diff options
| author | kkadosh | 2018-06-28 21:43:40 +0000 |
|---|---|---|
| committer | jvoisin | 2018-06-28 21:43:40 +0000 |
| commit | ca3be84076521c4bb053511775c94c0b195aeac8 (patch) | |
| tree | 3026bd494850086795a67d18f56264abbe4cc11c /src | |
| parent | 7832438b7abedf567ce6376f99949f419abcdff1 (diff) | |
Better handling of filters for builtins
Diffstat (limited to 'src')
| -rw-r--r-- | src/sp_config_keywords.c | 9 | ||||
| -rw-r--r-- | src/sp_crypt.c | 6 | ||||
| -rw-r--r-- | src/sp_disabled_functions.c | 31 | ||||
| -rw-r--r-- | src/sp_session.c | 14 | ||||
| -rw-r--r-- | src/tests/config/disabled_functions_drop_include.ini | 4 | ||||
| -rw-r--r-- | src/tests/config/disabled_functions_drop_include_simulation.ini | 4 | ||||
| -rw-r--r-- | src/tests/disabled_functions_drop_include.phpt | 28 | ||||
| -rw-r--r-- | src/tests/disabled_functions_drop_include_simulation.phpt | 28 |
8 files changed, 101 insertions, 23 deletions
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index f702f4d..cc1f0f9 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c | |||
| @@ -61,8 +61,7 @@ static int parse_enable(char *line, bool *restrict retval, | |||
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | int parse_session(char *line) { | 63 | int parse_session(char *line) { |
| 64 | sp_config_session *session = | 64 | sp_config_session *session = pecalloc(sizeof(sp_config_session), 1, 0); |
| 65 | pecalloc(sizeof(sp_config_session), 1, 0); | ||
| 66 | 65 | ||
| 67 | sp_config_functions sp_config_funcs_session_encryption[] = { | 66 | sp_config_functions sp_config_funcs_session_encryption[] = { |
| 68 | {parse_empty, SP_TOKEN_ENCRYPT, &(session->encrypt)}, | 67 | {parse_empty, SP_TOKEN_ENCRYPT, &(session->encrypt)}, |
| @@ -95,10 +94,8 @@ int parse_session(char *line) { | |||
| 95 | } | 94 | } |
| 96 | } | 95 | } |
| 97 | 96 | ||
| 98 | SNUFFLEUPAGUS_G(config).config_session->encrypt = | 97 | SNUFFLEUPAGUS_G(config).config_session->encrypt = session->encrypt; |
| 99 | session->encrypt; | 98 | SNUFFLEUPAGUS_G(config).config_session->simulation = session->simulation; |
| 100 | SNUFFLEUPAGUS_G(config).config_session->simulation = | ||
| 101 | session->simulation; | ||
| 102 | pefree(session, 0); | 99 | pefree(session, 0); |
| 103 | return ret; | 100 | return ret; |
| 104 | } | 101 | } |
diff --git a/src/sp_crypt.c b/src/sp_crypt.c index 55ae37b..6a46d06 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c | |||
| @@ -64,9 +64,9 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { | |||
| 64 | } | 64 | } |
| 65 | } | 65 | } |
| 66 | 66 | ||
| 67 | 67 | if (ZSTR_LEN(debase64) + (size_t)crypto_secretbox_ZEROBYTES < | |
| 68 | if (ZSTR_LEN(debase64) + (size_t)crypto_secretbox_ZEROBYTES < ZSTR_LEN(debase64)) { | 68 | ZSTR_LEN(debase64)) { |
| 69 | if (true == simulation) { | 69 | if (true == simulation) { |
| 70 | sp_log_msg( | 70 | sp_log_msg( |
| 71 | "cookie_encryption", SP_LOG_SIMULATION, | 71 | "cookie_encryption", SP_LOG_SIMULATION, |
| 72 | "Integer overflow tentative detected in cookie encryption handling " | 72 | "Integer overflow tentative detected in cookie encryption handling " |
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index eeee007..341c0a4 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c | |||
| @@ -248,6 +248,23 @@ static zend_execute_data* is_file_matching( | |||
| 248 | #undef ITERATE | 248 | #undef ITERATE |
| 249 | } | 249 | } |
| 250 | 250 | ||
| 251 | static bool check_is_builtin_name( | ||
| 252 | sp_disabled_function const* const config_node) { | ||
| 253 | if (config_node->function) { | ||
| 254 | return (!strcmp(config_node->function, "include") || | ||
| 255 | !strcmp(config_node->function, "include_once") || | ||
| 256 | !strcmp(config_node->function, "require") || | ||
| 257 | !strcmp(config_node->function, "require_once")); | ||
| 258 | } | ||
| 259 | if (config_node->r_function) { | ||
| 260 | return (sp_is_regexp_matching(config_node->r_function, "include") || | ||
| 261 | sp_is_regexp_matching(config_node->r_function, "include_once") || | ||
| 262 | sp_is_regexp_matching(config_node->r_function, "require") || | ||
| 263 | sp_is_regexp_matching(config_node->r_function, "require_once")); | ||
| 264 | } | ||
| 265 | return false; | ||
| 266 | } | ||
| 267 | |||
| 251 | bool should_disable(zend_execute_data* execute_data, const char* builtin_name, | 268 | bool should_disable(zend_execute_data* execute_data, const char* builtin_name, |
| 252 | const char* builtin_param, const char* builtin_param_name) { | 269 | const char* builtin_param, const char* builtin_param_name) { |
| 253 | char current_file_hash[SHA256_SIZE * 2 + 1] = {0}; | 270 | char current_file_hash[SHA256_SIZE * 2 + 1] = {0}; |
| @@ -303,13 +320,11 @@ bool should_disable(zend_execute_data* execute_data, const char* builtin_name, | |||
| 303 | goto next; | 320 | goto next; |
| 304 | } | 321 | } |
| 305 | } | 322 | } |
| 306 | |||
| 307 | if (config_node->line) { | 323 | if (config_node->line) { |
| 308 | if (config_node->line != zend_get_executed_lineno()) { | 324 | if (config_node->line != zend_get_executed_lineno()) { |
| 309 | goto next; | 325 | goto next; |
| 310 | } | 326 | } |
| 311 | } | 327 | } |
| 312 | |||
| 313 | if (config_node->filename || config_node->r_filename) { | 328 | if (config_node->filename || config_node->r_filename) { |
| 314 | zend_execute_data* ex = | 329 | zend_execute_data* ex = |
| 315 | is_file_matching(execute_data, config_node, current_filename); | 330 | is_file_matching(execute_data, config_node, current_filename); |
| @@ -327,7 +342,6 @@ bool should_disable(zend_execute_data* execute_data, const char* builtin_name, | |||
| 327 | goto next; | 342 | goto next; |
| 328 | } | 343 | } |
| 329 | } | 344 | } |
| 330 | |||
| 331 | if (config_node->var) { | 345 | if (config_node->var) { |
| 332 | if (false == is_local_var_matching(execute_data, config_node)) { | 346 | if (false == is_local_var_matching(execute_data, config_node)) { |
| 333 | goto next; | 347 | goto next; |
| @@ -360,8 +374,17 @@ bool should_disable(zend_execute_data* execute_data, const char* builtin_name, | |||
| 360 | } | 374 | } |
| 361 | } | 375 | } |
| 362 | 376 | ||
| 363 | /* Everything matched.*/ | 377 | if (config_node->value_r || config_node->value) { |
| 378 | if (check_is_builtin_name(config_node)) { | ||
| 379 | if (false == is_param_matching(execute_data, config_node, builtin_name, | ||
| 380 | builtin_param, &arg_name, | ||
| 381 | builtin_param_name, &arg_value_str)) { | ||
| 382 | goto next; | ||
| 383 | } | ||
| 384 | } | ||
| 385 | } | ||
| 364 | 386 | ||
| 387 | /* Everything matched.*/ | ||
| 365 | if (true == config_node->allow) { | 388 | if (true == config_node->allow) { |
| 366 | goto allow; | 389 | goto allow; |
| 367 | } | 390 | } |
diff --git a/src/sp_session.c b/src/sp_session.c index 4085007..ce852ad 100644 --- a/src/sp_session.c +++ b/src/sp_session.c | |||
| @@ -21,7 +21,6 @@ static int (*old_s_write)(PS_WRITE_ARGS); | |||
| 21 | static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL; | 21 | static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL; |
| 22 | static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; | 22 | static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; |
| 23 | 23 | ||
| 24 | |||
| 25 | static int sp_hook_s_read(PS_READ_ARGS) { | 24 | static int sp_hook_s_read(PS_READ_ARGS) { |
| 26 | int r = old_s_read(mod_data, key, val, maxlifetime); | 25 | int r = old_s_read(mod_data, key, val, maxlifetime); |
| 27 | if (r == SUCCESS && SNUFFLEUPAGUS_G(config).config_session->encrypt && | 26 | if (r == SUCCESS && SNUFFLEUPAGUS_G(config).config_session->encrypt && |
| @@ -31,8 +30,7 @@ static int sp_hook_s_read(PS_READ_ARGS) { | |||
| 31 | ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val)); | 30 | ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val)); |
| 32 | 31 | ||
| 33 | int ret = decrypt_zval( | 32 | int ret = decrypt_zval( |
| 34 | &val_zval, SNUFFLEUPAGUS_G(config).config_session->simulation, | 33 | &val_zval, SNUFFLEUPAGUS_G(config).config_session->simulation, NULL); |
| 35 | NULL); | ||
| 36 | if (0 != ret) { | 34 | if (0 != ret) { |
| 37 | if (SNUFFLEUPAGUS_G(config).config_session->simulation) { | 35 | if (SNUFFLEUPAGUS_G(config).config_session->simulation) { |
| 38 | return ret; | 36 | return ret; |
| @@ -51,10 +49,8 @@ static int sp_hook_s_read(PS_READ_ARGS) { | |||
| 51 | return r; | 49 | return r; |
| 52 | } | 50 | } |
| 53 | 51 | ||
| 54 | |||
| 55 | static int sp_hook_s_write(PS_WRITE_ARGS) { | 52 | static int sp_hook_s_write(PS_WRITE_ARGS) { |
| 56 | if (ZSTR_LEN(val) > 0 && | 53 | if (ZSTR_LEN(val) > 0 && SNUFFLEUPAGUS_G(config).config_session->encrypt) { |
| 57 | SNUFFLEUPAGUS_G(config).config_session->encrypt) { | ||
| 58 | zend_string *new_val = encrypt_zval(ZSTR_VAL(val), ZSTR_LEN(val)); | 54 | zend_string *new_val = encrypt_zval(ZSTR_VAL(val), ZSTR_LEN(val)); |
| 59 | return old_s_write(mod_data, key, new_val, maxlifetime); | 55 | return old_s_write(mod_data, key, new_val, maxlifetime); |
| 60 | } | 56 | } |
| @@ -92,11 +88,9 @@ static void sp_hook_session_module() { | |||
| 92 | 88 | ||
| 93 | static PHP_INI_MH(sp_OnUpdateSaveHandler) { | 89 | static PHP_INI_MH(sp_OnUpdateSaveHandler) { |
| 94 | if (stage == PHP_INI_STAGE_RUNTIME && | 90 | if (stage == PHP_INI_STAGE_RUNTIME && |
| 95 | SESSION_G(session_status) == php_session_none && | 91 | SESSION_G(session_status) == php_session_none && s_original_mod && |
| 96 | s_original_mod && | ||
| 97 | zend_string_equals_literal(new_value, "user") == 0 && | 92 | zend_string_equals_literal(new_value, "user") == 0 && |
| 98 | strcmp(((ps_module *)s_original_mod)->s_name, "user") == | 93 | strcmp(((ps_module *)s_original_mod)->s_name, "user") == 0) { |
| 99 | 0) { | ||
| 100 | return SUCCESS; | 94 | return SUCCESS; |
| 101 | } | 95 | } |
| 102 | 96 | ||
diff --git a/src/tests/config/disabled_functions_drop_include.ini b/src/tests/config/disabled_functions_drop_include.ini new file mode 100644 index 0000000..0b10f65 --- /dev/null +++ b/src/tests/config/disabled_functions_drop_include.ini | |||
| @@ -0,0 +1,4 @@ | |||
| 1 | sp.disable_function.function("require_once").value_r("\.ico$").drop(); | ||
| 2 | sp.disable_function.function("include_once").value_r("\.ico$").drop(); | ||
| 3 | sp.disable_function.function("require").value_r("\.ico$").drop(); | ||
| 4 | sp.disable_function.function("include").value_r("\.ico$").drop(); | ||
diff --git a/src/tests/config/disabled_functions_drop_include_simulation.ini b/src/tests/config/disabled_functions_drop_include_simulation.ini new file mode 100644 index 0000000..4064da1 --- /dev/null +++ b/src/tests/config/disabled_functions_drop_include_simulation.ini | |||
| @@ -0,0 +1,4 @@ | |||
| 1 | sp.disable_function.function("require_once").value_r("\.ico$").drop().simulation(); | ||
| 2 | sp.disable_function.function("include_once").value_r("\.ico$").drop().simulation(); | ||
| 3 | sp.disable_function.function("require").value_r("\.ico$").drop().simulation(); | ||
| 4 | sp.disable_function.function("include").value_r("\.ico$").drop().simulation(); | ||
diff --git a/src/tests/disabled_functions_drop_include.phpt b/src/tests/disabled_functions_drop_include.phpt new file mode 100644 index 0000000..e18dd73 --- /dev/null +++ b/src/tests/disabled_functions_drop_include.phpt | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | --TEST-- | ||
| 2 | Disable function, bug : https://github.com/nbs-system/snuffleupagus/issues/181 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/disabled_functions_drop_include.ini | ||
| 7 | --FILE-- | ||
| 8 | <?php | ||
| 9 | $dir = __DIR__; | ||
| 10 | |||
| 11 | @unlink("$dir/test_include.php"); | ||
| 12 | |||
| 13 | $code = <<< 'EOD' | ||
| 14 | <?php | ||
| 15 | $test = "testOK"; | ||
| 16 | ?> | ||
| 17 | EOD; | ||
| 18 | |||
| 19 | file_put_contents("$dir/test_include.php", $code); | ||
| 20 | |||
| 21 | include "$dir/test_include.php"; | ||
| 22 | |||
| 23 | echo $test; | ||
| 24 | |||
| 25 | ?> | ||
| 26 | |||
| 27 | --EXPECTF-- | ||
| 28 | testOK | ||
diff --git a/src/tests/disabled_functions_drop_include_simulation.phpt b/src/tests/disabled_functions_drop_include_simulation.phpt new file mode 100644 index 0000000..07c3e98 --- /dev/null +++ b/src/tests/disabled_functions_drop_include_simulation.phpt | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | --TEST-- | ||
| 2 | Disable function, bug : https://github.com/nbs-system/snuffleupagus/issues/181 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/disabled_functions_drop_include_simulation.ini | ||
| 7 | --FILE-- | ||
| 8 | <?php | ||
| 9 | $dir = __DIR__; | ||
| 10 | |||
| 11 | @unlink("$dir/test_include.php"); | ||
| 12 | |||
| 13 | $code = <<< 'EOD' | ||
| 14 | <?php | ||
| 15 | $test = "testOK"; | ||
| 16 | ?> | ||
| 17 | EOD; | ||
| 18 | |||
| 19 | file_put_contents("$dir/test_include.php", $code); | ||
| 20 | |||
| 21 | include "$dir/test_include.php"; | ||
| 22 | |||
| 23 | echo $test; | ||
| 24 | |||
| 25 | ?> | ||
| 26 | |||
| 27 | --EXPECTF-- | ||
| 28 | testOK | ||
