diff options
| author | jvoisin | 2017-10-09 11:54:31 +0200 |
|---|---|---|
| committer | GitHub | 2017-10-09 11:54:31 +0200 |
| commit | 1602780f3c85ca127c77d28ae93a4e2a4eeae180 (patch) | |
| tree | 1200952d6f20b0dbc94d6252dcdaba5be0bad353 /src/sp_execute.c | |
| parent | 7234fdbb0cb0dd45ed1d6e7814c91e596126ee25 (diff) | |
Better hooking of language constructs (#26)
* Vastly improve the support of language construct hooking
Diffstat (limited to 'src/sp_execute.c')
| -rw-r--r-- | src/sp_execute.c | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/src/sp_execute.c b/src/sp_execute.c index 7d62e88..014a049 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c | |||
| @@ -28,17 +28,20 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) { | |||
| 28 | } | 28 | } |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | static void check_inclusion_regexp(const char * const filename) { | 31 | static void construct_include_handler(const char * const filename) { |
| 32 | if (SNUFFLEUPAGUS_G(config).config_regexp_inclusion->regexp_inclusion) { | 32 | if (SNUFFLEUPAGUS_G(config).config_disabled_constructs->construct_include) { |
| 33 | const sp_node_t* config = SNUFFLEUPAGUS_G(config).config_regexp_inclusion->regexp_inclusion; | 33 | const sp_node_t* config = SNUFFLEUPAGUS_G(config).config_disabled_constructs->construct_include; |
| 34 | if (!config || !config->data) { | 34 | if (!config || !config->data) { |
| 35 | return; | 35 | return; |
| 36 | } | 36 | } |
| 37 | |||
| 37 | while (config) { | 38 | while (config) { |
| 38 | pcre *config_node = (pcre*)(config->data); | 39 | sp_disabled_function *config_node = (sp_disabled_function*)(config->data); |
| 39 | if (false == is_regexp_matching(config_node, filename)) { | 40 | if (true == is_regexp_matching(config_node->regexp, filename)) { |
| 40 | sp_log_msg("include", SP_LOG_DROP, "Inclusion of a forbidden file (%s).", filename); | 41 | sp_log_disable("include", "inclusion path", filename, config_node); |
| 41 | sp_terminate(); | 42 | if (false == config_node->simulation) { |
| 43 | sp_terminate(); | ||
| 44 | } | ||
| 42 | } | 45 | } |
| 43 | config = config->next; | 46 | config = config->next; |
| 44 | } | 47 | } |
| @@ -68,17 +71,22 @@ execute: | |||
| 68 | orig_execute_ex(execute_data); | 71 | orig_execute_ex(execute_data); |
| 69 | } | 72 | } |
| 70 | 73 | ||
| 71 | static int sp_stream_open(const char *filename, | 74 | static int sp_stream_open(const char *filename, zend_file_handle *handle) { |
| 72 | zend_file_handle *handle) { | 75 | zend_execute_data const * const data = EG(current_execute_data); |
| 73 | const zend_execute_data *data = EG(current_execute_data); | ||
| 74 | 76 | ||
| 75 | if ((NULL != data) && (NULL != data->opline) && | 77 | if ((NULL == data) || (NULL == data->opline)) { |
| 76 | (ZEND_INCLUDE_OR_EVAL == data->opline->opcode)) { | 78 | goto end; |
| 77 | if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { | ||
| 78 | terminate_if_writable(filename); | ||
| 79 | } | ||
| 80 | check_inclusion_regexp(filename); | ||
| 81 | } | 79 | } |
| 80 | |||
| 81 | switch(data->opline->opcode) { | ||
| 82 | case ZEND_INCLUDE_OR_EVAL: | ||
| 83 | if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { | ||
| 84 | terminate_if_writable(filename); | ||
| 85 | } | ||
| 86 | construct_include_handler(filename); | ||
| 87 | } | ||
| 88 | |||
| 89 | end: | ||
| 82 | return orig_zend_stream_open(filename, handle); | 90 | return orig_zend_stream_open(filename, handle); |
| 83 | } | 91 | } |
| 84 | 92 | ||