Initial import

author: Sebastien Blot 2017-09-20 10:11:01 +0200
committer: Sebastien Blot 2017-09-20 10:11:01 +0200
commit: 868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree: c0de0af318bf77a8959164ef11aeeeb2b7bab294 /src/sp_unserialize.c
1 files changed, 111 insertions, 0 deletions
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
new file mode 100644
index 0000000..b5b67b4
--- /dev/null
+++ b/src/sp_unserialize.c
@@ -0,0 +1,111 @@
+#include "php_snuffleupagus.h"
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+PHP_FUNCTION(sp_serialize) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+  /* Call the original `serialize` function. */
+  if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                             "serialize", 9))) {
+    orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+  } else {
+    sp_log_err("disabled_functions",
+        "Unable to find the pointer to the original function 'serialize' in "
+        "the hashtable.\n");
+  }
+  /* Compute the HMAC of the textual representation of the serialized data*/
+  zval func_name;
+  zval hmac;
+  zval params[3];
+  ZVAL_STRING(&func_name, "hash_hmac");
+  ZVAL_STRING(&params[0], "sha256");
+  params[1] = *return_value;
+  ZVAL_STRING(&params[2],
+              SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key);
+  call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params);
+  size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
+  zend_string *res = zend_string_alloc(len, 0);
+  memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value));
+  memcpy(ZSTR_VAL(res) + Z_STRLEN_P(return_value), Z_STRVAL(hmac),
+         Z_STRLEN(hmac));
+  ZSTR_VAL(res)[len] = '\0';
+  /* Append the computed HMAC to the serialized data. */
+  return_value->value.str = res;
+  return;
+}
+PHP_FUNCTION(sp_unserialize) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+  char *buf = NULL;
+  char *serialized_str = NULL;
+  char *hmac = NULL;
+  zval expected_hmac;
+  size_t buf_len = 0;
+  zval *opts = NULL;
+  if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) ==
+      FAILURE) {
+    RETURN_FALSE;
+  }
+  /* 64 is the length of HMAC-256 */
+  if (buf_len < 64) {
+    sp_log_msg("unserialize", LOG_DROP, "The serialized object is too small.");
+    RETURN_FALSE;
+  }
+  hmac = buf + buf_len - 64;
+  serialized_str = ecalloc(sizeof(*serialized_str) * (buf_len - 64 + 1), 1);
+  memcpy(serialized_str, buf, buf_len - 64);
+  zval func_name;
+  ZVAL_STRING(&func_name, "hash_hmac");
+  zval params[3];
+  ZVAL_STRING(&params[0], "sha256");
+  ZVAL_STRING(&params[1], serialized_str);
+  ZVAL_STRING(&params[2],
+              SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key);
+  call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3,
+                     params);
+  unsigned int status = 0;
+  for (uint8_t i = 0; i < 64; i++) {
+    status |= (hmac[i] ^ (Z_STRVAL(expected_hmac))[i]);
+  }
+  if (0 == status) {
+    if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                               "unserialize", 11))) {
+      orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+    }
+  } else {
+    if ( true == SNUFFLEUPAGUS_G(config).config_unserialize->simulation) {
+      sp_log_msg("unserialize", LOG_NOTICE, "Invalid HMAC for %s", serialized_str);
+      if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                               "unserialize", 11))) {
+        orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+      }
+    } else {
+      sp_log_msg("unserialize", LOG_DROP, "Invalid HMAC for %s", serialized_str);
+    }
+  }
+  efree(serialized_str);
+  return;
+}
+int hook_serialize(void) {
+  TSRMLS_FETCH();
+  HOOK_FUNCTION("serialize", sp_internal_functions_hook, PHP_FN(sp_serialize), false);
+  HOOK_FUNCTION("unserialize", sp_internal_functions_hook, PHP_FN(sp_unserialize), false);
+  return SUCCESS;
+}
author	Sebastien Blot	2017-09-20 10:11:01 +0200
committer	Sebastien Blot	2017-09-20 10:11:01 +0200
commit	868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree	c0de0af318bf77a8959164ef11aeeeb2b7bab294 /src/sp_unserialize.c

diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c new file mode 100644 index 0000000..b5b67b4 --- /dev/null +++ b/src/sp_unserialize.c
@@ -0,0 +1,111 @@
	1	#include "php_snuffleupagus.h"
	2
	3	ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
	4
	5	PHP_FUNCTION(sp_serialize) {
	6	void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
	7
	8	/* Call the original `serialize` function. */
	9	if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
	10	"serialize", 9))) {
	11	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
	12	} else {
	13	sp_log_err("disabled_functions",
	14	"Unable to find the pointer to the original function 'serialize' in "
	15	"the hashtable.\n");
	16	}
	17
	18	/* Compute the HMAC of the textual representation of the serialized data*/
	19	zval func_name;
	20	zval hmac;
	21	zval params[3];
	22
	23	ZVAL_STRING(&func_name, "hash_hmac");
	24	ZVAL_STRING(&params[0], "sha256");
	25	params[1] = *return_value;
	26	ZVAL_STRING(&params[2],
	27	SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key);
	28	call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params);
	29
	30	size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
	31	zend_string *res = zend_string_alloc(len, 0);
	32
	33	memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value));
	34	memcpy(ZSTR_VAL(res) + Z_STRLEN_P(return_value), Z_STRVAL(hmac),
	35	Z_STRLEN(hmac));
	36	ZSTR_VAL(res)[len] = '\0';
	37
	38	/* Append the computed HMAC to the serialized data. */
	39	return_value->value.str = res;
	40	return;
	41	}
	42
	43	PHP_FUNCTION(sp_unserialize) {
	44	void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
	45
	46	char *buf = NULL;
	47	char *serialized_str = NULL;
	48	char *hmac = NULL;
	49	zval expected_hmac;
	50	size_t buf_len = 0;
	51	zval *opts = NULL;
	52
	53	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s\|a", &buf, &buf_len, &opts) ==
	54	FAILURE) {
	55	RETURN_FALSE;
	56	}
	57
	58	/* 64 is the length of HMAC-256 */
	59	if (buf_len < 64) {
	60	sp_log_msg("unserialize", LOG_DROP, "The serialized object is too small.");
	61	RETURN_FALSE;
	62	}
	63
	64	hmac = buf + buf_len - 64;
	65	serialized_str = ecalloc(sizeof(serialized_str) (buf_len - 64 + 1), 1);
	66	memcpy(serialized_str, buf, buf_len - 64);
	67
	68	zval func_name;
	69	ZVAL_STRING(&func_name, "hash_hmac");
	70
	71	zval params[3];
	72	ZVAL_STRING(&params[0], "sha256");
	73	ZVAL_STRING(&params[1], serialized_str);
	74	ZVAL_STRING(&params[2],
	75	SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key);
	76	call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3,
	77	params);
	78
	79	unsigned int status = 0;
	80	for (uint8_t i = 0; i < 64; i++) {
	81	status \|= (hmac[i] ^ (Z_STRVAL(expected_hmac))[i]);
	82	}
	83
	84	if (0 == status) {
	85	if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
	86	"unserialize", 11))) {
	87	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
	88	}
	89	} else {
	90	if ( true == SNUFFLEUPAGUS_G(config).config_unserialize->simulation) {
	91	sp_log_msg("unserialize", LOG_NOTICE, "Invalid HMAC for %s", serialized_str);
	92	if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
	93	"unserialize", 11))) {
	94	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
	95	}
	96	} else {
	97	sp_log_msg("unserialize", LOG_DROP, "Invalid HMAC for %s", serialized_str);
	98	}
	99	}
	100	efree(serialized_str);
	101	return;
	102	}
	103
	104	int hook_serialize(void) {
	105	TSRMLS_FETCH();
	106
	107	HOOK_FUNCTION("serialize", sp_internal_functions_hook, PHP_FN(sp_serialize), false);
	108	HOOK_FUNCTION("unserialize", sp_internal_functions_hook, PHP_FN(sp_unserialize), false);
	109
	110	return SUCCESS;
	111	}