diff options
| author | Thibault "bui" Koechlin | 2017-12-28 17:04:06 +0100 |
|---|---|---|
| committer | jvoisin | 2017-12-28 17:04:06 +0100 |
| commit | 9f5e8d12f05fb24c915a5266a1e908a75c8aed08 (patch) | |
| tree | 9160075ea943c7fd29a3923f844a0ac0d6b8b457 /src/sp_execute.c | |
| parent | 62c48bf9a85e0294b7b32cea438e904e1cd50669 (diff) | |
Clang-format pass
- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h`
- Update the documentation accordingly
Diffstat (limited to 'src/sp_execute.c')
| -rw-r--r-- | src/sp_execute.c | 68 |
1 files changed, 38 insertions, 30 deletions
diff --git a/src/sp_execute.c b/src/sp_execute.c index a541bfb..7dd0798 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c | |||
| @@ -7,34 +7,37 @@ ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) | |||
| 7 | 7 | ||
| 8 | static void (*orig_execute_ex)(zend_execute_data *execute_data); | 8 | static void (*orig_execute_ex)(zend_execute_data *execute_data); |
| 9 | static int (*orig_zend_stream_open)(const char *filename, | 9 | static int (*orig_zend_stream_open)(const char *filename, |
| 10 | zend_file_handle *handle); | 10 | zend_file_handle *handle); |
| 11 | 11 | ||
| 12 | // FIXME handle symlink | 12 | // FIXME handle symlink |
| 13 | ZEND_COLD static inline void terminate_if_writable(const char *filename) { | 13 | ZEND_COLD static inline void terminate_if_writable(const char *filename) { |
| 14 | if (0 == access(filename, W_OK)) { | 14 | if (0 == access(filename, W_OK)) { |
| 15 | if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->simulation) { | 15 | if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->simulation) { |
| 16 | sp_log_msg("readonly_exec", SP_LOG_SIMULATION, | 16 | sp_log_msg("readonly_exec", SP_LOG_SIMULATION, |
| 17 | "Attempted execution of a writable file (%s).", filename); | 17 | "Attempted execution of a writable file (%s).", filename); |
| 18 | } else { | 18 | } else { |
| 19 | sp_log_msg("readonly_exec", SP_LOG_DROP, | 19 | sp_log_msg("readonly_exec", SP_LOG_DROP, |
| 20 | "Attempted execution of a writable file (%s).", filename); | 20 | "Attempted execution of a writable file (%s).", filename); |
| 21 | sp_terminate(); | 21 | sp_terminate(); |
| 22 | } | 22 | } |
| 23 | } else { | 23 | } else { |
| 24 | if (EACCES != errno) { | 24 | if (EACCES != errno) { |
| 25 | sp_log_err("Writable execution", "Error while accessing %s: %s", filename, | 25 | sp_log_err("Writable execution", "Error while accessing %s: %s", filename, |
| 26 | strerror(errno)); | 26 | strerror(errno)); |
| 27 | } | 27 | } |
| 28 | } | 28 | } |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | static void is_builtin_matching(const char * restrict const filename, | 31 | static void is_builtin_matching(const char *restrict const filename, |
| 32 | char* restrict function_name, char* restrict param_name, sp_list_node *config) { | 32 | char *restrict function_name, |
| 33 | char *restrict param_name, | ||
| 34 | sp_list_node *config) { | ||
| 33 | if (!config || !config->data) { | 35 | if (!config || !config->data) { |
| 34 | return; | 36 | return; |
| 35 | } | 37 | } |
| 36 | 38 | ||
| 37 | if (true == should_disable(EG(current_execute_data), function_name, filename, param_name)) { | 39 | if (true == should_disable(EG(current_execute_data), function_name, filename, |
| 40 | param_name)) { | ||
| 38 | sp_terminate(); | 41 | sp_terminate(); |
| 39 | } | 42 | } |
| 40 | } | 43 | } |
| @@ -63,9 +66,10 @@ static void sp_execute_ex(zend_execute_data *execute_data) { | |||
| 63 | if (true == should_disable(execute_data, NULL, NULL, NULL)) { | 66 | if (true == should_disable(execute_data, NULL, NULL, NULL)) { |
| 64 | sp_terminate(); | 67 | sp_terminate(); |
| 65 | } | 68 | } |
| 66 | 69 | ||
| 67 | if (execute_data->func->op_array.type == ZEND_EVAL_CODE) { | 70 | if (execute_data->func->op_array.type == ZEND_EVAL_CODE) { |
| 68 | sp_list_node* config = SNUFFLEUPAGUS_G(config).config_disabled_constructs->construct_eval; | 71 | sp_list_node *config = |
| 72 | SNUFFLEUPAGUS_G(config).config_disabled_constructs->construct_eval; | ||
| 69 | char *filename = get_eval_filename((char *)zend_get_executed_filename()); | 73 | char *filename = get_eval_filename((char *)zend_get_executed_filename()); |
| 70 | is_builtin_matching(filename, "eval", NULL, config); | 74 | is_builtin_matching(filename, "eval", NULL, config); |
| 71 | efree(filename); | 75 | efree(filename); |
| @@ -85,36 +89,40 @@ static void sp_execute_ex(zend_execute_data *execute_data) { | |||
| 85 | } | 89 | } |
| 86 | 90 | ||
| 87 | static int sp_stream_open(const char *filename, zend_file_handle *handle) { | 91 | static int sp_stream_open(const char *filename, zend_file_handle *handle) { |
| 88 | zend_execute_data const * const data = EG(current_execute_data); | 92 | zend_execute_data const *const data = EG(current_execute_data); |
| 89 | 93 | ||
| 90 | if ((NULL == data) || (NULL == data->opline) || (data->func->type != ZEND_USER_FUNCTION)) { | 94 | if ((NULL == data) || (NULL == data->opline) || |
| 95 | (data->func->type != ZEND_USER_FUNCTION)) { | ||
| 91 | goto end; | 96 | goto end; |
| 92 | } | 97 | } |
| 93 | 98 | ||
| 94 | switch(data->opline->opcode) { | 99 | switch (data->opline->opcode) { |
| 95 | case ZEND_INCLUDE_OR_EVAL: | 100 | case ZEND_INCLUDE_OR_EVAL: |
| 96 | if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { | 101 | if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { |
| 97 | terminate_if_writable(filename); | 102 | terminate_if_writable(filename); |
| 98 | } | 103 | } |
| 99 | sp_list_node* config = SNUFFLEUPAGUS_G(config).config_disabled_constructs->construct_include; | 104 | sp_list_node *config = |
| 105 | SNUFFLEUPAGUS_G(config).config_disabled_constructs->construct_include; | ||
| 100 | switch (data->opline->extended_value) { | 106 | switch (data->opline->extended_value) { |
| 101 | case ZEND_INCLUDE: | 107 | case ZEND_INCLUDE: |
| 102 | is_builtin_matching(filename, "include", "inclusion path", config); | 108 | is_builtin_matching(filename, "include", "inclusion path", config); |
| 103 | break; | 109 | break; |
| 104 | case ZEND_REQUIRE: | 110 | case ZEND_REQUIRE: |
| 105 | is_builtin_matching(filename, "require", "inclusion path", config); | 111 | is_builtin_matching(filename, "require", "inclusion path", config); |
| 106 | break; | 112 | break; |
| 107 | case ZEND_REQUIRE_ONCE: | 113 | case ZEND_REQUIRE_ONCE: |
| 108 | is_builtin_matching(filename, "require_once", "inclusion path", config); | 114 | is_builtin_matching(filename, "require_once", "inclusion path", |
| 109 | break; | 115 | config); |
| 110 | case ZEND_INCLUDE_ONCE: | 116 | break; |
| 111 | is_builtin_matching(filename, "include_once", "inclusion path", config); | 117 | case ZEND_INCLUDE_ONCE: |
| 112 | break; | 118 | is_builtin_matching(filename, "include_once", "inclusion path", |
| 113 | case ZEND_EVAL: | 119 | config); |
| 114 | is_builtin_matching(filename, "eval", NULL, config); | 120 | break; |
| 115 | break; | 121 | case ZEND_EVAL: |
| 116 | default: | 122 | is_builtin_matching(filename, "eval", NULL, config); |
| 117 | break; | 123 | break; |
| 124 | default: | ||
| 125 | break; | ||
| 118 | } | 126 | } |
| 119 | } | 127 | } |
| 120 | 128 | ||