summaryrefslogtreecommitdiff
path: root/execute.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2014-07-09 12:47:03 +0200
committerBen Fuhrmannek2014-07-09 12:47:03 +0200
commit63de1053dfda1faca22a84afb82d6b1315b8db6e (patch)
treebd8cb94aad6977de6410b4dbf251672ac016532c /execute.c
parent93721fdd94f90d48b290749398a26cef277ad129 (diff)
added sql.user_match + username character check
Diffstat (limited to '')
-rw-r--r--execute.c51
1 files changed, 36 insertions, 15 deletions
diff --git a/execute.c b/execute.c
index 098b074..2f280b7 100644
--- a/execute.c
+++ b/execute.c
@@ -24,6 +24,7 @@
24#endif 24#endif
25 25
26#include <fcntl.h> 26#include <fcntl.h>
27#include <fnmatch.h>
27#include "php.h" 28#include "php.h"
28#include "php_ini.h" 29#include "php_ini.h"
29#include "zend_hash.h" 30#include "zend_hash.h"
@@ -1024,17 +1025,20 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1024 void **p = EG(argument_stack).top_element-2; 1025 void **p = EG(argument_stack).top_element-2;
1025#endif 1026#endif
1026 unsigned long arg_count; 1027 unsigned long arg_count;
1027 zval **arg;char *prefix, *postfix, *user; 1028 zval **arg;
1029 char *prefix, *postfix, *user, *user_match, *cp;
1028 zval *backup, *my_user; 1030 zval *backup, *my_user;
1029 int prefix_len, postfix_len, len; 1031 int prefix_len, postfix_len, len;
1030 1032
1031 SDEBUG("function: %s", ih->name); 1033 SDEBUG("function (fixusername): %s", ih->name);
1032 1034
1033 prefix = SUHOSIN_G(sql_user_prefix); 1035 prefix = SUHOSIN_G(sql_user_prefix);
1034 postfix = SUHOSIN_G(sql_user_postfix); 1036 postfix = SUHOSIN_G(sql_user_postfix);
1037 user_match = SUHOSIN_G(sql_user_match);
1035 1038
1036 if ((prefix == NULL || prefix[0] == 0)&& 1039 if ((prefix == NULL || prefix[0] == 0) &&
1037 (postfix == NULL || postfix[0] == 0)) { 1040 (postfix == NULL || postfix[0] == 0) &&
1041 (user_match == NULL || user_match[0] == 0)) {
1038 return (0); 1042 return (0);
1039 } 1043 }
1040 1044
@@ -1065,23 +1069,40 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1065 user = Z_STRVAL_P(backup); 1069 user = Z_STRVAL_P(backup);
1066 } 1070 }
1067 1071
1068 if (prefix_len && prefix_len <= len) { 1072 cp = user;
1069 if (strncmp(prefix, user, prefix_len)==0) { 1073 while (cp < user+len) {
1070 prefix = ""; 1074 if (*cp < 32) {
1071 len -= prefix_len; 1075 suhosin_log(S_SQL, "SQL username contains invalid characters");
1072 } 1076 if (!SUHOSIN_G(simulation)) {
1073 } 1077 suhosin_bailout(TSRMLS_C);
1074 1078 }
1075 if (postfix_len && postfix_len <= len) {
1076 if (strncmp(postfix, user+len-postfix_len, postfix_len)==0) {
1077 postfix = "";
1078 } 1079 }
1080 cp++;
1079 } 1081 }
1080 1082
1081 MAKE_STD_ZVAL(my_user); 1083 MAKE_STD_ZVAL(my_user);
1082 my_user->type = IS_STRING; 1084 my_user->type = IS_STRING;
1083 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix); 1085 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
1084 1086
1087 if (user_match && user_match[0]) {
1088 len = Z_STRLEN_P(my_user);
1089 user = Z_STRVAL_P(my_user);
1090#ifdef HAVE_FNMATCH
1091 if (fnmatch(user_match, user, 0) != 0) {
1092 suhosin_log(S_SQL, "SQL username ('%s') does not match suhosin.sql.user_match ('%s')", user, user_match);
1093 if (!SUHOSIN_G(simulation)) {
1094 suhosin_bailout(TSRMLS_C);
1095 }
1096 }
1097#else
1098#warning no support for fnmatch() - setting suhosin.sql.user_match will always fail.
1099 suhosin_log(S_SQL, "suhosin.sql.user_match specified, but system does not support fnmatch()");
1100 if (!SUHOSIN_G(simulation)) {
1101 suhosin_bailout(TSRMLS_C);
1102 }
1103#endif
1104 }
1105
1085 /* XXX: memory_leak? */ 1106 /* XXX: memory_leak? */
1086 *arg = my_user; 1107 *arg = my_user;
1087 1108