9 files changed, 281 insertions, 13 deletions

diff --git a/src/config.m4 b/src/config.m4
index e4cc1f5..1410565 100644
--- a/src/config.m4
+++ b/src/config.m4
@@ -7,6 +7,7 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c"
 sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c"
 sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c"
 sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c"
+sources="$sources sp_ini.c"
 
 PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support,
 [  --enable-snuffleupagus           Enable snuffleupagus support])
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 5b2b414..be4d306 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -85,6 +85,7 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS);
 #include "sp_session.h"
 #include "sp_sloppy.h"
 #include "sp_wrapper.h"
+#include "sp_ini.h"
 
 extern zend_module_entry snuffleupagus_module_entry;
 #define phpext_snuffleupagus_ptr &snuffleupagus_module_entry
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
index 8c7ecbf..2ee94a1 100644
--- a/src/snuffleupagus.c
+++ b/src/snuffleupagus.c
@@ -81,18 +81,6 @@ static PHP_GINIT_FUNCTION(snuffleupagus) {
   snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE;
   snuffleupagus_globals->in_eval = 0;
 
-#define SP_INIT_HT(F)                                                          \
-  snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \
-  zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1);
-  SP_INIT_HT(disabled_functions_hook);
-  SP_INIT_HT(sp_internal_functions_hook);
-  SP_INIT_HT(sp_eval_blacklist_functions_hook);
-  SP_INIT_HT(config.config_disabled_functions);
-  SP_INIT_HT(config.config_disabled_functions_hooked);
-  SP_INIT_HT(config.config_disabled_functions_ret);
-  SP_INIT_HT(config.config_disabled_functions_ret_hooked);
-#undef SP_INIT_HT
-
 #define SP_INIT(F)                  \
   snuffleupagus_globals->config.F = \
       pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1);
@@ -109,10 +97,24 @@ static PHP_GINIT_FUNCTION(snuffleupagus) {
   SP_INIT(config_eval);
   SP_INIT(config_wrapper);
   SP_INIT(config_session);
+  SP_INIT(config_ini);
   SP_INIT(config_disabled_functions_reg);
   SP_INIT(config_disabled_functions_reg_ret);
 #undef SP_INIT
 
+#define SP_INIT_HT(F)                                                          \
+  snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \
+  zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1);
+  SP_INIT_HT(disabled_functions_hook);
+  SP_INIT_HT(sp_internal_functions_hook);
+  SP_INIT_HT(sp_eval_blacklist_functions_hook);
+  SP_INIT_HT(config.config_disabled_functions);
+  SP_INIT_HT(config.config_disabled_functions_hooked);
+  SP_INIT_HT(config.config_disabled_functions_ret);
+  SP_INIT_HT(config.config_disabled_functions_ret_hooked);
+  SP_INIT_HT(config.config_ini->entries);
+#undef SP_INIT_HT
+
 #define SP_INIT_NULL(F) snuffleupagus_globals->config.F = NULL;
   SP_INIT_NULL(config_disabled_functions_reg->disabled_functions);
   SP_INIT_NULL(config_disabled_functions_reg_ret->disabled_functions);
@@ -131,6 +133,11 @@ PHP_MINIT_FUNCTION(snuffleupagus) {
 }
 
 PHP_MSHUTDOWN_FUNCTION(snuffleupagus) {
+  sp_log_debug("(MSHUTDOWN)");
+  unhook_functions(SNUFFLEUPAGUS_G(sp_internal_functions_hook));
+  unhook_functions(SNUFFLEUPAGUS_G(disabled_functions_hook));
+  unhook_functions(SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook));
+  if (SNUFFLEUPAGUS_G(config).config_ini->enable) { sp_unhook_ini(); }
   UNREGISTER_INI_ENTRIES();
 
   return SUCCESS;
@@ -142,6 +149,12 @@ static inline void free_disabled_functions_hashtable(HashTable *const ht) {
   ZEND_HASH_FOREACH_END();
 }
 
+static inline void free_config_ini_entries(HashTable *const ht) {
+  void *ptr = NULL;
+  ZEND_HASH_FOREACH_PTR(ht, ptr) { sp_free_ini_entry(ptr); pefree(ptr, 1); }
+  ZEND_HASH_FOREACH_END();
+}
+
 static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) {
   sp_log_debug("(GSHUTDOWN)");
 #define FREE_HT(F)                       \
@@ -158,6 +171,9 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) {
   FREE_HT_LIST(config_disabled_functions_ret);
   FREE_HT_LIST(config_disabled_functions_ret_hooked);
 #undef FREE_HT_LIST
+
+  free_config_ini_entries(snuffleupagus_globals->config.config_ini->entries);
+  FREE_HT(config.config_ini->entries);
 #undef FREE_HT
 
 #define FREE_LST_DISABLE(L)                       \
@@ -174,6 +190,7 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) {
   FREE_LST(config_wrapper->whitelist);
 #undef FREE_LST
 
+
 #define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1);
 #define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->config.C);
   FREE_CFG(config_random);
@@ -194,6 +211,7 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) {
   FREE_CFG(config_eval);
   FREE_CFG(config_wrapper);
   FREE_CFG(config_session);
+  FREE_CFG(config_ini);
   FREE_CFG(config_disabled_functions_reg);
   FREE_CFG(config_disabled_functions_reg_ret);
 #undef FREE_CFG
@@ -332,6 +350,10 @@ static PHP_INI_MH(OnUpdateConfiguration) {
   hook_execute();
   hook_cookies();
 
+  if (SNUFFLEUPAGUS_G(config).config_ini->enable) {
+    sp_hook_ini();
+  }
+
   if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) {
     if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {
       zend_extension_entry.startup = NULL;
diff --git a/src/sp_config.c b/src/sp_config.c
index db3f12d..667867b 100644
--- a/src/sp_config.c
+++ b/src/sp_config.c
@@ -23,6 +23,8 @@ static sp_config_tokens const sp_func[] = {
     {.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION},
     {.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON},
     {.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS},
+    {.func = parse_ini_protection, .token = ".ini_protection"},
+    {.func = parse_ini_entry, .token = ".ini"},
     {NULL, NULL}};
 
 /* Top level keyword parsing */
@@ -281,3 +283,14 @@ void sp_free_zstr(void *data) {
     zend_string_release_ex((zend_string*)data, 1);
   }
 }
+
+void sp_free_ini_entry(void *data) {
+  sp_ini_entry *entry = data;
+
+  sp_free_zstr(entry->key);
+  sp_free_zstr(entry->min);
+  sp_free_zstr(entry->max);
+  sp_pcre_free(entry->regexp);
+  sp_free_zstr(entry->msg);
+  sp_free_zstr(entry->set);
+}
\ No newline at end of file
diff --git a/src/sp_config.h b/src/sp_config.h
index f3b64a6..bd2530a 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -30,6 +30,8 @@ typedef enum {
 
 typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media;
 
+typedef enum { SP_UNSET = 0, SP_READONLY = 1, SP_READWRITE = -1 } sp_ini_permission;
+
 typedef struct {
   int ip_version;
   union {
@@ -163,6 +165,26 @@ typedef struct {
 } sp_config_upload_validation;
 
 typedef struct {
+  zend_string *key;
+  sp_ini_permission access;
+  zend_string *min;
+  zend_string *max;
+  sp_pcre *regexp;
+  bool simulation;
+  zend_string *msg;
+  zend_string *set;
+  PHP_INI_MH((*orig_onmodify));
+} sp_ini_entry;
+
+typedef struct {
+  bool enable;
+  bool simulation;
+  // sp_ini_permission access_policy;
+  bool policy_readonly;
+  HashTable *entries;  // ht of sp_ini_entry
+} sp_config_ini;
+
+typedef struct {
   sp_config_random *config_random;
   sp_config_sloppy *config_sloppy;
   sp_config_unserialize *config_unserialize;
@@ -176,6 +198,7 @@ typedef struct {
   sp_config_eval *config_eval;
   sp_config_wrapper *config_wrapper;
   sp_config_session *config_session;
+  sp_config_ini *config_ini;
   bool hook_execute;
   char log_media;
 
@@ -215,6 +238,7 @@ typedef struct {
 #define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist"
 #define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison"
 #define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist"
+#define SP_TOKEN_INI ".ini"
 
 // common tokens
 #define SP_TOKEN_ENABLE ".enable("
@@ -284,6 +308,6 @@ int parse_list(char *restrict, char *restrict, void *);
 void sp_free_disabled_function(void *data);
 void sp_free_cookie(void *data);
 void sp_free_zstr(void *data);
-
+void sp_free_ini_entry(void *data);
 
 #endif /* SP_CONFIG_H */
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index 8080eec..e6eb05e 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -562,3 +562,80 @@ int parse_upload_validation(char *line) {
 
   return ret;
 }
+
+int parse_ini_protection(char *line) {
+  bool disable = false, enable = false;
+  bool rw = false, ro = false; // rw is ignored, but declaring .policy_rw is valid for readability
+  sp_config_functions sp_config_ini_protection[] = {
+    {parse_empty, SP_TOKEN_ENABLE, &(enable)},
+    {parse_empty, SP_TOKEN_DISABLE, &(disable)},
+    {parse_empty, SP_TOKEN_SIMULATION, &(SNUFFLEUPAGUS_G(config).config_ini->simulation)},
+    {parse_empty, ".policy_readonly(", &ro},
+    {parse_empty, ".policy_ro(", &ro},
+    {parse_empty, ".policy_readwrite(", &rw},
+    {parse_empty, ".policy_rw(", &rw},
+    {0, 0, 0}};
+
+  int ret = parse_keywords(sp_config_ini_protection, line);
+  if (ret) { return ret; }
+
+  if (enable && disable) {
+    sp_log_err("config", "A rule can't be enabled and disabled on line %zu",
+               sp_line_no);
+    return -1;
+  }
+  if (enable || disable) {
+    SNUFFLEUPAGUS_G(config).config_ini->enable = (enable || !disable);
+  }
+
+  if (ro && rw) {
+    sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no);
+    return -1;
+  }
+  SNUFFLEUPAGUS_G(config).config_ini->policy_readonly = ro;
+
+  return ret;
+}
+
+int parse_ini_entry(char *line) {
+  sp_ini_entry *entry = pecalloc(sizeof(sp_ini_entry), 1, 1);
+  bool rw = false, ro = false;
+
+  sp_config_functions sp_config_ini_protection[] = {
+    {parse_empty, SP_TOKEN_SIMULATION, &entry->simulation},
+    {parse_str, ".key(", &entry->key},
+    {parse_str, ".msg(", &entry->msg},
+    {parse_str, ".set(", &entry->set},
+    {parse_str, ".min(", &entry->min},
+    {parse_str, ".max(", &entry->max},
+    {parse_regexp, ".regexp(", &entry->regexp},
+    {parse_empty, ".readonly(", &ro},
+    {parse_empty, ".ro(", &ro},
+    {parse_empty, ".readwrite()", &rw},
+    {parse_empty, ".rw()", &rw},
+    {0, 0, 0}};
+
+  int ret = parse_keywords(sp_config_ini_protection, line);
+  if (ret) { goto err; }
+
+  if (!entry->key) {
+    sp_log_err("config", "A .key() must be provided on line %zu", sp_line_no);
+    ret = -1; goto err;
+  }
+
+  if (ro && rw) {
+    sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no);
+    ret = -1; goto err;
+  }
+  entry->access = ro - rw;
+
+  zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_ini->entries, entry->key, entry);
+  return ret;
+
+err:
+  if (entry) {
+    sp_free_ini_entry(entry);
+    pefree(entry, 1);
+  }
+  return ret;
+}
\ No newline at end of file
diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h
index a279cc9..b90c06c 100644
--- a/src/sp_config_keywords.h
+++ b/src/sp_config_keywords.h
@@ -18,5 +18,7 @@ int parse_session(char *line);
 int parse_sloppy_comparison(char *line);
 int parse_wrapper_whitelist(char *line);
 int parse_log_media(char *line);
+int parse_ini_protection(char *line);
+int parse_ini_entry(char *line);
 
 #endif  // __SP_CONFIG_KEYWORDS_H
diff --git a/src/sp_ini.c b/src/sp_ini.c
new file mode 100644
index 0000000..05d7d99
--- /dev/null
+++ b/src/sp_ini.c
@@ -0,0 +1,126 @@
+#include "php_snuffleupagus.h"
+
+#define SP_INI_HAS_CHECKS_COND(entry) (entry->min || entry->max || entry->regexp)
+#define SP_INI_ACCESS_READONLY_COND(entry, cfg) (entry->access == SP_READONLY || (!entry->access && cfg->policy_readonly))
+
+static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_value, sp_ini_entry **sp_entry_p) {
+  if (!varname || ZSTR_LEN(varname) == 0) {
+    return false;
+  }
+
+  sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini;
+  sp_ini_entry *entry = zend_hash_find_ptr(cfg->entries, varname);
+  if (sp_entry_p) {
+    *sp_entry_p = entry;
+  }
+  bool simulation = (cfg->simulation || (entry && entry->simulation));
+
+  if (!entry) {
+    if (cfg->policy_readonly) {
+      sp_log_auto("ini_protection", simulation, "INI setting is read-only");
+      if (simulation) { return true; }
+      return false;
+    }
+    return true;
+  }
+
+  if (SP_INI_ACCESS_READONLY_COND(entry, cfg)) {
+    sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI setting is read-only"));
+    if (simulation) { return true; }
+    return false;
+  }
+
+  if (!new_value && SP_INI_HAS_CHECKS_COND(entry)) {
+    sp_log_auto("ini_protection", simulation, "new INI value must not be NULL");
+    if (simulation) { return true; }
+    return false;
+  }
+
+  if (entry->min || entry->max) {
+    zend_long lvalue = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value));
+    if ((entry->min && zend_atol(ZSTR_VAL(entry->min), ZSTR_LEN(entry->min)) > lvalue) ||
+        (entry->max && zend_atol(ZSTR_VAL(entry->max), ZSTR_LEN(entry->max)) < lvalue)) {
+      sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value out of range"));
+      if (simulation) { return true; }
+      return false;
+    }
+  }
+
+  if (entry->regexp) {
+    if (!sp_is_regexp_matching_len(entry->regexp, ZSTR_VAL(new_value), ZSTR_LEN(new_value))) {
+      sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value does not match regex"));
+      if (simulation) { return true; }
+      return false;
+    }
+  }
+
+  return true;
+}
+
+static PHP_INI_MH(sp_ini_onmodify) {
+  zend_ini_entry *ini_entry = entry;
+  sp_ini_entry *sp_entry = NULL;
+
+  sp_log_debug("%s =? %s", ZSTR_VAL(ini_entry->name), ZSTR_VAL(new_value));
+  if (!sp_ini_check(ini_entry->name, new_value, &sp_entry)) {
+    return FAILURE;
+  }
+
+  if (sp_entry && sp_entry->orig_onmodify) {
+    return sp_entry->orig_onmodify(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
+  }
+
+  return SUCCESS;
+}
+
+void sp_hook_ini() {
+  sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini;
+  sp_ini_entry *sp_entry;
+  zend_ini_entry *ini_entry;
+  ZEND_HASH_FOREACH_PTR(cfg->entries, sp_entry)
+    sp_log_debug("hook entry `%s`", ZSTR_VAL(sp_entry->key));
+    if ((ini_entry = zend_hash_find_ptr(EG(ini_directives), sp_entry->key)) == NULL) {
+      sp_log_warn("ini_protection", "Cannot hook INI var `%s`. Maybe a typo or the PHP extension providing this var is not loaded yet.", ZSTR_VAL(sp_entry->key));
+      continue;
+    }
+    if (SP_INI_ACCESS_READONLY_COND(sp_entry, cfg)) {
+      ini_entry->modifiable = ini_entry->orig_modifiable = 0;
+    }
+    PHP_INI_MH((*orig_onmodify)) = ini_entry->on_modify;
+
+    if (SP_INI_HAS_CHECKS_COND(sp_entry) || SP_INI_ACCESS_READONLY_COND(sp_entry, cfg)) {
+      // only hook on_modify if there is any check to perform
+      sp_entry->orig_onmodify = ini_entry->on_modify;
+      ini_entry->on_modify = sp_ini_onmodify;
+    }
+
+    if (sp_entry->set) {
+      zend_string *duplicate = zend_string_copy(sp_entry->set);
+
+      if (!orig_onmodify || orig_onmodify(ini_entry, duplicate, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, ZEND_INI_STAGE_STARTUP) == SUCCESS) {
+        ini_entry->value = duplicate;
+      } else {
+        zend_string_release(duplicate);
+        sp_log_warn("ini_protection", "Failed to set INI var `%s`.", ZSTR_VAL(sp_entry->key));
+        continue;
+      }
+    }
+  ZEND_HASH_FOREACH_END();
+}
+
+void sp_unhook_ini() {
+  sp_ini_entry *sp_entry;
+  zend_ini_entry *ini_entry;
+  ZEND_HASH_FOREACH_PTR(SNUFFLEUPAGUS_G(config).config_ini->entries, sp_entry)
+    if (!sp_entry->orig_onmodify) {
+      // not hooked or no original onmodify
+      continue;
+    }
+    if ((ini_entry = zend_hash_find_ptr(EG(ini_directives), sp_entry->key)) == NULL) {
+      // unusual. ini entry is missing.
+      continue;
+    }
+    ini_entry->on_modify = sp_entry->orig_onmodify;
+    sp_entry->orig_onmodify = NULL;
+  ZEND_HASH_FOREACH_END();
+}
diff --git a/src/sp_ini.h b/src/sp_ini.h
new file mode 100644
index 0000000..5869539
--- /dev/null
+++ b/src/sp_ini.h
@@ -0,0 +1,2 @@
+void sp_hook_ini();
+void sp_unhook_ini();
\ No newline at end of file