summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/sp_utils.c38
-rw-r--r--src/tests/config/config_dump_segfault1.ini2
-rw-r--r--src/tests/config/dump_request.ini2
-rw-r--r--src/tests/disabled_functions_ret_val_dump.phpt2
-rw-r--r--src/tests/dump_request.phpt8
-rw-r--r--src/tests/dump_request_too_big.phpt4
6 files changed, 31 insertions, 25 deletions
diff --git a/src/sp_utils.c b/src/sp_utils.c
index 74fbff7..62cb1a1 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -81,12 +81,12 @@ int compute_hash(const char* const filename, char* file_hash) {
81} 81}
82 82
83static int construct_filename(char* filename, const char* folder, 83static int construct_filename(char* filename, const char* folder,
84 const char* textual) { 84 const char* textual) {
85 time_t t = time(NULL); 85 PHP_SHA256_CTX context;
86 struct tm* tm = localtime(&t); // FIXME use `localtime_r` instead 86 unsigned char digest[SHA256_SIZE] = {0};
87 struct timeval tval; 87 char strhash[65] = {0};
88 88
89 if (0 > mkdir(folder, 0700) && errno != EEXIST) { 89 if (-1 == mkdir(folder, 0700) && errno != EEXIST) {
90 sp_log_err("request_logging", "Unable to create the folder '%s'.", 90 sp_log_err("request_logging", "Unable to create the folder '%s'.",
91 folder); 91 folder);
92 return -1; 92 return -1;
@@ -95,9 +95,6 @@ static int construct_filename(char* filename, const char* folder,
95 /* We're using the sha256 sum of the rule's textual representation 95 /* We're using the sha256 sum of the rule's textual representation
96 * as filename, in order to only have one dump per rule, to migitate 96 * as filename, in order to only have one dump per rule, to migitate
97 * DoS attacks. */ 97 * DoS attacks. */
98 PHP_SHA256_CTX context;
99 unsigned char digest[SHA256_SIZE] = {0};
100 char strhash[65] = {0};
101 PHP_SHA256Init(&context); 98 PHP_SHA256Init(&context);
102 PHP_SHA256Update(&context, (const unsigned char *) textual, strlen(textual)); 99 PHP_SHA256Update(&context, (const unsigned char *) textual, strlen(textual));
103 PHP_SHA256Final(digest, &context); 100 PHP_SHA256Final(digest, &context);
@@ -116,18 +113,15 @@ int sp_log_request(const char* folder, const char* text_repr) {
116 const char* str; 113 const char* str;
117 const int key; 114 const int key;
118 } zones[] = {{"GET", TRACK_VARS_GET}, {"POST", TRACK_VARS_POST}, 115 } zones[] = {{"GET", TRACK_VARS_GET}, {"POST", TRACK_VARS_POST},
119 {"COOKIE", TRACK_VARS_COOKIE}, /*{"SERVER", TRACK_VARS_SERVER}, */ 116 {"COOKIE", TRACK_VARS_COOKIE}, {"SERVER", TRACK_VARS_SERVER},
120 {"ENV", TRACK_VARS_ENV}, /*{"REQUEST", TRACK_VARS_REQUEST},*/ 117 {"ENV", TRACK_VARS_ENV}, {NULL, 0}};
121 {NULL, 0}};
122 // Apparently, PHP has trouble always giving SERVER,
123 // and REQUEST is never used in its source code.
124 118
125 if (0 != construct_filename(filename, folder, text_repr)) { 119 if (0 != construct_filename(filename, folder, text_repr)) {
126 return -1; 120 return -1;
127 } 121 }
128 if (NULL == (file = fopen(filename, "w+"))) { 122 if (NULL == (file = fopen(filename, "w+"))) {
129 sp_log_err("request_logging", "Unable to open %s: %s", filename, 123 sp_log_err("request_logging", "Unable to open %s: %s", filename,
130 strerror(errno)); 124 strerror(errno));
131 return -1; 125 return -1;
132 } 126 }
133 127
@@ -145,7 +139,17 @@ int sp_log_request(const char* folder, const char* text_repr) {
145 HashTable* ht = Z_ARRVAL(PG(http_globals)[zones[i].key]); 139 HashTable* ht = Z_ARRVAL(PG(http_globals)[zones[i].key]);
146 fprintf(file, "%s:", zones[i].str); 140 fprintf(file, "%s:", zones[i].str);
147 ZEND_HASH_FOREACH_STR_KEY_VAL(ht, variable_key, variable_value) { 141 ZEND_HASH_FOREACH_STR_KEY_VAL(ht, variable_key, variable_value) {
148 fprintf(file, "%s=%s&", ZSTR_VAL(variable_key), Z_STRVAL_P(variable_value)); 142 const char* key = ZSTR_VAL(variable_key);
143
144 if (Z_TYPE_INFO_P(variable_value) == IS_LONG) {
145 fprintf(file, "%s=%ld\n", key, Z_DVAL_P(variable_value));
146 } else if (Z_TYPE_INFO_P(variable_value) == IS_DOUBLE) {
147 fprintf(file, "%s=%lf\n", key, Z_DVAL_P(variable_value));
148 } else if (Z_TYPE_INFO_P(variable_value) == IS_ARRAY) {
149 fprintf(file, "%s=array", key);
150 } else {
151 fprintf(file, "%s=%s\n", key, Z_STRVAL_P(variable_value));
152 }
149 } 153 }
150 ZEND_HASH_FOREACH_END(); 154 ZEND_HASH_FOREACH_END();
151 fputs("\n", file); 155 fputs("\n", file);
@@ -245,7 +249,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
245 } else { 249 } else {
246 sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, 250 sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP,
247 "The call to the function '%s' in %s:%d has been disabled.", 251 "The call to the function '%s' in %s:%d has been disabled.",
248 path, zend_get_executed_filename(TSRMLS_C), 252 path, zend_get_executed_filename(TSRMLS_C),
249 zend_get_executed_lineno(TSRMLS_C)); 253 zend_get_executed_lineno(TSRMLS_C));
250 } 254 }
251 } 255 }
@@ -362,7 +366,7 @@ int hook_function(const char* original_name, HashTable* hook_table,
362 VAR_AND_LEN(original_name), 366 VAR_AND_LEN(original_name),
363 func->handler) == NULL) { 367 func->handler) == NULL) {
364 sp_log_err("function_pointer_saving", 368 sp_log_err("function_pointer_saving",
365 "Could not save function pointer for %s", original_name); 369 "Could not save function pointer for %s", original_name);
366 return FAILURE; 370 return FAILURE;
367 } else { 371 } else {
368 func->handler = new_function; 372 func->handler = new_function;
diff --git a/src/tests/config/config_dump_segfault1.ini b/src/tests/config/config_dump_segfault1.ini
index 5db57a4..1ea139a 100644
--- a/src/tests/config/config_dump_segfault1.ini
+++ b/src/tests/config/config_dump_segfault1.ini
@@ -1 +1 @@
sp.disable_function.function("strpos").ret("0").drop().alias("test").dump("/tmp/dump_results/"); sp.disable_function.function("strpos").ret("0").drop().alias("test").dump("/tmp/dump_result/");
diff --git a/src/tests/config/dump_request.ini b/src/tests/config/dump_request.ini
index e0aa4aa..7e13007 100644
--- a/src/tests/config/dump_request.ini
+++ b/src/tests/config/dump_request.ini
@@ -1 +1 @@
sp.disable_function.function("system").drop().dump("/tmp/dump_results/"); sp.disable_function.function("system").drop().dump("/tmp/dump_result/");
diff --git a/src/tests/disabled_functions_ret_val_dump.phpt b/src/tests/disabled_functions_ret_val_dump.phpt
index 63c5667..c08334b 100644
--- a/src/tests/disabled_functions_ret_val_dump.phpt
+++ b/src/tests/disabled_functions_ret_val_dump.phpt
@@ -4,6 +4,8 @@ Disable functions ret val - dump
4<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> 4<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
5--INI-- 5--INI--
6sp.configuration_file={PWD}/config/disabled_functions_retval_dump.ini 6sp.configuration_file={PWD}/config/disabled_functions_retval_dump.ini
7--ENV--
8DOCUMENT_ROOT=a
7--POST-- 9--POST--
8post_a=data_post_a&post_b=data_post_b 10post_a=data_post_a&post_b=data_post_b
9--GET-- 11--GET--
diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt
index c8b31ce..9798b7f 100644
--- a/src/tests/dump_request.phpt
+++ b/src/tests/dump_request.phpt
@@ -6,10 +6,10 @@ if (!extension_loaded("snuffleupagus")) {
6 print "skip"; 6 print "skip";
7} 7}
8 8
9foreach (glob("/tmp/dump_results/*.dump") as $dump) { 9foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
10 @unlink($dump); 10 @unlink($dump);
11} 11}
12@rmdir("/tmp/dump_results/"); 12@rmdir("/tmp/dump_result/");
13?> 13?>
14--POST-- 14--POST--
15post_a=data_post_a&post_b=data_post_b 15post_a=data_post_a&post_b=data_post_b
@@ -21,10 +21,10 @@ cookie_a=data_cookie_a&cookie_b=data_cookie_b
21sp.configuration_file={PWD}/config/dump_request.ini 21sp.configuration_file={PWD}/config/dump_request.ini
22--FILE-- 22--FILE--
23<?php 23<?php
24@mkdir("/tmp/dump_results/"); 24@mkdir("/tmp/dump_result/");
25echo "1\n"; 25echo "1\n";
26echo system("echo 1337;"); 26echo system("echo 1337;");
27$filename = glob('/tmp/dump_results/*.dump')[0]; 27$filename = glob('/tmp/dump_result/sp_dump.*')[0];
28$res = file($filename); 28$res = file($filename);
29if ($res[1] != "GET:get_a=data_get_a&get_b=data_get_b\n") { 29if ($res[1] != "GET:get_a=data_get_a&get_b=data_get_b\n") {
30 echo "1\n"; 30 echo "1\n";
diff --git a/src/tests/dump_request_too_big.phpt b/src/tests/dump_request_too_big.phpt
index c99203c..6029c61 100644
--- a/src/tests/dump_request_too_big.phpt
+++ b/src/tests/dump_request_too_big.phpt
@@ -6,10 +6,10 @@ if (!extension_loaded("snuffleupagus")) {
6 print "skip"; 6 print "skip";
7} 7}
8 8
9foreach (glob("/tmp/dump_results/*.dump") as $dump) { 9foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
10 @unlink($dump); 10 @unlink($dump);
11} 11}
12@rmdir("/tmp/tests/dump_results/"); 12@rmdir("/tmp/tests/dump_result/");
13?> 13?>
14--POST-- 14--POST--
15post_a=data_post_a&post_b=data_post_b&post_c=c 15post_a=data_post_a&post_b=data_post_b&post_c=c