diff options
| author | Ben Fuhrmannek | 2021-09-15 20:26:02 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2021-09-15 20:26:02 +0200 |
| commit | 31d6a3cddd18cef447698ba2beaa7b5d9ab9dd94 (patch) | |
| tree | 015c69027703d17061d429375de84a86cc51186a /src | |
| parent | 8e42064026906f0f25caca237e4624b5b3c5087e (diff) | |
implemented execution depth limit
Diffstat (limited to 'src')
| -rw-r--r-- | src/php_snuffleupagus.h | 1 | ||||
| -rw-r--r-- | src/snuffleupagus.c | 2 | ||||
| -rw-r--r-- | src/sp_config.h | 2 | ||||
| -rw-r--r-- | src/sp_config_keywords.c | 1 | ||||
| -rw-r--r-- | src/sp_execute.c | 17 |
5 files changed, 19 insertions, 4 deletions
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index e11f976..0c7dc4b 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h | |||
| @@ -108,6 +108,7 @@ ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus) | |||
| 108 | size_t in_eval; | 108 | size_t in_eval; |
| 109 | sp_config config; | 109 | sp_config config; |
| 110 | int is_config_valid; // 1 = valid, 0 = invalid, -1 = none | 110 | int is_config_valid; // 1 = valid, 0 = invalid, -1 = none |
| 111 | u_long execution_depth; | ||
| 111 | bool allow_broken_configuration; | 112 | bool allow_broken_configuration; |
| 112 | HashTable *disabled_functions_hook; | 113 | HashTable *disabled_functions_hook; |
| 113 | HashTable *sp_internal_functions_hook; | 114 | HashTable *sp_internal_functions_hook; |
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index dab5dca..d2f81ff 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c | |||
| @@ -251,6 +251,8 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { | |||
| 251 | } | 251 | } |
| 252 | 252 | ||
| 253 | PHP_RINIT_FUNCTION(snuffleupagus) { | 253 | PHP_RINIT_FUNCTION(snuffleupagus) { |
| 254 | SNUFFLEUPAGUS_G(execution_depth) = 0; | ||
| 255 | |||
| 254 | const sp_config_wrapper *const config_wrapper = | 256 | const sp_config_wrapper *const config_wrapper = |
| 255 | SNUFFLEUPAGUS_G(config).config_wrapper; | 257 | SNUFFLEUPAGUS_G(config).config_wrapper; |
| 256 | #if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) | 258 | #if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) |
diff --git a/src/sp_config.h b/src/sp_config.h index fd6dc15..ccf2318 100644 --- a/src/sp_config.h +++ b/src/sp_config.h | |||
| @@ -196,6 +196,7 @@ typedef struct { | |||
| 196 | sp_config_ini *config_ini; | 196 | sp_config_ini *config_ini; |
| 197 | bool hook_execute; | 197 | bool hook_execute; |
| 198 | char log_media; | 198 | char log_media; |
| 199 | u_long max_execution_depth; | ||
| 199 | 200 | ||
| 200 | HashTable *config_disabled_functions; | 201 | HashTable *config_disabled_functions; |
| 201 | HashTable *config_disabled_functions_hooked; | 202 | HashTable *config_disabled_functions_hooked; |
| @@ -286,6 +287,7 @@ typedef struct { | |||
| 286 | #define SP_TOKEN_ENCRYPTION_KEY "secret_key" | 287 | #define SP_TOKEN_ENCRYPTION_KEY "secret_key" |
| 287 | #define SP_TOKEN_ENV_VAR "cookie_env_var" | 288 | #define SP_TOKEN_ENV_VAR "cookie_env_var" |
| 288 | #define SP_TOKEN_LOG_MEDIA "log_media" | 289 | #define SP_TOKEN_LOG_MEDIA "log_media" |
| 290 | #define SP_TOKEN_MAX_EXECUTION_DEPTH "max_execution_depth" | ||
| 289 | 291 | ||
| 290 | // upload_validator | 292 | // upload_validator |
| 291 | #define SP_TOKEN_UPLOAD_SCRIPT "script" | 293 | #define SP_TOKEN_UPLOAD_SCRIPT "script" |
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 3b6bc0b..632f9bd 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c | |||
| @@ -128,6 +128,7 @@ SP_PARSE_FN(parse_global) { | |||
| 128 | {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, | 128 | {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, |
| 129 | {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, | 129 | {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, |
| 130 | {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, | 130 | {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, |
| 131 | {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SNUFFLEUPAGUS_G(config).max_execution_depth)}, | ||
| 131 | {0, 0, 0}}; | 132 | {0, 0, 0}}; |
| 132 | 133 | ||
| 133 | SP_PROCESS_CONFIG_KEYWORDS_ERR(); | 134 | SP_PROCESS_CONFIG_KEYWORDS_ERR(); |
diff --git a/src/sp_execute.c b/src/sp_execute.c index 8795e5f..41257ad 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c | |||
| @@ -112,6 +112,15 @@ zend_string *get_eval_filename(const char *const filename) { | |||
| 112 | return clean_filename; | 112 | return clean_filename; |
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | static inline void sp_orig_execute(zend_execute_data *execute_data) { | ||
| 116 | SNUFFLEUPAGUS_G(execution_depth)++; | ||
| 117 | if (SNUFFLEUPAGUS_G(execution_depth) > SNUFFLEUPAGUS_G(config).max_execution_depth && SNUFFLEUPAGUS_G(config).max_execution_depth > 0) { | ||
| 118 | sp_log_drop("execute", "Maximum recursion limit reached. Script terminated."); | ||
| 119 | } | ||
| 120 | orig_execute_ex(execute_data); | ||
| 121 | SNUFFLEUPAGUS_G(execution_depth)--; | ||
| 122 | } | ||
| 123 | |||
| 115 | static void sp_execute_ex(zend_execute_data *execute_data) { | 124 | static void sp_execute_ex(zend_execute_data *execute_data) { |
| 116 | is_in_eval_and_whitelisted(execute_data); | 125 | is_in_eval_and_whitelisted(execute_data); |
| 117 | const HashTable *config_disabled_functions = | 126 | const HashTable *config_disabled_functions = |
| @@ -131,7 +140,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { | |||
| 131 | zend_string_release(filename); | 140 | zend_string_release(filename); |
| 132 | 141 | ||
| 133 | SNUFFLEUPAGUS_G(in_eval)++; | 142 | SNUFFLEUPAGUS_G(in_eval)++; |
| 134 | orig_execute_ex(execute_data); | 143 | sp_orig_execute(execute_data); |
| 135 | SNUFFLEUPAGUS_G(in_eval)--; | 144 | SNUFFLEUPAGUS_G(in_eval)--; |
| 136 | return; | 145 | return; |
| 137 | } | 146 | } |
| @@ -150,7 +159,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { | |||
| 150 | .config_disabled_functions_reg->disabled_functions; | 159 | .config_disabled_functions_reg->disabled_functions; |
| 151 | 160 | ||
| 152 | if (!function_name) { | 161 | if (!function_name) { |
| 153 | orig_execute_ex(execute_data); | 162 | sp_orig_execute(execute_data); |
| 154 | return; | 163 | return; |
| 155 | } | 164 | } |
| 156 | 165 | ||
| @@ -184,7 +193,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { | |||
| 184 | EX(return_value) = &ret_val; | 193 | EX(return_value) = &ret_val; |
| 185 | } | 194 | } |
| 186 | 195 | ||
| 187 | orig_execute_ex(execute_data); | 196 | sp_orig_execute(execute_data); |
| 188 | 197 | ||
| 189 | should_drop_on_ret_ht( | 198 | should_drop_on_ret_ht( |
| 190 | EX(return_value), function_name, | 199 | EX(return_value), function_name, |
| @@ -197,7 +206,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { | |||
| 197 | EX(return_value) = NULL; | 206 | EX(return_value) = NULL; |
| 198 | } | 207 | } |
| 199 | } else { | 208 | } else { |
| 200 | orig_execute_ex(execute_data); | 209 | sp_orig_execute(execute_data); |
| 201 | } | 210 | } |
| 202 | } | 211 | } |
| 203 | 212 | ||