summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/sp_config.h20
-rw-r--r--src/sp_disabled_functions.c10
-rw-r--r--src/sp_disabled_functions.h8
-rw-r--r--src/sp_execute.c2
-rw-r--r--src/sp_execute.h2
-rw-r--r--src/sp_pcre_compat.h27
-rw-r--r--src/sp_session.h1
-rw-r--r--src/sp_unserialize.c3
-rw-r--r--src/sp_utils.c3
-rw-r--r--src/sp_utils.h9
-rw-r--r--src/sp_var_value.c3
11 files changed, 49 insertions, 39 deletions
diff --git a/src/sp_config.h b/src/sp_config.h
index cfc3c8f..d2fa64f 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -49,15 +49,25 @@ typedef struct {
49 zend_string *textual_representation; 49 zend_string *textual_representation;
50} sp_config_readonly_exec; 50} sp_config_readonly_exec;
51 51
52typedef struct { bool enable; } sp_config_global_strict; 52typedef struct {
53 bool enable;
54} sp_config_global_strict;
53 55
54typedef struct { bool enable; } sp_config_random; 56typedef struct {
57 bool enable;
58} sp_config_random;
55 59
56typedef struct { bool enable; } sp_config_sloppy; 60typedef struct {
61 bool enable;
62} sp_config_sloppy;
57 63
58typedef struct { bool enable; } sp_config_auto_cookie_secure; 64typedef struct {
65 bool enable;
66} sp_config_auto_cookie_secure;
59 67
60typedef struct { bool enable; } sp_config_disable_xxe; 68typedef struct {
69 bool enable;
70} sp_config_disable_xxe;
61 71
62typedef struct { 72typedef struct {
63 enum samesite_type { strict = 1, lax = 2 } samesite; 73 enum samesite_type { strict = 1, lax = 2 } samesite;
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
index 2e459a9..4a4f7d8 100644
--- a/src/sp_disabled_functions.c
+++ b/src/sp_disabled_functions.c
@@ -373,11 +373,8 @@ bool should_disable(zend_execute_data* execute_data,
373 } 373 }
374 374
375 if (config_node->r_value || config_node->value) { 375 if (config_node->r_value || config_node->value) {
376 if (check_is_builtin_name(config_node) && 376 if (check_is_builtin_name(config_node) && !config_node->var &&
377 !config_node->var && 377 !config_node->param && !config_node->r_param && !config_node->key &&
378 !config_node->param &&
379 !config_node->r_param &&
380 !config_node->key &&
381 !config_node->r_key) { 378 !config_node->r_key) {
382 if (false == is_param_matching(execute_data, config_node, builtin_param, 379 if (false == is_param_matching(execute_data, config_node, builtin_param,
383 &arg_name, builtin_param_name, 380 &arg_name, builtin_param_name,
@@ -422,8 +419,7 @@ bool should_drop_on_ret_ht(zval* return_value, const char* function_name,
422 419
423 ht_entry = zend_hash_str_find_ptr(ht, function_name, strlen(function_name)); 420 ht_entry = zend_hash_str_find_ptr(ht, function_name, strlen(function_name));
424 421
425 if (ht_entry && 422 if (ht_entry && should_drop_on_ret(return_value, ht_entry, function_name)) {
426 should_drop_on_ret(return_value, ht_entry, function_name)) {
427 ret = true; 423 ret = true;
428 } else if (config && config->data) { 424 } else if (config && config->data) {
429 ret = should_drop_on_ret(return_value, config, function_name); 425 ret = should_drop_on_ret(return_value, config, function_name);
diff --git a/src/sp_disabled_functions.h b/src/sp_disabled_functions.h
index 4e9f7ad..258e2e6 100644
--- a/src/sp_disabled_functions.h
+++ b/src/sp_disabled_functions.h
@@ -4,14 +4,14 @@
4extern zend_write_func_t zend_write_default; 4extern zend_write_func_t zend_write_default;
5 5
6int hook_disabled_functions(); 6int hook_disabled_functions();
7int hook_echo(const char*, size_t); 7int hook_echo(const char *, size_t);
8bool should_disable(zend_execute_data *, const char *, const zend_string *, 8bool should_disable(zend_execute_data *, const char *, const zend_string *,
9 const char *, const sp_list_node *, const zend_string *); 9 const char *, const sp_list_node *, const zend_string *);
10bool should_disable_ht(zend_execute_data *, const char *, const zend_string *, 10bool should_disable_ht(zend_execute_data *, const char *, const zend_string *,
11 const char *, const sp_list_node *, const HashTable *); 11 const char *, const sp_list_node *, const HashTable *);
12bool should_drop_on_ret_ht(zval *, const char *, const sp_list_node* config, 12bool should_drop_on_ret_ht(zval *, const char *, const sp_list_node *config,
13 const HashTable *); 13 const HashTable *);
14bool should_drop_on_ret(zval *, const sp_list_node* config, const char *); 14bool should_drop_on_ret(zval *, const sp_list_node *config, const char *);
15char* get_complete_function_path(zend_execute_data const* const); 15char *get_complete_function_path(zend_execute_data const *const);
16 16
17#endif /* __SP_DISABLE_FUNCTIONS_H */ 17#endif /* __SP_DISABLE_FUNCTIONS_H */
diff --git a/src/sp_execute.c b/src/sp_execute.c
index 96d9d85..1c1672a 100644
--- a/src/sp_execute.c
+++ b/src/sp_execute.c
@@ -150,7 +150,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
150 } 150 }
151 151
152 if (SNUFFLEUPAGUS_G(config).hook_execute) { 152 if (SNUFFLEUPAGUS_G(config).hook_execute) {
153 char* function_name = get_complete_function_path(execute_data); 153 char *function_name = get_complete_function_path(execute_data);
154 154
155 if (!function_name) { 155 if (!function_name) {
156 orig_execute_ex(execute_data); 156 orig_execute_ex(execute_data);
diff --git a/src/sp_execute.h b/src/sp_execute.h
index d9eeee8..ce7f572 100644
--- a/src/sp_execute.h
+++ b/src/sp_execute.h
@@ -2,6 +2,6 @@
2#define SP_EXECUTE_H 2#define SP_EXECUTE_H
3 3
4int hook_execute(void); 4int hook_execute(void);
5zend_string *get_eval_filename(const char * const filename); 5zend_string *get_eval_filename(const char *const filename);
6 6
7#endif /* SP_EXECUTE_H */ 7#endif /* SP_EXECUTE_H */
diff --git a/src/sp_pcre_compat.h b/src/sp_pcre_compat.h
index 6658316..093a9c3 100644
--- a/src/sp_pcre_compat.h
+++ b/src/sp_pcre_compat.h
@@ -10,27 +10,28 @@
10/* We're not supporting pcre2 when it's not bundled with php7, 10/* We're not supporting pcre2 when it's not bundled with php7,
11 * yet. Pull-requests are welcome. */ 11 * yet. Pull-requests are welcome. */
12#if HAVE_BUNDLED_PCRE 12#if HAVE_BUNDLED_PCRE
13 #if PHP_VERSION_ID >= 70300 13#if PHP_VERSION_ID >= 70300
14 #define SP_HAS_PCRE2 14#define SP_HAS_PCRE2
15 #include "ext/pcre/pcre2lib/pcre2.h" 15#include "ext/pcre/pcre2lib/pcre2.h"
16 #else
17 #include "ext/pcre/pcrelib/pcre.h"
18 #endif
19#else 16#else
20 #include "pcre.h" 17#include "ext/pcre/pcrelib/pcre.h"
18#endif
19#else
20#include "pcre.h"
21#endif 21#endif
22 22
23#ifdef SP_HAS_PCRE2 23#ifdef SP_HAS_PCRE2
24 #define sp_pcre pcre2_code 24#define sp_pcre pcre2_code
25#else 25#else
26 #define sp_pcre pcre 26#define sp_pcre pcre
27#endif 27#endif
28 28
29sp_pcre* sp_pcre_compile(const char* str); 29sp_pcre* sp_pcre_compile(const char* str);
30#define sp_is_regexp_matching_zend(regexp, zstr) \ 30#define sp_is_regexp_matching_zend(regexp, zstr) \
31 sp_is_regexp_matching_len(regexp, ZSTR_VAL(zstr), ZSTR_LEN(zstr)) 31 sp_is_regexp_matching_len(regexp, ZSTR_VAL(zstr), ZSTR_LEN(zstr))
32#define sp_is_regexp_matching(regexp, str) \ 32#define sp_is_regexp_matching(regexp, str) \
33 sp_is_regexp_matching_len(regexp, str, strlen(str)) 33 sp_is_regexp_matching_len(regexp, str, strlen(str))
34bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len); 34bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str,
35 size_t len);
35 36
36#endif // SP_PCRE_COMPAT_H 37#endif // SP_PCRE_COMPAT_H
diff --git a/src/sp_session.h b/src/sp_session.h
index c2a0357..435e983 100644
--- a/src/sp_session.h
+++ b/src/sp_session.h
@@ -7,5 +7,4 @@
7#include "ext/hash/php_hash_sha.h" 7#include "ext/hash/php_hash_sha.h"
8#include "ext/standard/base64.h" 8#include "ext/standard/base64.h"
9 9
10
11void hook_session(); 10void hook_session();
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 0f27255..9ed1c55 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -25,7 +25,8 @@ PHP_FUNCTION(sp_serialize) {
25 25
26 size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); 26 size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
27 if (len < Z_STRLEN_P(return_value)) { 27 if (len < Z_STRLEN_P(return_value)) {
28 sp_log_err("overflow_error", "Overflow tentative detected in sp_serialize."); 28 sp_log_err("overflow_error",
29 "Overflow tentative detected in sp_serialize.");
29 sp_terminate(); 30 sp_terminate();
30 } 31 }
31 zend_string *res = zend_string_alloc(len, 0); 32 zend_string *res = zend_string_alloc(len, 0);
diff --git a/src/sp_utils.c b/src/sp_utils.c
index 14b7c09..cdcf205 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -145,7 +145,8 @@ static char* zend_string_to_char(const zend_string* zs) {
145 // Remove \0 from the middle of a string 145 // Remove \0 from the middle of a string
146 146
147 if (ZSTR_LEN(zs) + 1 < ZSTR_LEN(zs)) { 147 if (ZSTR_LEN(zs) + 1 < ZSTR_LEN(zs)) {
148 sp_log_err("overflow_error", "Overflow tentative detected in zend_string_to_char."); 148 sp_log_err("overflow_error",
149 "Overflow tentative detected in zend_string_to_char.");
149 sp_terminate(); 150 sp_terminate();
150 } 151 }
151 char* copy = emalloc(ZSTR_LEN(zs) + 1); 152 char* copy = emalloc(ZSTR_LEN(zs) + 1);
diff --git a/src/sp_utils.h b/src/sp_utils.h
index a21a4b0..7e1103c 100644
--- a/src/sp_utils.h
+++ b/src/sp_utils.h
@@ -44,20 +44,21 @@
44 44
45void sp_log_msg(char const *feature, char const *level, const char *fmt, ...); 45void sp_log_msg(char const *feature, char const *level, const char *fmt, ...);
46int compute_hash(const char *const filename, char *file_hash); 46int compute_hash(const char *const filename, char *file_hash);
47const zend_string* sp_zval_to_zend_string(zval *); 47const zend_string *sp_zval_to_zend_string(zval *);
48bool sp_match_value(const zend_string *, const zend_string *, const sp_pcre *); 48bool sp_match_value(const zend_string *, const zend_string *, const sp_pcre *);
49bool sp_match_array_key(const zval *, const zend_string *, const sp_pcre *); 49bool sp_match_array_key(const zval *, const zend_string *, const sp_pcre *);
50bool sp_match_array_value(const zval *, const zend_string *, const sp_pcre *); 50bool sp_match_array_value(const zval *, const zend_string *, const sp_pcre *);
51void sp_log_disable(const char *restrict, const char *restrict, 51void sp_log_disable(const char *restrict, const char *restrict,
52 const zend_string *restrict, const sp_disabled_function *, 52 const zend_string *restrict, const sp_disabled_function *,
53 unsigned int, const char*restrict); 53 unsigned int, const char *restrict);
54void sp_log_disable_ret(const char *restrict, const zend_string *restrict, 54void sp_log_disable_ret(const char *restrict, const zend_string *restrict,
55 const sp_disabled_function *); 55 const sp_disabled_function *);
56int hook_function(const char *, HashTable *, 56int hook_function(const char *, HashTable *,
57 void (*)(INTERNAL_FUNCTION_PARAMETERS)); 57 void (*)(INTERNAL_FUNCTION_PARAMETERS));
58int hook_regexp(const sp_pcre *, HashTable *, 58int hook_regexp(const sp_pcre *, HashTable *,
59 void (*)(INTERNAL_FUNCTION_PARAMETERS)); 59 void (*)(INTERNAL_FUNCTION_PARAMETERS));
60bool check_is_in_eval_whitelist(const zend_string * const function_name); 60bool check_is_in_eval_whitelist(const zend_string *const function_name);
61int sp_log_request(const zend_string* folder, const zend_string* text_repr, char* from); 61int sp_log_request(const zend_string *folder, const zend_string *text_repr,
62 char *from);
62 63
63#endif /* SP_UTILS_H */ 64#endif /* SP_UTILS_H */
diff --git a/src/sp_var_value.c b/src/sp_var_value.c
index 9f656b7..268c3d1 100644
--- a/src/sp_var_value.c
+++ b/src/sp_var_value.c
@@ -142,7 +142,8 @@ static zval *get_object_property(zend_execute_data *ed, zval *object,
142 if (!zvalue) { 142 if (!zvalue) {
143 len = strlen(class_name) + 3 + strlen(property); 143 len = strlen(class_name) + 3 + strlen(property);
144 char *private_property = emalloc(len); 144 char *private_property = emalloc(len);
145 snprintf(private_property, len, PRIVATE_PROP_FMT, 0, class_name, 0, property); 145 snprintf(private_property, len, PRIVATE_PROP_FMT, 0, class_name, 0,
146 property);
146 zvalue = get_entry_hashtable(array, private_property, len - 1); 147 zvalue = get_entry_hashtable(array, private_property, len - 1);
147 efree(private_property); 148 efree(private_property);
148 } 149 }