summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Fuhrmannek2014-07-09 13:55:58 +0200
committerBen Fuhrmannek2014-07-09 13:55:58 +0200
commit84996270798fccffe2da890ad7a7c270d298a6e8 (patch)
tree2e3d1e7bdc31138e28c666232888aa21a07484d6
parentf98d4e20ffc1238a0f84729573a46fcd8d550f1e (diff)
enforce SQL username check + return FALSE instead of bailout
Diffstat
-rw-r--r--execute.c51
-rw-r--r--tests/sql/mysqli_connect_invalid_username.phpt17
-rw-r--r--tests/sql/mysqli_user_match_ok.phpt2
3 files changed, 43 insertions, 27 deletions
diff --git a/execute.c b/execute.c
index 2f280b7..913a82b 100644
--- a/execute.c
+++ b/execute.c
@@ -1036,22 +1036,6 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1036 postfix = SUHOSIN_G(sql_user_postfix); 1036 postfix = SUHOSIN_G(sql_user_postfix);
1037 user_match = SUHOSIN_G(sql_user_match); 1037 user_match = SUHOSIN_G(sql_user_match);
1038 1038
1039 if ((prefix == NULL || prefix[0] == 0) &&
1040 (postfix == NULL || postfix[0] == 0) &&
1041 (user_match == NULL || user_match[0] == 0)) {
1042 return (0);
1043 }
1044
1045 if (prefix == NULL) {
1046 prefix = "";
1047 }
1048 if (postfix == NULL) {
1049 postfix = "";
1050 }
1051
1052 prefix_len = strlen(prefix);
1053 postfix_len = strlen(postfix);
1054
1055 arg_count = (unsigned long) *p; 1039 arg_count = (unsigned long) *p;
1056 1040
1057 if (ht < (long) ih->arg1) { 1041 if (ht < (long) ih->arg1) {
@@ -1074,38 +1058,53 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1074 if (*cp < 32) { 1058 if (*cp < 32) {
1075 suhosin_log(S_SQL, "SQL username contains invalid characters"); 1059 suhosin_log(S_SQL, "SQL username contains invalid characters");
1076 if (!SUHOSIN_G(simulation)) { 1060 if (!SUHOSIN_G(simulation)) {
1077 suhosin_bailout(TSRMLS_C); 1061 RETVAL_FALSE;
1062 return (1);
1078 } 1063 }
1079 } 1064 }
1080 cp++; 1065 cp++;
1081 } 1066 }
1082 1067
1083 MAKE_STD_ZVAL(my_user); 1068 if ((prefix != NULL && prefix[0]) || (postfix != NULL && postfix[0])) {
1084 my_user->type = IS_STRING; 1069 if (prefix == NULL) {
1085 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix); 1070 prefix = "";
1071 }
1072 if (postfix == NULL) {
1073 postfix = "";
1074 }
1075 prefix_len = strlen(prefix);
1076 postfix_len = strlen(postfix);
1077
1078 MAKE_STD_ZVAL(my_user);
1079 my_user->type = IS_STRING;
1080 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
1086 1081
1087 if (user_match && user_match[0]) { 1082 /* XXX: memory_leak? */
1083 *arg = my_user;
1084
1088 len = Z_STRLEN_P(my_user); 1085 len = Z_STRLEN_P(my_user);
1089 user = Z_STRVAL_P(my_user); 1086 user = Z_STRVAL_P(my_user);
1087 }
1088
1089 if (user_match && user_match[0]) {
1090#ifdef HAVE_FNMATCH 1090#ifdef HAVE_FNMATCH
1091 if (fnmatch(user_match, user, 0) != 0) { 1091 if (fnmatch(user_match, user, 0) != 0) {
1092 suhosin_log(S_SQL, "SQL username ('%s') does not match suhosin.sql.user_match ('%s')", user, user_match); 1092 suhosin_log(S_SQL, "SQL username ('%s') does not match suhosin.sql.user_match ('%s')", user, user_match);
1093 if (!SUHOSIN_G(simulation)) { 1093 if (!SUHOSIN_G(simulation)) {
1094 suhosin_bailout(TSRMLS_C); 1094 RETVAL_FALSE;
1095 return (1);
1095 } 1096 }
1096 } 1097 }
1097#else 1098#else
1098#warning no support for fnmatch() - setting suhosin.sql.user_match will always fail. 1099#warning no support for fnmatch() - setting suhosin.sql.user_match will always fail.
1099 suhosin_log(S_SQL, "suhosin.sql.user_match specified, but system does not support fnmatch()"); 1100 suhosin_log(S_SQL, "suhosin.sql.user_match specified, but system does not support fnmatch()");
1100 if (!SUHOSIN_G(simulation)) { 1101 if (!SUHOSIN_G(simulation)) {
1101 suhosin_bailout(TSRMLS_C); 1102 RETVAL_FALSE;
1103 return (1);
1102 } 1104 }
1103#endif 1105#endif
1104 } 1106 }
1105 1107
1106 /* XXX: memory_leak? */
1107 *arg = my_user;
1108
1109 SDEBUG("function: %s - user: %s", ih->name, user); 1108 SDEBUG("function: %s - user: %s", ih->name, user);
1110 1109
1111 return (0); 1110 return (0);
diff --git a/tests/sql/mysqli_connect_invalid_username.phpt b/tests/sql/mysqli_connect_invalid_username.phpt
new file mode 100644
index 0000000..532254f
--- /dev/null
+++ b/tests/sql/mysqli_connect_invalid_username.phpt
@@ -0,0 +1,17 @@
1--TEST--
2Mysqli connect with user_match not matching username
3--INI--
4extension=mysqli.so
5suhosin.log.stdout=32
6--SKIPIF--
7<?php
8include('skipifmysqli.inc');
9include('skipif.inc');
10?>
11--FILE--
12<?php
13include('connect.inc');
14$mysqli = new mysqli($host, "invalid\x01_username", $passwd, $db, $port, $socket);
15?>
16--EXPECTREGEX--
17ALERT - SQL username contains invalid characters.* \ No newline at end of file
diff --git a/tests/sql/mysqli_user_match_ok.phpt b/tests/sql/mysqli_user_match_ok.phpt
index 4d7a438..a2ad832 100644
--- a/tests/sql/mysqli_user_match_ok.phpt
+++ b/tests/sql/mysqli_user_match_ok.phpt
@@ -1,5 +1,5 @@
1--TEST-- 1--TEST--
2Mysqli connect with user_match not matching username 2Mysqli connect with user_match matching username
3--INI-- 3--INI--
4extension=mysqli.so 4extension=mysqli.so
5suhosin.sql.user_match=invalid_* 5suhosin.sql.user_match=invalid_*