snuffleupagus/src/sp_utils.c, branch log2file

snuffleupagus/src/sp_utils.c, branch log2file Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! http://git.dustri.org/snuffleupagus/atom?h=log2file 2025-10-24T21:55:13Z feat(log): add the possibility to log to a file 2025-10-24T21:55:13Z jvoisin 2025-10-24T21:50:18Z urn:sha1:6ea4278a512bc9f1f816844222e65a4ea670db8e fix(log): systematically drop when .drop() is used 2025-10-02T13:22:08Z jvoisin 2025-10-02T13:22:08Z urn:sha1:da8c7aebc5602c04b771ada71a098ccb23d83a48 When the `php` logging facility is used, the error could have been caught by using `set_error_handler` and whatnot. This commit ensures that if the `.drop()` option is set, we're calling `zend_bailout()` that can't be caught. An attacker could have used this issue to silently perform some recon of the running environment. This isn't considered a vulnerability as an attacker with arbitrary php code execution can simply use the use-after-free of the day to gain arbitrary (native) code execution anyway, after detecting that Snuffleupagus is in use, to take little risks of detection. Rename a handful of global constants 2025-10-02T10:16:29Z jvoisin 2025-10-02T10:16:29Z urn:sha1:09bc3ffc8734cf2437e14ab123c7b732db53b836 Fix a portability issue 2024-06-14T17:26:31Z jvoisin 2024-06-14T17:26:31Z urn:sha1:b005df282da43a2ba17b38e7da06a69353ea2845 This should fix the following compilation issue: ``` /wrkdirs/usr/ports/security/snuffleupagus/work-php83/snuffleupagus-0.10.0/src/sp_utils.c:438:37: error: too few arguments provided to function-like macro invocation 438 | memcpy(mb_name, ZEND_STRL("mb_")); | ^ /usr/include/ssp/string.h:117:9: note: macro 'memcpy' defined here 117 | #define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len) ``` Declare file local variables and functions static 2024-06-06T14:27:31Z Christian Göttsche 2024-05-29T18:38:33Z urn:sha1:d82ab8d20191a9ebdb83f918c62fc6c32f068b01 Avoid missing prototype warnings by declaring variables and functions that are only used in a single file static. Url encode functions arguments when logging them 2023-02-02T12:17:22Z jvoisin 2023-02-01T20:12:58Z urn:sha1:2dcf2a2d7578d1e43ee7e3fa69386ccc5afebbf0 Fix a possible NULL-byte truncation when outputting parameters in the logs 2023-02-01T19:35:23Z jvoisin 2023-02-01T19:35:23Z urn:sha1:f4d3c01bd196400548f5712223171007563ab834 Add sp.log_max_len 2023-01-31T19:25:14Z jvoisin 2023-01-31T19:16:21Z urn:sha1:78e451eaf99e8f239867def2d8220dfa348cc167 Portability improvements for PHP8.2 2022-12-09T19:03:22Z jvoisin 2022-12-08T20:08:38Z urn:sha1:110daa81c3b11ec102daf4ee634e2f3d2e9c5f36 Even more const! 2022-07-13T19:25:04Z jvoisin 2022-07-13T19:25:04Z urn:sha1:ed87e551efd0160f1944a5e97158ab258db65eaf