fix(log): systematically drop when .drop() is used

When the `php` logging facility is used, the error could have been caught by using `set_error_handler` and whatnot. This commit ensures that if the `.drop()` option is set, we're calling `zend_bailout()` that can't be caught. An attacker could have used this issue to silently perform some recon of the running environment. This isn't considered a vulnerability as an attacker with arbitrary php code execution can simply use the use-after-free of the day to gain arbitrary (native) code execution anyway, after detecting that Snuffleupagus is in use, to take little risks of detection.
author: jvoisin 2025-10-02 15:22:08 +0200
committer: jvoisin 2025-10-02 15:22:08 +0200
commit: da8c7aebc5602c04b771ada71a098ccb23d83a48 (patch)
tree: c006dabc93a369c247334bc50985b78653f9eb60 /src
parent: 09bc3ffc8734cf2437e14ab123c7b732db53b836 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/src/sp_utils.c b/src/sp_utils.c
index b045f61..775ff95 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -52,19 +52,19 @@ void sp_log_msgf(char const* const restrict feature, int level, int type,
      syslog(syslog_level, "[snuffleupagus][%s][%s][%s] %s in %s on line %d",
             client_ip, feature, logtype, msg, error_filename, error_lineno);
      closelog();
-      efree(msg);
-      if (type == SP_TYPE_DROP) {
-        zend_bailout();
-      }
      break;
    }
    case SP_LOG_ZEND:
    default:
      zend_error(level, "[snuffleupagus][%s][%s][%s] %s", client_ip, feature,
                 logtype, msg);
-      efree(msg);
      break;
  }
+  efree(msg);
+  if (type == SP_TYPE_DROP) {
+    zend_bailout();
+  }
 }
 int compute_hash(char const* const restrict filename,
author	jvoisin	2025-10-02 15:22:08 +0200
committer	jvoisin	2025-10-02 15:22:08 +0200
commit	da8c7aebc5602c04b771ada71a098ccb23d83a48 (patch)
tree	c006dabc93a369c247334bc50985b78653f9eb60 /src
parent	09bc3ffc8734cf2437e14ab123c7b732db53b836 (diff)