git a/Makefile b/Makefile
@@ -20,7 +20,7 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 1.81b
+VERSION    = 1.82b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \

diff --git a/analysis.c b/analysis.c
@@ -1176,7 +1176,10 @@ static u8 is_javascript(struct http_response* res) {
         end = text + strcspn((char*)text, "\r\n");
       } else if (text[1] == '*') {
         end = (u8*)strstr((char*)text + 2, "*/");
-        if (end) end += 2;
+        if (end) end += 2; else {
+          res->js_type = 1;
+          return 0;
+        }
       } else {
         res->js_type = 1;
         return 0;

diff --git a/crawler.c b/crawler.c
@@ -1184,7 +1184,7 @@ static u8 inject_check7_callback(struct http_request* req,
        misc[7] = 9 1 - (or orig 0 0 - -)
 
      If misc[0] == misc[1], but misc[0] != misc[2], probable (numeric) SQL
-     injection. Ditto for misc[2] == misc[6], but misc[6] != misc[7]. 
+     injection. Ditto for misc[1] == misc[6], but misc[6] != misc[7]. 
 
      If misc[3] != misc[4] and misc[3] != misc[5], probable text SQL 
      injection.