diff options
| author | jvoisin | 2022-03-20 18:20:45 +0100 |
|---|---|---|
| committer | jvoisin | 2022-03-20 18:20:45 +0100 |
| commit | 81dd7f2ef07af306fe83d7755cbac4529aa9fc8d (patch) | |
| tree | 32cc44c6231b30db5ac7b15699297863460784aa /src/sp_disable_xxe.c | |
| parent | 83b01942dfc80474cc05e09aeef4b44307a7120b (diff) | |
| parent | c38df1077a6c1dfbca1baca049214d053e2e7684 (diff) | |
Merge remote-tracking branch 'sektioneins/master'
Diffstat (limited to 'src/sp_disable_xxe.c')
| -rw-r--r-- | src/sp_disable_xxe.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c index f9712b5..44e60ab 100644 --- a/src/sp_disable_xxe.c +++ b/src/sp_disable_xxe.c | |||
| @@ -1,24 +1,25 @@ | |||
| 1 | #include "php_snuffleupagus.h" | 1 | #include "php_snuffleupagus.h" |
| 2 | 2 | ||
| 3 | PHP_FUNCTION(sp_libxml_disable_entity_loader) { | 3 | PHP_FUNCTION(sp_libxml_disable_entity_loader) { |
| 4 | sp_log_warn("xxe", | 4 | sp_log_warn("xxe", "A call to libxml_disable_entity_loader was tried and nopped"); |
| 5 | "A call to libxml_disable_entity_loader was tried and nopped"); | ||
| 6 | RETURN_TRUE; | 5 | RETURN_TRUE; |
| 7 | } | 6 | } |
| 8 | 7 | ||
| 9 | PHP_FUNCTION(sp_libxml_set_external_entity_loader) { | 8 | PHP_FUNCTION(sp_libxml_set_external_entity_loader) { |
| 10 | sp_log_warn( | 9 | sp_log_warn("xxe", "A call to libxml_set_external_entity_loader was tried and nopped"); |
| 11 | "xxe", | ||
| 12 | "A call to libxml_set_external_entity_loader was tried and nopped"); | ||
| 13 | RETURN_TRUE; | 10 | RETURN_TRUE; |
| 14 | } | 11 | } |
| 15 | 12 | ||
| 16 | int hook_libxml_disable_entity_loader() { | 13 | int hook_libxml_disable_entity_loader() { |
| 17 | TSRMLS_FETCH(); | 14 | TSRMLS_FETCH(); |
| 18 | 15 | ||
| 16 | if (!zend_hash_str_find_ptr(&module_registry, ZEND_STRL("xml"))) { | ||
| 17 | sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP."); | ||
| 18 | } | ||
| 19 | |||
| 19 | zval func_name; | 20 | zval func_name; |
| 20 | zval retval; | 21 | zval retval; |
| 21 | zval params[1]; | 22 | zval params[1] = {0}; |
| 22 | 23 | ||
| 23 | #if PHP_VERSION_ID < 80000 | 24 | #if PHP_VERSION_ID < 80000 |
| 24 | // This function is deprecated in PHP8, but better safe than sorry for php7. | 25 | // This function is deprecated in PHP8, but better safe than sorry for php7. |
| @@ -32,10 +33,8 @@ int hook_libxml_disable_entity_loader() { | |||
| 32 | ZVAL_NULL(¶ms[0]); | 33 | ZVAL_NULL(¶ms[0]); |
| 33 | call_user_function(CG(function_table), NULL, &func_name, &retval, 1, params); | 34 | call_user_function(CG(function_table), NULL, &func_name, &retval, 1, params); |
| 34 | 35 | ||
| 35 | HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook, | 36 | HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook, PHP_FN(sp_libxml_disable_entity_loader)); |
| 36 | PHP_FN(sp_libxml_disable_entity_loader)); | 37 | HOOK_FUNCTION("libxml_set_external_entity_loader", sp_internal_functions_hook, PHP_FN(sp_libxml_set_external_entity_loader)); |
| 37 | HOOK_FUNCTION("libxml_set_external_entity_loader", sp_internal_functions_hook, | ||
| 38 | PHP_FN(sp_libxml_set_external_entity_loader)); | ||
| 39 | 38 | ||
| 40 | return SUCCESS; | 39 | return SUCCESS; |
| 41 | } | 40 | } |