snuffleupagus/src, branch log2file

snuffleupagus/src, branch log2file Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! http://git.dustri.org/snuffleupagus/atom?h=log2file 2025-10-24T21:55:13Z feat(log): add the possibility to log to a file 2025-10-24T21:55:13Z jvoisin 2025-10-24T21:50:18Z urn:sha1:6ea4278a512bc9f1f816844222e65a4ea670db8e fix(unserialize): don't bail in simulation mode when there's no HMAC 2025-10-24T21:55:10Z jvoisin 2025-10-24T21:49:49Z urn:sha1:a167c4d23feb03e6c5b53f41724bbfcb813bf04b Add a test 2025-10-14T18:51:37Z jvoisin 2025-10-14T18:51:37Z urn:sha1:f06cafcfbced1af4978fbaf7f74f9c4f8045e0c5 fix(log): systematically drop when .drop() is used 2025-10-02T13:22:08Z jvoisin 2025-10-02T13:22:08Z urn:sha1:da8c7aebc5602c04b771ada71a098ccb23d83a48 When the `php` logging facility is used, the error could have been caught by using `set_error_handler` and whatnot. This commit ensures that if the `.drop()` option is set, we're calling `zend_bailout()` that can't be caught. An attacker could have used this issue to silently perform some recon of the running environment. This isn't considered a vulnerability as an attacker with arbitrary php code execution can simply use the use-after-free of the day to gain arbitrary (native) code execution anyway, after detecting that Snuffleupagus is in use, to take little risks of detection. Rename a handful of global constants 2025-10-02T10:16:29Z jvoisin 2025-10-02T10:16:29Z urn:sha1:09bc3ffc8734cf2437e14ab123c7b732db53b836 Fix a cookie-related warning for PHP8.5.0 2025-10-01T11:59:45Z jvoisin 2025-10-01T11:44:06Z urn:sha1:9509733befcb4010bc77b06fcf41e77078976e80 ``` ========DIFF======== 001- OK 001+ Fatal error: Uncaught ValueError: setcookie(): "partitioned" option cannot be used without "secure" option in /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php:2 002+ Stack trace: 003+ #0 /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php(2): setcookie('super_cookie', 'super_value') 004+ #1 {main} 005+ thrown in /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php on line 2 ========DONE======== FAIL Cookie samesite [tests/samesite_cookies.phpt] ``` Even though the warning might be spurious, let's fix this properly, by initialising `partitioned` to false, and by setting it only if `secure` is set as well. Add support for PHP8.5 2025-09-01T11:49:08Z jvoisin 2025-08-31T14:05:44Z urn:sha1:ee5e383c6bbca94d5f93134510468b3fe87a470c Bump the changelog 2025-08-19T18:54:00Z jvoisin 2025-08-19T18:54:00Z urn:sha1:1c7598c432551d0c49c2c57f249ccd5ccabce638 Fix a NULL-ptr deref 2025-08-17T14:13:51Z jvoisin 2025-08-17T14:13:51Z urn:sha1:c25c8a1f25bf5ed40fbbd8642d72865dd68d054d ``` Program terminated with signal SIGSEGV, Segmentation fault. 20 if (!(func->common.function_name)) { (gdb) info locals func = 0x0 function_name = 0xffb25f6d0190 "SearchByCallback" complete_path_function = 0xffb26c8a0570 "\240\005\212l\262\377" ``` It seems that in some callback shenanigans, there is currently no non-NULL `func` member in execute_data. PHP truly is marvelous. This should close #515 fix: Build PHP 2025-07-15T20:36:00Z Pierre Tondereau 2025-07-15T18:16:08Z urn:sha1:7e56fe6cbaac489d8449962730f37a025d15cfeb