fixed #92 (function_exists backslash-prefix)

author: Ben Fuhrmannek 2016-07-30 12:43:27 +0200
committer: Ben Fuhrmannek 2016-07-30 12:43:27 +0200
commit: 9cdaaab816f3cc52bfe6346fd29242936c6bca75 (patch)
tree: 78e0c228413e909f5b4929888e6aed45b39f2616 /execute.c
parent: 765706eb5a01756542faf5609b303927bd6f43dc (diff)
1 files changed, 31 insertions, 21 deletions
diff --git a/execute.c b/execute.c
index aa236e2..d8b0be4 100644
--- a/execute.c
+++ b/execute.c
@@ -1085,21 +1085,26 @@ int ih_fixusername(IH_HANDLER_PARAMS)
 static int ih_function_exists(IH_HANDLER_PARAMS)
 {
-        zval **function_name;
+        char *name;
+        int name_len;
        zend_function *func;
        char *lcname;
        zend_bool retval;
-        int func_name_len;
-        
+        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &name, &name_len) == FAILURE) {
-        if (ZEND_NUM_ARGS()!=1 || zend_get_parameters_ex(1, &function_name)==FAILURE) {
+                return 1;
-                ZEND_WRONG_PARAM_COUNT_WITH_RETVAL(1);
+        }
+        lcname = zend_str_tolower_dup(name, name_len);
+        /* Ignore leading "\" */
+        name = lcname;
+        if (lcname[0] == '\\') {
+                name = &lcname[1];
+                name_len--;
        }
-        convert_to_string_ex(function_name);
-        func_name_len = Z_STRLEN_PP(function_name);
-        lcname = estrndup(Z_STRVAL_PP(function_name), func_name_len);   
-        zend_str_tolower(lcname, func_name_len);
-        retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS);
+        retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS);
        
        /*
         * A bit of a hack, but not a bad one: we see if the handler of the function
@@ -1107,36 +1112,41 @@ static int ih_function_exists(IH_HANDLER_PARAMS)
         */
        if (retval && func->type == ZEND_INTERNAL_FUNCTION &&
                func->internal_function.handler == zif_display_disabled_function) {
-                retval = 0;
+                        retval = 0;
+                        goto ret;
        }
        /* Now check if function is forbidden by Suhosin */
        if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
                if (SUHOSIN_G(eval_whitelist) != NULL) {
-                        if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, func_name_len+1)) {
+                        if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), name, name_len+1)) {
-                            retval = 0;
+                                retval = 0;
+                                goto ret;
                        }
                } else if (SUHOSIN_G(eval_blacklist) != NULL) {
-                        if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, func_name_len+1)) {
+                        if (zend_hash_exists(SUHOSIN_G(eval_blacklist), name, name_len+1)) {
-                            retval = 0;
+                                retval = 0;
+                                goto ret;
                        }
                }
        }
        
        if (SUHOSIN_G(func_whitelist) != NULL) {
-                if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, func_name_len+1)) {
+                if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) {
-                    retval = 0;
+                        retval = 0;
+                        goto ret;
                }
        } else if (SUHOSIN_G(func_blacklist) != NULL) {
-                if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, func_name_len+1)) {
+                if (zend_hash_exists(SUHOSIN_G(func_blacklist), name, name_len+1)) {
-                    retval = 0;
+                        retval = 0;
+                        goto ret;
                }
        }
+ret:
        efree(lcname);
        RETVAL_BOOL(retval);
-        return (1);
+        return 1;
 }
 /* MT RAND FUNCTIONS */
author	Ben Fuhrmannek	2016-07-30 12:43:27 +0200
committer	Ben Fuhrmannek	2016-07-30 12:43:27 +0200
commit	9cdaaab816f3cc52bfe6346fd29242936c6bca75 (patch)
tree	78e0c228413e909f5b4929888e6aed45b39f2616 /execute.c
parent	765706eb5a01756542faf5609b303927bd6f43dc (diff)

diff --git a/execute.c b/execute.c index aa236e2..d8b0be4 100644 --- a/execute.c +++ b/execute.c
@@ -1085,21 +1085,26 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1085		1085
1086	static int ih_function_exists(IH_HANDLER_PARAMS)	1086	static int ih_function_exists(IH_HANDLER_PARAMS)
1087	{	1087	{
1088	zval **function_name;	1088	char *name;
		1089	int name_len;
1089	zend_function *func;	1090	zend_function *func;
1090	char *lcname;	1091	char *lcname;
1091	zend_bool retval;	1092	zend_bool retval;
1092	int func_name_len;	1093
1093		1094	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &name, &name_len) == FAILURE) {
1094	if (ZEND_NUM_ARGS()!=1 \|\| zend_get_parameters_ex(1, &function_name)==FAILURE) {	1095	return 1;
1095	ZEND_WRONG_PARAM_COUNT_WITH_RETVAL(1);	1096	}
		1097
		1098	lcname = zend_str_tolower_dup(name, name_len);
		1099
		1100	/* Ignore leading "\" */
		1101	name = lcname;
		1102	if (lcname[0] == '\\') {
		1103	name = &lcname[1];
		1104	name_len--;
1096	}	1105	}
1097	convert_to_string_ex(function_name);
1098	func_name_len = Z_STRLEN_PP(function_name);
1099	lcname = estrndup(Z_STRVAL_PP(function_name), func_name_len);
1100	zend_str_tolower(lcname, func_name_len);
1101		1106
1102	retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS);	1107	retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS);
1103		1108
1104	/*	1109	/*
1105	* A bit of a hack, but not a bad one: we see if the handler of the function	1110	* A bit of a hack, but not a bad one: we see if the handler of the function
@@ -1107,36 +1112,41 @@ static int ih_function_exists(IH_HANDLER_PARAMS)
1107	*/	1112	*/
1108	if (retval && func->type == ZEND_INTERNAL_FUNCTION &&	1113	if (retval && func->type == ZEND_INTERNAL_FUNCTION &&
1109	func->internal_function.handler == zif_display_disabled_function) {	1114	func->internal_function.handler == zif_display_disabled_function) {
1110	retval = 0;	1115	retval = 0;
		1116	goto ret;
1111	}	1117	}
1112		1118
1113	/* Now check if function is forbidden by Suhosin */	1119	/* Now check if function is forbidden by Suhosin */
1114	if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {	1120	if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
1115	if (SUHOSIN_G(eval_whitelist) != NULL) {	1121	if (SUHOSIN_G(eval_whitelist) != NULL) {
1116	if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, func_name_len+1)) {	1122	if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), name, name_len+1)) {
1117	retval = 0;	1123	retval = 0;
		1124	goto ret;
1118	}	1125	}
1119	} else if (SUHOSIN_G(eval_blacklist) != NULL) {	1126	} else if (SUHOSIN_G(eval_blacklist) != NULL) {
1120	if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, func_name_len+1)) {	1127	if (zend_hash_exists(SUHOSIN_G(eval_blacklist), name, name_len+1)) {
1121	retval = 0;	1128	retval = 0;
		1129	goto ret;
1122	}	1130	}
1123	}	1131	}
1124	}	1132	}
1125		1133
1126	if (SUHOSIN_G(func_whitelist) != NULL) {	1134	if (SUHOSIN_G(func_whitelist) != NULL) {
1127	if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, func_name_len+1)) {	1135	if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) {
1128	retval = 0;	1136	retval = 0;
		1137	goto ret;
1129	}	1138	}
1130	} else if (SUHOSIN_G(func_blacklist) != NULL) {	1139	} else if (SUHOSIN_G(func_blacklist) != NULL) {
1131	if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, func_name_len+1)) {	1140	if (zend_hash_exists(SUHOSIN_G(func_blacklist), name, name_len+1)) {
1132	retval = 0;	1141	retval = 0;
		1142	goto ret;
1133	}	1143	}
1134	}	1144	}
1135		1145
		1146	ret:
1136	efree(lcname);	1147	efree(lcname);
1137
1138	RETVAL_BOOL(retval);	1148	RETVAL_BOOL(retval);
1139	return (1);	1149	return 1;
1140	}	1150	}
1141		1151
1142	/* MT RAND FUNCTIONS */	1152	/* MT RAND FUNCTIONS */