Allow rules matching on echo and print

author: xXx-caillou-xXx 2018-07-13 11:38:51 +0200
committer: jvoisin 2018-07-13 09:38:51 +0000
commit: 94649dee9e8b8b6c6c28b79d565ae7b388e3d6d9 (patch)
tree: 106df2ad6824ec1c352fd57f577372778e64385b /src/sp_disabled_functions.c
parent: 7963580d72a358975133f86f01de2d2eab08ba38 (diff)
1 files changed, 37 insertions, 5 deletions
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
index 14783f6..f266951 100644
--- a/src/sp_disabled_functions.c
+++ b/src/sp_disabled_functions.c
@@ -236,13 +236,15 @@ static bool check_is_builtin_name(
    return (zend_string_equals_literal(config_node->function, "include") ||
            zend_string_equals_literal(config_node->function, "include_once") ||
            zend_string_equals_literal(config_node->function, "require") ||
-            zend_string_equals_literal(config_node->function, "require_once"));
+            zend_string_equals_literal(config_node->function, "require_once") ||
+            zend_string_equals_literal(config_node->function, "echo"));
  }
  if (config_node->r_function) {
    return (sp_is_regexp_matching(config_node->r_function, "include") ||
            sp_is_regexp_matching(config_node->r_function, "include_once") ||
            sp_is_regexp_matching(config_node->r_function, "require") ||
-            sp_is_regexp_matching(config_node->r_function, "require_once"));
+            sp_is_regexp_matching(config_node->r_function, "require_once") ||
+            sp_is_regexp_matching(config_node->r_function, "echo"));
  }
  return false;
 }
@@ -383,7 +385,12 @@ bool should_disable(zend_execute_data* execute_data,
    }
    if (config_node->r_value || config_node->value) {
-      if (check_is_builtin_name(config_node)) {
+      if (check_is_builtin_name(config_node) &&
+          !config_node->var &&
+          !config_node->param &&
+          !config_node->r_param &&
+          !config_node->key &&
+          !config_node->r_key) {
        if (false == is_param_matching(execute_data, config_node, builtin_param,
                                       &arg_name, builtin_param_name,
                                       &arg_value_str)) {
@@ -566,8 +573,14 @@ static int hook_functions(HashTable* to_hook_ht, HashTable* hooked_ht) {
    if (!HOOK_FUNCTION(ZSTR_VAL(key), disabled_functions_hook,
                       PHP_FN(check_disabled_function)) ||
        check_is_builtin_name(((sp_list_node*)Z_PTR_P(value))->data)) {
-      zend_symtable_add_new(hooked_ht, key, value);
+      if (zend_string_equals_literal(key, "echo") ||
-      zend_hash_del(to_hook_ht, key);
+          zend_string_equals_literal(key, "print")) {
+        zend_hash_str_add_new(hooked_ht, "echo", strlen("echo"), value);
+        zend_hash_del(to_hook_ht, key);
+      } else {
+        zend_symtable_add_new(hooked_ht, key, value);
+        zend_hash_del(to_hook_ht, key);
+      }
    }
  }
  ZEND_HASH_FOREACH_END();
@@ -648,3 +661,22 @@ int hook_disabled_functions(void) {
  }
  return ret;
 }
+zend_write_func_t zend_write_default = NULL;
+int hook_echo(const char* str, size_t str_length) {
+  zend_string* zs = zend_string_init(str, str_length, 0);
+  bool ret = should_disable_ht(
+      EG(current_execute_data), "echo", zs, NULL,
+      SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions,
+      SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked);
+  zend_string_release(zs);
+  if (ret) {
+    sp_terminate();
+  }
+  return zend_write_default(str, str_length);
+}
author	xXx-caillou-xXx	2018-07-13 11:38:51 +0200
committer	jvoisin	2018-07-13 09:38:51 +0000
commit	94649dee9e8b8b6c6c28b79d565ae7b388e3d6d9 (patch)
tree	106df2ad6824ec1c352fd57f577372778e64385b /src/sp_disabled_functions.c
parent	7963580d72a358975133f86f01de2d2eab08ba38 (diff)

diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 14783f6..f266951 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c
@@ -236,13 +236,15 @@ static bool check_is_builtin_name(
236	return (zend_string_equals_literal(config_node->function, "include") \|\|	236	return (zend_string_equals_literal(config_node->function, "include") \|\|
237	zend_string_equals_literal(config_node->function, "include_once") \|\|	237	zend_string_equals_literal(config_node->function, "include_once") \|\|
238	zend_string_equals_literal(config_node->function, "require") \|\|	238	zend_string_equals_literal(config_node->function, "require") \|\|
239	zend_string_equals_literal(config_node->function, "require_once"));	239	zend_string_equals_literal(config_node->function, "require_once") \|\|
		240	zend_string_equals_literal(config_node->function, "echo"));
240	}	241	}
241	if (config_node->r_function) {	242	if (config_node->r_function) {
242	return (sp_is_regexp_matching(config_node->r_function, "include") \|\|	243	return (sp_is_regexp_matching(config_node->r_function, "include") \|\|
243	sp_is_regexp_matching(config_node->r_function, "include_once") \|\|	244	sp_is_regexp_matching(config_node->r_function, "include_once") \|\|
244	sp_is_regexp_matching(config_node->r_function, "require") \|\|	245	sp_is_regexp_matching(config_node->r_function, "require") \|\|
245	sp_is_regexp_matching(config_node->r_function, "require_once"));	246	sp_is_regexp_matching(config_node->r_function, "require_once") \|\|
		247	sp_is_regexp_matching(config_node->r_function, "echo"));
246	}	248	}
247	return false;	249	return false;
248	}	250	}
@@ -383,7 +385,12 @@ bool should_disable(zend_execute_data* execute_data,
383	}	385	}
384		386
385	if (config_node->r_value \|\| config_node->value) {	387	if (config_node->r_value \|\| config_node->value) {
386	if (check_is_builtin_name(config_node)) {	388	if (check_is_builtin_name(config_node) &&
		389	!config_node->var &&
		390	!config_node->param &&
		391	!config_node->r_param &&
		392	!config_node->key &&
		393	!config_node->r_key) {
387	if (false == is_param_matching(execute_data, config_node, builtin_param,	394	if (false == is_param_matching(execute_data, config_node, builtin_param,
388	&arg_name, builtin_param_name,	395	&arg_name, builtin_param_name,
389	&arg_value_str)) {	396	&arg_value_str)) {
@@ -566,8 +573,14 @@ static int hook_functions(HashTable* to_hook_ht, HashTable* hooked_ht) {
566	if (!HOOK_FUNCTION(ZSTR_VAL(key), disabled_functions_hook,	573	if (!HOOK_FUNCTION(ZSTR_VAL(key), disabled_functions_hook,
567	PHP_FN(check_disabled_function)) \|\|	574	PHP_FN(check_disabled_function)) \|\|
568	check_is_builtin_name(((sp_list_node*)Z_PTR_P(value))->data)) {	575	check_is_builtin_name(((sp_list_node*)Z_PTR_P(value))->data)) {
569	zend_symtable_add_new(hooked_ht, key, value);	576	if (zend_string_equals_literal(key, "echo") \|\|
570	zend_hash_del(to_hook_ht, key);	577	zend_string_equals_literal(key, "print")) {
		578	zend_hash_str_add_new(hooked_ht, "echo", strlen("echo"), value);
		579	zend_hash_del(to_hook_ht, key);
		580	} else {
		581	zend_symtable_add_new(hooked_ht, key, value);
		582	zend_hash_del(to_hook_ht, key);
		583	}
571	}	584	}
572	}	585	}
573	ZEND_HASH_FOREACH_END();	586	ZEND_HASH_FOREACH_END();
@@ -648,3 +661,22 @@ int hook_disabled_functions(void) {
648	}	661	}
649	return ret;	662	return ret;
650	}	663	}
		664
		665	zend_write_func_t zend_write_default = NULL;
		666
		667	int hook_echo(const char* str, size_t str_length) {
		668	zend_string* zs = zend_string_init(str, str_length, 0);
		669
		670	bool ret = should_disable_ht(
		671	EG(current_execute_data), "echo", zs, NULL,
		672	SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions,
		673	SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked);
		674
		675	zend_string_release(zs);
		676
		677	if (ret) {
		678	sp_terminate();
		679	}
		680
		681	return zend_write_default(str, str_length);
		682	}