summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Fuhrmannek2016-02-22 16:35:13 +0100
committerBen Fuhrmannek2016-02-22 16:35:13 +0100
commitdbe536b85203b442caf19786799d7ac3eddc2847 (patch)
tree1ec0208fc3a1cb778d753f044dc34fbb8664c2ec
parent759139184a4e322c561de889484f7de3d181756f (diff)
perdir + zstr checks
Diffstat
-rw-r--r--php_suhosin7.h2
-rw-r--r--suhosin7.c51
2 files changed, 22 insertions, 31 deletions
diff --git a/php_suhosin7.h b/php_suhosin7.h
index 3af6de6..894452d 100644
--- a/php_suhosin7.h
+++ b/php_suhosin7.h
@@ -279,7 +279,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin7)
279 279
280 280
281 /* PERDIR Handling */ 281 /* PERDIR Handling */
282 char *perdir; 282 // char *perdir;
283 zend_bool log_perdir; 283 zend_bool log_perdir;
284 zend_bool exec_perdir; 284 zend_bool exec_perdir;
285 zend_bool get_perdir; 285 zend_bool get_perdir;
diff --git a/suhosin7.c b/suhosin7.c
index 3923b57..c3e3765 100644
--- a/suhosin7.c
+++ b/suhosin7.c
@@ -77,21 +77,14 @@ dohandlers(SQL, sql)
77 77
78 78
79/* ------------------------------------------------------------------------ */ 79/* ------------------------------------------------------------------------ */
80#define PERDIR_CASE(l, U, name) \ 80#define PERDIR_CASE(l, name) \
81 case l: \ 81 case l: \
82 case U: \ 82 case l-0x20: \
83 SUHOSIN7_G(name ## _perdir) = 1; \ 83 SUHOSIN7_G(name ## _perdir) = 1; \
84 break; 84 break;
85 85
86static ZEND_INI_MH(OnUpdateSuhosin_perdir) 86static ZEND_INI_MH(OnUpdateSuhosin_perdir)
87{ 87{
88 char *tmp;
89
90 if (SUHOSIN7_G(perdir)) {
91 pefree(SUHOSIN7_G(perdir), 1);
92 }
93 SUHOSIN7_G(perdir) = NULL;
94
95 /* Initialize the perdir flags */ 88 /* Initialize the perdir flags */
96 SUHOSIN7_G(log_perdir) = 0; 89 SUHOSIN7_G(log_perdir) = 0;
97 SUHOSIN7_G(exec_perdir) = 0; 90 SUHOSIN7_G(exec_perdir) = 0;
@@ -103,35 +96,33 @@ static ZEND_INI_MH(OnUpdateSuhosin_perdir)
103 SUHOSIN7_G(upload_perdir) = 0; 96 SUHOSIN7_G(upload_perdir) = 0;
104 SUHOSIN7_G(sql_perdir) = 0; 97 SUHOSIN7_G(sql_perdir) = 0;
105 98
106 if (new_value == NULL) { 99 if (new_value == NULL || ZSTR_LEN(new_value) == 0) {
107 return SUCCESS; 100 return SUCCESS;
108 } 101 }
109 102
110 tmp = SUHOSIN7_G(perdir) = pestrdup(ZSTR_VAL(new_value), 1); 103 char *tmp = ZSTR_VAL(new_value);
111 104
112 /* trim the whitespace */
113 while (isspace(*tmp)) tmp++;
114
115 /* should we deactivate perdir completely? */ 105 /* should we deactivate perdir completely? */
116 if (*tmp == 0 || *tmp == '0') { 106 if (*tmp == '0') {
117 return SUCCESS; 107 return SUCCESS;
118 } 108 }
119 109
120 /* no deactivation so check the flags */ 110 /* no deactivation so check the flags */
121 while (*tmp) { 111 for (; tmp < ZSTR_VAL(new_value) + ZSTR_LEN(new_value) && *tmp; tmp++) {
112 if (isspace(*tmp))
113 continue;
122 switch (*tmp) { 114 switch (*tmp) {
123 PERDIR_CASE('l', 'L', log) 115 PERDIR_CASE('l', log)
124 PERDIR_CASE('e', 'E', exec) 116 PERDIR_CASE('e', exec)
125 PERDIR_CASE('g', 'G', get) 117 PERDIR_CASE('g', get)
126 PERDIR_CASE('c', 'C', cookie) 118 PERDIR_CASE('c', cookie)
127 PERDIR_CASE('p', 'P', post) 119 PERDIR_CASE('p', post)
128 PERDIR_CASE('r', 'R', request) 120 PERDIR_CASE('r', request)
129 PERDIR_CASE('s', 'S', sql) 121 PERDIR_CASE('s', sql)
130 PERDIR_CASE('u', 'U', upload) 122 PERDIR_CASE('u', upload)
131 PERDIR_CASE('m', 'M', misc) 123 PERDIR_CASE('m', misc)
132 } 124 }
133 tmp++; 125 }
134 }
135 return SUCCESS; 126 return SUCCESS;
136} 127}
137 128
@@ -148,8 +139,8 @@ list_destroy:
148 } 139 }
149 140
150 char *list = ZSTR_VAL(zlist); 141 char *list = ZSTR_VAL(zlist);
151 while (*list && (*list == ' ' || *list == '\t')) list++; 142 while (list < ZSTR_VAL(zlist) + ZSTR_LEN(zlist) && *list && (*list == ' ' || *list == '\t')) list++;
152 if (*list == 0) { 143 if (*list == 0 || list >= ZSTR_VAL(zlist) + ZSTR_LEN(zlist)) {
153 goto list_destroy; 144 goto list_destroy;
154 } 145 }
155 146