summaryrefslogtreecommitdiff
path: root/src/sp_ifilter.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2021-09-16 11:32:41 +0200
committerBen Fuhrmannek2021-09-16 11:32:41 +0200
commit6e07cdb870513270a3c08abc7ecdca64ad2af400 (patch)
treef9784435101f85d9ff0776c205421a7916b5854e /src/sp_ifilter.c
parent31d6a3cddd18cef447698ba2beaa7b5d9ab9dd94 (diff)
ported server.strip and server.encode features from suhosin
Diffstat (limited to 'src/sp_ifilter.c')
-rw-r--r--src/sp_ifilter.c103
1 files changed, 103 insertions, 0 deletions
diff --git a/src/sp_ifilter.c b/src/sp_ifilter.c
new file mode 100644
index 0000000..171138f
--- /dev/null
+++ b/src/sp_ifilter.c
@@ -0,0 +1,103 @@
1#include "php_snuffleupagus.h"
2
3static void (*orig_register_server_variables)(zval *track_vars_array) = NULL;
4
5static const unsigned char sp_hexchars[] = "0123456789ABCDEF";
6
7static const char sp_is_dangerous_char[256] = {
8 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0,
9 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
10 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0,
11 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0,
12 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
13 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
14 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
15 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
16 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
17 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
18 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
19 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
20 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
21 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
22 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
23 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
24};
25
26static void sp_server_strip(HashTable *svars, char *key, int keylen) {
27 zval *value = zend_hash_str_find(svars, key, keylen);
28 if (!value || Z_TYPE_P(value) != IS_STRING) { return; }
29
30 zend_string *tmp_zstr = Z_STR_P(value);
31 char *tmp = ZSTR_VAL(tmp_zstr);
32 char *tmpend = tmp + ZSTR_LEN(tmp_zstr);
33
34 for (char *p = tmp; p < tmpend; p++) {
35 if (sp_is_dangerous_char[(int)*p]) {
36 *p = '_';
37 }
38 }
39}
40
41static void sp_server_encode(HashTable *svars, char *key, int keylen) {
42 zval *value = zend_hash_str_find(svars, key, keylen);
43 if (!value || Z_TYPE_P(value) != IS_STRING) { return; }
44
45 zend_string *tmp_zstr = Z_STR_P(value);
46 char *tmp = ZSTR_VAL(tmp_zstr);
47 char *tmpend = tmp + ZSTR_LEN(tmp_zstr);
48 int extra = 0;
49
50 for (char *p = tmp; p < tmpend; p++) {
51 extra += sp_is_dangerous_char[(int)*p] * 2;
52 }
53 if (!extra) { return; }
54
55 zend_string *new_zstr = zend_string_alloc(ZSTR_LEN(tmp_zstr) + extra, 0);
56 char *n = ZSTR_VAL(new_zstr);
57 for (char *p = tmp; p < tmpend; p++, n++) {
58 if (sp_is_dangerous_char[(int)*p]) {
59 *n++ = '%';
60 *n++ = sp_hexchars[*p >> 4];
61 *n = sp_hexchars[*p & 15];
62 } else {
63 *n = *p;
64 }
65 }
66 ZSTR_VAL(new_zstr)[ZSTR_LEN(new_zstr)] = 0;
67 Z_STR_P(value) = new_zstr;
68
69 zend_string_release_ex(tmp_zstr, 0);
70}
71
72static void sp_register_server_variables(zval *track_vars_array) {
73 orig_register_server_variables(track_vars_array);
74
75 HashTable *svars;
76 svars = Z_ARRVAL_P(track_vars_array);
77
78
79 if (SNUFFLEUPAGUS_G(config).server_encode) {
80 sp_server_encode(svars, ZEND_STRL("REQUEST_URI"));
81 sp_server_encode(svars, ZEND_STRL("QUERY_STRING"));
82 }
83
84 if (SNUFFLEUPAGUS_G(config).server_strip) {
85 sp_server_strip(svars, ZEND_STRL("PHP_SELF"));
86 sp_server_strip(svars, ZEND_STRL("HTTP_HOST"));
87 sp_server_strip(svars, ZEND_STRL("HTTP_USER_AGENT"));
88
89 // for cgi + fpm
90 sp_server_strip(svars, ZEND_STRL("PATH_INFO"));
91 sp_server_strip(svars, ZEND_STRL("PATH_TRANSLATED"));
92 sp_server_strip(svars, ZEND_STRL("ORIG_PATH_TRANSLATED"));
93 sp_server_strip(svars, ZEND_STRL("ORIG_PATH_INFO"));
94 }
95}
96
97void sp_hook_register_server_variables()
98{
99 if (sapi_module.register_server_variables) {
100 orig_register_server_variables = sapi_module.register_server_variables;
101 sapi_module.register_server_variables = sp_register_server_variables;
102 }
103}