diff options
| author | Ben Fuhrmannek | 2021-12-14 14:29:43 +0100 |
|---|---|---|
| committer | Ben Fuhrmannek | 2021-12-14 14:29:43 +0100 |
| commit | 4a45ba42b609d48c8297456d67cc8d955073b567 (patch) | |
| tree | 947bd03955cd9e8c141f133ab12d3a84bd62611e /src/sp_utils.c | |
| parent | 1746eb1013af60d8524a42fb3431446a5933a646 (diff) | |
fix: include class name in eval whitelist matching
Diffstat (limited to 'src/sp_utils.c')
| -rw-r--r-- | src/sp_utils.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/src/sp_utils.c b/src/sp_utils.c index b53ddcb..034aaf4 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #include "php_snuffleupagus.h" | 1 | #include "php_snuffleupagus.h" |
| 2 | 2 | ||
| 3 | bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) { | ||
| 4 | // We can't use `zend_string_equals` here because it doesn't work on | ||
| 5 | // `const` zend_string. | ||
| 6 | return ZSTR_LEN(s1) == ZSTR_LEN(s2) && | ||
| 7 | !memcmp(ZSTR_VAL(s1), ZSTR_VAL(s2), ZSTR_LEN(s1)); | ||
| 8 | } | ||
| 9 | |||
| 10 | static const char* default_ipaddr = "0.0.0.0"; | 3 | static const char* default_ipaddr = "0.0.0.0"; |
| 11 | const char* get_ipaddr() { | 4 | const char* get_ipaddr() { |
| 12 | const char* client_ip = getenv("REMOTE_ADDR"); | 5 | const char* client_ip = getenv("REMOTE_ADDR"); |
| @@ -155,8 +148,8 @@ int sp_log_request(const zend_string* restrict folder, const zend_string* restri | |||
| 155 | char* const complete_path_function = get_complete_function_path(current); | 148 | char* const complete_path_function = get_complete_function_path(current); |
| 156 | if (complete_path_function) { | 149 | if (complete_path_function) { |
| 157 | const int current_line = zend_get_executed_lineno(TSRMLS_C); | 150 | const int current_line = zend_get_executed_lineno(TSRMLS_C); |
| 158 | fprintf(file, "STACKTRACE: %s:%d\n", complete_path_function, | 151 | fprintf(file, "STACKTRACE: %s:%d\n", complete_path_function, current_line); |
| 159 | current_line); | 152 | efree(complete_path_function); |
| 160 | } | 153 | } |
| 161 | current = current->prev_execute_data; | 154 | current = current->prev_execute_data; |
| 162 | } | 155 | } |
| @@ -468,7 +461,7 @@ void unhook_functions(HashTable *ht) { | |||
| 468 | ZEND_HASH_FOREACH_END_DEL(); | 461 | ZEND_HASH_FOREACH_END_DEL(); |
| 469 | } | 462 | } |
| 470 | 463 | ||
| 471 | bool check_is_in_eval_whitelist(const zend_string* const function_name) { | 464 | bool check_is_in_eval_whitelist(const char* function_name) { |
| 472 | const sp_list_node* it = SPCFG(eval).whitelist; | 465 | const sp_list_node* it = SPCFG(eval).whitelist; |
| 473 | if (!it) { | 466 | if (!it) { |
| 474 | return false; | 467 | return false; |
| @@ -477,7 +470,7 @@ bool check_is_in_eval_whitelist(const zend_string* const function_name) { | |||
| 477 | /* yes, we could use a HashTable instead, but since the list is pretty | 470 | /* yes, we could use a HashTable instead, but since the list is pretty |
| 478 | * small, it doesn't make a difference in practise. */ | 471 | * small, it doesn't make a difference in practise. */ |
| 479 | while (it && it->data) { | 472 | while (it && it->data) { |
| 480 | if (sp_zend_string_equals(function_name, (const zend_string*)(it->data))) { | 473 | if (sp_zend_string_equals_str((const zend_string*)(it->data), VAR_AND_LEN(function_name))) { |
| 481 | /* We've got a match, the function is whiteslited. */ | 474 | /* We've got a match, the function is whiteslited. */ |
| 482 | return true; | 475 | return true; |
| 483 | } | 476 | } |