summaryrefslogtreecommitdiff
path: root/src/sp_unserialize.c
diff options
context:
space:
mode:
authorjvoisin2018-10-06 16:15:00 +0000
committerGitHub2018-10-06 16:15:00 +0000
commitaa550b9abadc109a2c89a7cd6dd047ac2a953027 (patch)
tree1892e9ce8f833f3f13278cd424368fe1b5e26d91 /src/sp_unserialize.c
parent228fadf307b167a22ad6ec760f3b2ee2e9f2fee3 (diff)
Bump a bit the coverage
* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
Diffstat (limited to 'src/sp_unserialize.c')
-rw-r--r--src/sp_unserialize.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 1b47416..fe738e6 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -6,9 +6,9 @@ PHP_FUNCTION(sp_serialize) {
6 zif_handler orig_handler; 6 zif_handler orig_handler;
7 7
8 /* Call the original `serialize` function. */ 8 /* Call the original `serialize` function. */
9 orig_handler = zend_hash_str_find_ptr( 9 orig_handler =
10 SNUFFLEUPAGUS_G(sp_internal_functions_hook), "serialize", 10 zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
11 sizeof("serialize") - 1); 11 "serialize", sizeof("serialize") - 1);
12 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 12 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
13 13
14 /* Compute the HMAC of the textual representation of the serialized data*/ 14 /* Compute the HMAC of the textual representation of the serialized data*/
@@ -26,9 +26,11 @@ PHP_FUNCTION(sp_serialize) {
26 26
27 size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); 27 size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
28 if (len < Z_STRLEN_P(return_value)) { 28 if (len < Z_STRLEN_P(return_value)) {
29 // LCOV_EXCL_START
29 sp_log_err("overflow_error", 30 sp_log_err("overflow_error",
30 "Overflow tentative detected in sp_serialize."); 31 "Overflow tentative detected in sp_serialize.");
31 zend_bailout(); 32 zend_bailout();
33 // LCOV_EXCL_STOP
32 } 34 }
33 zend_string *res = zend_string_alloc(len, 0); 35 zend_string *res = zend_string_alloc(len, 0);
34 36
@@ -51,7 +53,7 @@ PHP_FUNCTION(sp_unserialize) {
51 size_t buf_len = 0; 53 size_t buf_len = 0;
52 zval *opts = NULL; 54 zval *opts = NULL;
53 55
54 const sp_config_unserialize* config_unserialize = 56 const sp_config_unserialize *config_unserialize =
55 SNUFFLEUPAGUS_G(config).config_unserialize; 57 SNUFFLEUPAGUS_G(config).config_unserialize;
56 58
57 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) == 59 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) ==
@@ -63,7 +65,6 @@ PHP_FUNCTION(sp_unserialize) {
63 if (buf_len < 64) { 65 if (buf_len < 64) {
64 sp_log_msg("unserialize", SP_LOG_DROP, 66 sp_log_msg("unserialize", SP_LOG_DROP,
65 "The serialized object is too small."); 67 "The serialized object is too small.");
66 RETURN_FALSE;
67 } 68 }
68 69
69 hmac = buf + buf_len - 64; 70 hmac = buf + buf_len - 64;
@@ -94,6 +95,11 @@ PHP_FUNCTION(sp_unserialize) {
94 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 95 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
95 } 96 }
96 } else { 97 } else {
98 if (config_unserialize->dump) {
99 sp_log_request(config_unserialize->dump,
100 config_unserialize->textual_representation,
101 SP_TOKEN_UNSERIALIZE_HMAC);
102 }
97 if (true == config_unserialize->simulation) { 103 if (true == config_unserialize->simulation) {
98 sp_log_msg("unserialize", SP_LOG_SIMULATION, "Invalid HMAC for %s", 104 sp_log_msg("unserialize", SP_LOG_SIMULATION, "Invalid HMAC for %s",
99 serialized_str); 105 serialized_str);
@@ -107,11 +113,6 @@ PHP_FUNCTION(sp_unserialize) {
107 serialized_str); 113 serialized_str);
108 } 114 }
109 } 115 }
110 if (config_unserialize->dump) {
111 sp_log_request(config_unserialize->dump,
112 config_unserialize->textual_representation,
113 SP_TOKEN_UNSERIALIZE_HMAC);
114 }
115 efree(serialized_str); 116 efree(serialized_str);
116 return; 117 return;
117} 118}