1.70b: improve SQL syntax detection and allocator flag cleanup

- Improved SQL syntax detection slightly to avoid phone number FP. - Removed obsolete allocator flags.
spinkham · Nov 18, 2010 · e5f6c3e · e5f6c3e
1 parent 69e6c20
commit e5f6c3e
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 15 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,10 @@
+Version 1.70b:
+--------------
+
+  - Improved SQL syntax detection slightly to avoid phone number FP.
+
+  - Removed obsolete allocator flags.
+
 Version 1.69b:
 --------------
 

diff --git a/Makefile b/Makefile
@@ -20,15 +20,14 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 1.69b
+VERSION    = 1.70b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
              database.h crawler.h analysis.h config.h report.h
 
 CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -I/usr/local/include/ \
-             -I/opt/local/include/ $(CFLAGS) -D_FORTIFY_SOURCE=0 \
-             -DVERSION=\"$(VERSION)\"
+             -I/opt/local/include/ $(CFLAGS) -DVERSION=\"$(VERSION)\"
 CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 $(CFLAGS_GEN) 
 CFLAGS_OPT = -O3 -Wno-format $(CFLAGS_GEN)
 

diff --git a/analysis.c b/analysis.c
@@ -386,7 +386,7 @@ static u8* make_up_form_value(u8* name, struct http_request* req,
 }
 
 
-/* Helper for collect_form_data() - checks for a probable anti-XSRF token
+/* Helper for collect_form_data() - checks for probable anti-XSRF token
    values. */
 
 static u8 maybe_xsrf(u8* token) {

diff --git a/config.h b/config.h
@@ -124,7 +124,7 @@
   "?_test1=ccddeeeimmnossstwwxy.:\\\\\\" \
   "&_test2=acdepsstw//" \
   "&_test3=bhins//" \
-  "&_test4=CEEFLMORSTeeinnnosttx--*" \
+  "&_test4=CEEFLMORSTeeinnnosttx-*" \
   "&_test5=cefhilnosu///" \
   "&_test6=acceiilpprrrssttt1)(" \
   "&_test7=aaaceijlprrsttv1):("

diff --git a/report.c b/report.c
@@ -130,8 +130,8 @@ static void sort_annotate_pivot(struct pivot_desc* pv) {
 
   if (pv->fuzz_par != -1 && !pv->bogus_par &&
       (((q1 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], '(')) &&
-        (q2 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], ')')) && q1 < q2)
-      ||
+        (q2 = (u8*)strchr((char*)pv->req->par.v[pv->fuzz_par], ')')) && q1 < q2 &&
+         !isdigit(q1[1])) ||
       ((inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)"SELECT ") || 
         inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)"DELETE ") ) &&
         inl_strcasestr(pv->req->par.v[pv->fuzz_par], (u8*)" FROM ")) ||

diff --git a/skipfish.c b/skipfish.c
@@ -49,12 +49,6 @@ struct __AD_trk_obj* __AD_trk[ALLOC_BUCKETS];
 u32 __AD_trk_cnt[ALLOC_BUCKETS];
 #endif /* DEBUG_ALLOCATOR */
 
-
-/* *BSD where J or Z is set are incompatible with our allocator. */
-const char* malloc_options  = "jz";
-const char* _malloc_options = "jz";
-
-
 /* Ctrl-C handler... */
 
 static u8 stop_soon, clear_screen;
@@ -200,8 +194,6 @@ int main(int argc, char** argv) {
   struct timeval tv;
   u64 st_time, en_time;
 
-  unsetenv("MALLOC_CHECK_");
-
   signal(SIGINT, ctrlc_handler);
   signal(SIGWINCH, resize_handler);
   signal(SIGPIPE, SIG_IGN);