introduced suhosin.log.max_error_length to limit log length (#105)loglength

author: Ben Fuhrmannek 2016-07-30 19:27:12 +0200
committer: Ben Fuhrmannek 2016-07-30 19:27:12 +0200
commit: 11c4ca8e14c6b0a94e95f8c70daa3e3c47a15d26 (patch)
tree: 13b8797668c2077ad6f198ea1220f79c30991d5b
parent: 9cdaaab816f3cc52bfe6346fd29242936c6bca75 (diff)
4 files changed, 28 insertions, 6 deletions
diff --git a/log.c b/log.c
index eae3841..a956d1a 100644
--- a/log.c
+++ b/log.c
@@ -107,8 +107,8 @@ PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
        unsigned short etype;
        DWORD evid;
 #endif
-        char buf[5000];
+        char buf[5000] = {0};
-        char error[5000];
+        char error[5000] = {0};
        char *ip_address;
        char *fname;
        char *alertstring;
@@ -146,6 +146,9 @@ PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
        va_start(ap, fmt);
        ap_php_vsnprintf(error, sizeof(error), fmt, ap);
        va_end(ap);
+        if (SUHOSIN_G(log_max_error_length) > 0 && SUHOSIN_G(log_max_error_length) < (sizeof(error) - 4)) {
+                memcpy(error + SUHOSIN_G(log_max_error_length), "...", 4);
+        }
        while (error[i]) {
                if (error[i] < 32) error[i] = '.';
                i++;
@@ -437,5 +440,3 @@ SDEBUG("scriptname %s", SUHOSIN_G(log_phpscriptname));
 * vim600: noet sw=4 ts=4 fdm=marker
 * vim<600: noet sw=4 ts=4
 */
diff --git a/php_suhosin.h b/php_suhosin.h
index 39cd9b1..4d44bda 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -236,7 +236,8 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
        long    log_file;
        char    *log_filename;
        zend_bool log_file_time;
+        long log_max_error_length;
+        
 /*      header handler */
        zend_bool allow_multiheader;
diff --git a/suhosin.c b/suhosin.c
index d95b92f..8336561 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -789,7 +789,8 @@ static zend_ini_entry shared_ini_entries[] = {
 ZEND_INI_END()
 
 PHP_INI_BEGIN()
-    ZEND_INI_ENTRY("suhosin.perdir",            "0",            ZEND_INI_SYSTEM,        OnUpdateSuhosin_perdir)
+        STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals)
+        ZEND_INI_ENTRY("suhosin.perdir",                "0",            ZEND_INI_SYSTEM,        OnUpdateSuhosin_perdir)
        STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal",            "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateExecLong, executor_include_max_traversal,       zend_suhosin_globals,   suhosin_globals)
        ZEND_INI_ENTRY("suhosin.executor.include.whitelist",    NULL,           ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdate_include_whitelist)
        ZEND_INI_ENTRY("suhosin.executor.include.blacklist",    NULL,           ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdate_include_blacklist)
diff --git a/tests/logging/log_max_error_length.phpt b/tests/logging/log_max_error_length.phpt
new file mode 100644
index 0000000..e6984c7
--- /dev/null
+++ b/tests/logging/log_max_error_length.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Testing: suhosin.log.use-x-forwarded-for=On (without X-Forwarded-For set)
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.script=0
+suhosin.log.file=255
+suhosin.log.file.time=0
+suhosin.log.max_error_length=20
+suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp
+auto_append_file={PWD}/suhosintest.$$.log.tmp
+--FILE--
+<?php
+        ini_set("memory_limit", "-1");
+?>
+--EXPECTF--
+ALERT - script tried to disa... %s
author	Ben Fuhrmannek	2016-07-30 19:27:12 +0200
committer	Ben Fuhrmannek	2016-07-30 19:27:12 +0200
commit	11c4ca8e14c6b0a94e95f8c70daa3e3c47a15d26 (patch)
tree	13b8797668c2077ad6f198ea1220f79c30991d5b
parent	9cdaaab816f3cc52bfe6346fd29242936c6bca75 (diff)

diff --git a/log.c b/log.c index eae3841..a956d1a 100644 --- a/log.c +++ b/log.c
@@ -107,8 +107,8 @@ PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
107	unsigned short etype;	107	unsigned short etype;
108	DWORD evid;	108	DWORD evid;
109	#endif	109	#endif
110	char buf[5000];	110	char buf[5000] = {0};
111	char error[5000];	111	char error[5000] = {0};
112	char *ip_address;	112	char *ip_address;
113	char *fname;	113	char *fname;
114	char *alertstring;	114	char *alertstring;
@@ -146,6 +146,9 @@ PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
146	va_start(ap, fmt);	146	va_start(ap, fmt);
147	ap_php_vsnprintf(error, sizeof(error), fmt, ap);	147	ap_php_vsnprintf(error, sizeof(error), fmt, ap);
148	va_end(ap);	148	va_end(ap);
		149	if (SUHOSIN_G(log_max_error_length) > 0 && SUHOSIN_G(log_max_error_length) < (sizeof(error) - 4)) {
		150	memcpy(error + SUHOSIN_G(log_max_error_length), "...", 4);
		151	}
149	while (error[i]) {	152	while (error[i]) {
150	if (error[i] < 32) error[i] = '.';	153	if (error[i] < 32) error[i] = '.';
151	i++;	154	i++;
@@ -437,5 +440,3 @@ SDEBUG("scriptname %s", SUHOSIN_G(log_phpscriptname));
437	* vim600: noet sw=4 ts=4 fdm=marker	440	* vim600: noet sw=4 ts=4 fdm=marker
438	* vim<600: noet sw=4 ts=4	441	* vim<600: noet sw=4 ts=4
439	*/	442	*/
440
441


diff --git a/php_suhosin.h b/php_suhosin.h index 39cd9b1..4d44bda 100644 --- a/php_suhosin.h +++ b/php_suhosin.h
@@ -236,7 +236,8 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
236	long log_file;	236	long log_file;
237	char *log_filename;	237	char *log_filename;
238	zend_bool log_file_time;	238	zend_bool log_file_time;
239		239	long log_max_error_length;
		240
240	/* header handler */	241	/* header handler */
241	zend_bool allow_multiheader;	242	zend_bool allow_multiheader;
242		243


diff --git a/suhosin.c b/suhosin.c index d95b92f..8336561 100644 --- a/suhosin.c +++ b/suhosin.c
@@ -789,7 +789,8 @@ static zend_ini_entry shared_ini_entries[] = {
789	ZEND_INI_END()	789	ZEND_INI_END()
790		790
791	PHP_INI_BEGIN()	791	PHP_INI_BEGIN()
792	ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)	792	STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals)
		793	ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)
793	STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal", "0", ZEND_INI_PERDIR\|ZEND_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal, zend_suhosin_globals, suhosin_globals)	794	STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal", "0", ZEND_INI_PERDIR\|ZEND_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal, zend_suhosin_globals, suhosin_globals)
794	ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR\|ZEND_INI_SYSTEM, OnUpdate_include_whitelist)	795	ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR\|ZEND_INI_SYSTEM, OnUpdate_include_whitelist)
795	ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR\|ZEND_INI_SYSTEM, OnUpdate_include_blacklist)	796	ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR\|ZEND_INI_SYSTEM, OnUpdate_include_blacklist)


diff --git a/tests/logging/log_max_error_length.phpt b/tests/logging/log_max_error_length.phpt new file mode 100644 index 0000000..e6984c7 --- /dev/null +++ b/tests/logging/log_max_error_length.phpt
@@ -0,0 +1,19 @@
		1	--TEST--
		2	Testing: suhosin.log.use-x-forwarded-for=On (without X-Forwarded-For set)
		3	--SKIPIF--
		4	<?php include "../skipifnotcli.inc"; ?>
		5	--INI--
		6	suhosin.log.syslog=0
		7	suhosin.log.sapi=0
		8	suhosin.log.script=0
		9	suhosin.log.file=255
		10	suhosin.log.file.time=0
		11	suhosin.log.max_error_length=20
		12	suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp
		13	auto_append_file={PWD}/suhosintest.$$.log.tmp
		14	--FILE--
		15	<?php
		16	ini_set("memory_limit", "-1");
		17	?>
		18	--EXPECTF--
		19	ALERT - script tried to disa... %s