diff options
| author | Ben Fuhrmannek | 2014-07-16 13:21:21 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2014-07-16 18:51:37 +0200 |
| commit | ace8fdae3788ca4381a17a14bc4d5acd0cd98709 (patch) | |
| tree | b7f055897b3ab1016e1d7d66e26dff9d3f3c8e5f | |
| parent | f9bb4240aee34029450951394e4d0474f34a3a51 (diff) | |
rewrite of register_server_variables - less redundancy (may be slower though)
| -rw-r--r-- | ifilter.c | 72 |
1 files changed, 31 insertions, 41 deletions
| @@ -150,7 +150,6 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen) | |||
| 150 | 150 | ||
| 151 | temp = (unsigned char *)Z_STRVAL_PP(tzval); | 151 | temp = (unsigned char *)Z_STRVAL_PP(tzval); |
| 152 | 152 | ||
| 153 | t = temp; | ||
| 154 | for (t = temp; *t; t++) { | 153 | for (t = temp; *t; t++) { |
| 155 | if (suhosin_is_dangerous_char[*t]) { | 154 | if (suhosin_is_dangerous_char[*t]) { |
| 156 | extra += 2; | 155 | extra += 2; |
| @@ -186,54 +185,45 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen) | |||
| 186 | */ | 185 | */ |
| 187 | void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC) | 186 | void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC) |
| 188 | { | 187 | { |
| 189 | HashTable *svars; | 188 | HashTable *svars; |
| 190 | int retval, failure=0; | 189 | int retval, failure=0, i; |
| 191 | |||
| 192 | orig_register_server_variables(track_vars_array TSRMLS_CC); | ||
| 193 | 190 | ||
| 194 | svars = Z_ARRVAL_P(track_vars_array); | 191 | char *varnames[] = { |
| 195 | 192 | "HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_COOKIE_VARS", | |
| 193 | "HTTP_ENV_VARS", "HTTP_SERVER_VARS", "HTTP_SESSION_VARS", | ||
| 194 | "HTTP_POST_FILES", "HTTP_RAW_POST_DATA", | ||
| 195 | NULL | ||
| 196 | }; | ||
| 197 | |||
| 198 | orig_register_server_variables(track_vars_array TSRMLS_CC); | ||
| 199 | |||
| 200 | svars = Z_ARRVAL_P(track_vars_array); | ||
| 196 | if (!SUHOSIN_G(simulation)) { | 201 | if (!SUHOSIN_G(simulation)) { |
| 197 | retval = zend_hash_del(svars, "HTTP_GET_VARS", sizeof("HTTP_GET_VARS")); | 202 | for (i = 0; varnames[i]; i++) { |
| 198 | if (retval == SUCCESS) failure = 1; | 203 | retval = zend_hash_del(svars, varnames[i], strlen(varnames[i])+1); |
| 199 | retval = zend_hash_del(svars, "HTTP_POST_VARS", sizeof("HTTP_POST_VARS")); | 204 | if (retval == SUCCESS) failure = 1; |
| 200 | if (retval == SUCCESS) failure = 1; | 205 | } |
| 201 | retval = zend_hash_del(svars, "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS")); | ||
| 202 | if (retval == SUCCESS) failure = 1; | ||
| 203 | retval = zend_hash_del(svars, "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS")); | ||
| 204 | if (retval == SUCCESS) failure = 1; | ||
| 205 | retval = zend_hash_del(svars, "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS")); | ||
| 206 | if (retval == SUCCESS) failure = 1; | ||
| 207 | retval = zend_hash_del(svars, "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")); | ||
| 208 | if (retval == SUCCESS) failure = 1; | ||
| 209 | retval = zend_hash_del(svars, "HTTP_POST_FILES", sizeof("HTTP_POST_FILES")); | ||
| 210 | if (retval == SUCCESS) failure = 1; | ||
| 211 | retval = zend_hash_del(svars, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA")); | ||
| 212 | if (retval == SUCCESS) failure = 1; | ||
| 213 | } else { | 206 | } else { |
| 214 | retval = zend_hash_exists(svars, "HTTP_GET_VARS", sizeof("HTTP_GET_VARS")); | 207 | for (i = 0; varnames[i]; i++) { |
| 215 | retval+= zend_hash_exists(svars, "HTTP_POST_VARS", sizeof("HTTP_POST_VARS")); | 208 | if (zend_hash_exists(svars, varnames[i], strlen(varnames[i])+1)) { |
| 216 | retval+= zend_hash_exists(svars, "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS")); | 209 | failure = 1; |
| 217 | retval+= zend_hash_exists(svars, "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS")); | 210 | break; |
| 218 | retval+= zend_hash_exists(svars, "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS")); | 211 | } |
| 219 | retval+= zend_hash_exists(svars, "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")); | 212 | } |
| 220 | retval+= zend_hash_exists(svars, "HTTP_POST_FILES", sizeof("HTTP_POST_FILES")); | 213 | } |
| 221 | retval+= zend_hash_exists(svars, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA")); | 214 | |
| 222 | if (retval > 0) failure = 1; | 215 | if (failure) { |
| 216 | suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header"); | ||
| 223 | } | 217 | } |
| 224 | |||
| 225 | if (failure) { | ||
| 226 | suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header"); | ||
| 227 | } | ||
| 228 | 218 | ||
| 229 | if (SUHOSIN_G(raw_cookie)) { | 219 | if (SUHOSIN_G(raw_cookie)) { |
| 230 | zval *z; | 220 | zval *z; |
| 231 | MAKE_STD_ZVAL(z); | 221 | MAKE_STD_ZVAL(z); |
| 232 | ZVAL_STRING(z, SUHOSIN_G(raw_cookie), 1); | 222 | ZVAL_STRING(z, SUHOSIN_G(raw_cookie), 1); |
| 233 | zend_hash_add(svars, "RAW_HTTP_COOKIE", sizeof("RAW_HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); | 223 | zend_hash_add(svars, "RAW_HTTP_COOKIE", sizeof("RAW_HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); |
| 234 | } | 224 | } |
| 235 | if (SUHOSIN_G(decrypted_cookie)) { | 225 | if (SUHOSIN_G(decrypted_cookie)) { |
| 236 | zval *z; | 226 | zval *z; |
| 237 | MAKE_STD_ZVAL(z); | 227 | MAKE_STD_ZVAL(z); |
| 238 | ZVAL_STRING(z, SUHOSIN_G(decrypted_cookie), 0); | 228 | ZVAL_STRING(z, SUHOSIN_G(decrypted_cookie), 0); |
| 239 | zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); | 229 | zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); |