JS normalizer fixes (bb #1155)

git-svn: trunk@4202
17 years ago · 6a53bbdf9a
parent 1279faf61e
commit 6a53bbdf9a
4 changed files with 44 additions and 26 deletions
--- a/libclamav/htmlnorm.c
+++ b/libclamav/htmlnorm.c
@ -579,6 +579,26 @@ static void screnc_decode(unsigned char *ptr, struct screnc_state *s)
 	}
 }

+static void js_process(struct parser_state *js_state, const char *js_begin, const char *js_end,
+		const char *line, const char *ptr, int in_script, const char *dirname)
+{
+	if(!js_begin)
+		js_begin = line;
+	if(!js_end)
+		js_end = ptr;
+	if(js_end > js_begin &&
+			CLI_ISCONTAINED(line, 8192, js_begin, 1) &&
+			CLI_ISCONTAINED(line, 8192, js_end, 1)) {
+		cli_js_process_buffer(js_state, js_begin, js_end - js_begin);
+	}
+	if(!in_script) {
+		/*  we found a /script, normalize script now */
+		cli_js_parse_done(js_state);
+		cli_js_output(js_state, dirname);
+		cli_js_destroy(js_state);
+	}
+}
+
 static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag_arguments_t *hrefs,const struct cli_dconf* dconf)
 {
 	int fd_tmp, tag_length, tag_arg_length, binary;
@ -1021,8 +1041,12 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 					next_state = HTML_NORM;
 					if (strcmp(tag, "/script") == 0) {
 						in_script = FALSE;
-						if(js_state)
+						if(js_state) {
 							js_end = ptr;
+							js_process(js_state, js_begin, js_end, line, ptr, in_script, dirname);
+							js_state = NULL;
+							js_begin = js_end = NULL;
+						}
 						/*don't output newlines in nocomment.html
 						 * html_output_c(file_buff_o2, '\n');*/
 					}
@ -1054,15 +1078,15 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 						next_state = HTML_JSDECODE;
 						/* we already output the old tag, output the new tag now */
 						html_output_tag(file_buff_o2, tag, &tag_args);
-					} else if(strcmp(tag, "script") == 0) {
-						in_script = TRUE;
-						if(dconf_js && !js_state) {
-							js_state = cli_js_init();
-							if(!js_state) {
-								cli_dbgmsg("htmlnorm: Failed to initialize js parser");
-							}
-							js_begin = ptr;
+					}
+					in_script = TRUE;
+					if(dconf_js && !js_state) {
+						js_state = cli_js_init();
+						if(!js_state) {
+							cli_dbgmsg("htmlnorm: Failed to initialize js parser");
 						}
+						js_begin = ptr;
+						js_end = NULL;
 					}
 				} else if(strcmp(tag, "%@") == 0) {
 					arg_value = html_tag_arg_value(&tag_args, "language");
@ -1332,7 +1356,8 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 				look_for_screnc = TRUE;
 				ptr_screnc = strstr(ptr, "#@~^");
 				if(ptr_screnc) {
-					*ptr_screnc = '\0';
+					ptr_screnc[0] = '/';
+					ptr_screnc[1] = '/';
 					ptr_screnc += 4;
 				}
 				state = next_state;
@ -1341,6 +1366,8 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 			case HTML_JSDECODE:
 				/* Check for start marker */
 				if (strncmp(ptr, "#@~^", 4) == 0) {
+					ptr[0] = '/';
+					ptr[1] = '/';
 					ptr += 4;
 					state = HTML_JSDECODE_LENGTH;
 					next_state = HTML_BAD_STATE;
@ -1367,12 +1394,13 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 				state = HTML_JSDECODE_DECRYPT;
 				in_screnc = TRUE;
 				next_state = HTML_BAD_STATE;
+				/* for JS normalizer */
+				ptr[7] = '\n';
 				ptr += 8;
 				break;
 			case HTML_JSDECODE_DECRYPT:
 				screnc_decode(ptr, &screnc_state);
 				if(!screnc_state.length) {
-					html_output_str(file_buff_o2, "</script>\n", 10);
 					state = HTML_NORM;
 					next_state = HTML_BAD_STATE;
 					in_screnc = FALSE;
@ -1581,22 +1609,9 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
 		ptrend = NULL;

 		if(js_state) {
-			if(!js_begin)
-				js_begin = line;
-			if(!js_end)
-				js_end = ptr;
-			if(js_end > js_begin &&
-					CLI_ISCONTAINED(line, 8192, js_begin, 1) &&
-					CLI_ISCONTAINED(line, 8192, js_end, 1)) {
-
-				cli_js_process_buffer(js_state, js_begin, js_end - js_begin);
-			}
+			js_process(js_state, js_begin, js_end, line, ptr, in_script, dirname);
 			js_begin = js_end = NULL;
 			if(!in_script) {
-				/*  we found a /script, normalize script now */
-				cli_js_parse_done(js_state);
-				cli_js_output(js_state, dirname);
-				cli_js_destroy(js_state);
 				js_state = NULL;
 			}
 		}
--- a/unit_tests/check_clamav.c
+++ b/unit_tests/check_clamav.c
@ -337,7 +337,8 @@ void diff_file_mem(int fd, const char *ref, size_t len)
 	char *buf = cli_malloc(len);

 	fail_unless(!!buf, "unable to malloc buffer: %d", len);
-	fail_unless(read(fd, buf, len) == len,  "file is smaller: %lu, expected: %lu", p, len);
+	p = read(fd, buf, len);
+	fail_unless(p == len,  "file is smaller: %lu, expected: %lu", p, len);
 	p = 0;
 	while(len > 0) {
 		char c1 = ref[p];
--- a/unit_tests/check_htmlnorm.c
+++ b/unit_tests/check_htmlnorm.c
@ -21,6 +21,7 @@
 */
 #include <check.h>
 #include <fcntl.h>
+#include <string.h>
 #include "checks.h"
 #include "../libclamav/dconf.h"
 #include "../libclamav/htmlnorm.h"
--- a/unit_tests/check_jsnorm.c
+++ b/unit_tests/check_jsnorm.c
@ -413,6 +413,7 @@ START_TEST (js_buffer)
 	strncpy(exp + sizeof(s_exp) + len - 2, e_exp, sizeof(e_exp));

 	tokenizer_test(tst,exp,1);
+	free(exp);
 	free(tst);
 }
 END_TEST