summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/php_snuffleupagus.h41
-rw-r--r--src/snuffleupagus.c201
-rw-r--r--src/sp_config.c30
-rw-r--r--src/sp_config.h34
-rw-r--r--src/sp_config_keywords.c38
-rw-r--r--src/sp_cookie_encryption.c6
-rw-r--r--src/sp_crypt.c9
-rw-r--r--src/sp_disabled_functions.c46
-rw-r--r--src/sp_execute.c64
-rw-r--r--src/sp_harden_rand.c6
-rw-r--r--src/sp_ifilter.c4
-rw-r--r--src/sp_ini.c6
-rw-r--r--src/sp_session.c6
-rw-r--r--src/sp_sloppy.c2
-rw-r--r--src/sp_unserialize.c23
-rw-r--r--src/sp_upload_validation.c12
-rw-r--r--src/sp_utils.c18
-rw-r--r--src/sp_utils.h4
-rw-r--r--src/sp_wrapper.c9
19 files changed, 228 insertions, 331 deletions
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index bcb613c..308031b 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -106,11 +106,44 @@ extern zend_module_entry snuffleupagus_module_entry;
106#endif 106#endif
107 107
108ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus) 108ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus)
109size_t in_eval; 109// sp_config config;
110sp_config config; 110// --- snuffleupagus config
111sp_config_random config_random;
112sp_config_sloppy config_sloppy;
113sp_config_unserialize config_unserialize;
114sp_config_readonly_exec config_readonly_exec;
115sp_config_upload_validation config_upload_validation;
116sp_config_cookie config_cookie;
117sp_config_auto_cookie_secure config_auto_cookie_secure;
118sp_config_global_strict config_global_strict;
119sp_config_disable_xxe config_disable_xxe;
120sp_config_eval config_eval;
121sp_config_wrapper config_wrapper;
122sp_config_session config_session;
123sp_config_ini config_ini;
124char config_log_media;
125u_long config_max_execution_depth;
126bool config_server_encode;
127bool config_server_strip;
128zend_string *config_encryption_key;
129zend_string *config_cookies_env_var;
130
131HashTable *config_disabled_functions;
132HashTable *config_disabled_functions_hooked;
133HashTable *config_disabled_functions_ret;
134HashTable *config_disabled_functions_ret_hooked;
135sp_config_disabled_functions config_disabled_functions_reg;
136sp_config_disabled_functions config_disabled_functions_reg_ret;
137
138bool hook_execute;
139
140// --- ini options
141bool allow_broken_configuration;
142
143// --- runtime/state variables
111int is_config_valid; // 1 = valid, 0 = invalid, -1 = none 144int is_config_valid; // 1 = valid, 0 = invalid, -1 = none
145size_t in_eval;
112u_long execution_depth; 146u_long execution_depth;
113bool allow_broken_configuration;
114HashTable *disabled_functions_hook; 147HashTable *disabled_functions_hook;
115HashTable *sp_internal_functions_hook; 148HashTable *sp_internal_functions_hook;
116HashTable *sp_eval_blacklist_functions_hook; 149HashTable *sp_eval_blacklist_functions_hook;
@@ -118,6 +151,8 @@ ZEND_END_MODULE_GLOBALS(snuffleupagus)
118 151
119ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus) 152ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus)
120#define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v) 153#define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v)
154#define SPG(v) SNUFFLEUPAGUS_G(v)
155#define SPCFG(v) SPG(config_##v)
121 156
122#if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS) 157#if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS)
123ZEND_TSRMLS_CACHE_EXTERN() 158ZEND_TSRMLS_CACHE_EXTERN()
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
index 84ab171..6fd6f25 100644
--- a/src/snuffleupagus.c
+++ b/src/snuffleupagus.c
@@ -30,7 +30,7 @@ static inline void sp_op_array_handler(zend_op_array *const op) {
30 if (NULL == op->filename || op->fn_flags & ZEND_ACC_STRICT_TYPES) { 30 if (NULL == op->filename || op->fn_flags & ZEND_ACC_STRICT_TYPES) {
31 return; 31 return;
32 } else { 32 } else {
33 if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { 33 if (SPCFG(global_strict).enable) {
34 op->fn_flags |= ZEND_ACC_STRICT_TYPES; 34 op->fn_flags |= ZEND_ACC_STRICT_TYPES;
35 } 35 }
36 } 36 }
@@ -41,16 +41,15 @@ ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
41static PHP_INI_MH(StrictMode) { 41static PHP_INI_MH(StrictMode) {
42 TSRMLS_FETCH(); 42 TSRMLS_FETCH();
43 43
44 SNUFFLEUPAGUS_G(allow_broken_configuration) = false; 44 SPG(allow_broken_configuration) = false;
45 if (new_value && zend_string_equals_literal(new_value, "1")) { 45 if (new_value && zend_string_equals_literal(new_value, "1")) {
46 SNUFFLEUPAGUS_G(allow_broken_configuration) = true; 46 SPG(allow_broken_configuration) = true;
47 } 47 }
48 return SUCCESS; 48 return SUCCESS;
49} 49}
50 50
51PHP_INI_BEGIN() 51PHP_INI_BEGIN()
52PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, 52PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, OnUpdateConfiguration)
53 OnUpdateConfiguration)
54PHP_INI_ENTRY("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, StrictMode) 53PHP_INI_ENTRY("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, StrictMode)
55PHP_INI_END() 54PHP_INI_END()
56 55
@@ -106,47 +105,28 @@ static PHP_GINIT_FUNCTION(snuffleupagus) {
106 snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; 105 snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE;
107 snuffleupagus_globals->in_eval = 0; 106 snuffleupagus_globals->in_eval = 0;
108 107
109#define SP_INIT(F) \
110 snuffleupagus_globals->config.F = \
111 pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1);
112 SP_INIT(config_random);
113 SP_INIT(config_sloppy);
114 SP_INIT(config_unserialize);
115 SP_INIT(config_readonly_exec);
116 SP_INIT(config_upload_validation);
117 SP_INIT(config_cookie);
118 SP_INIT(config_snuffleupagus);
119 SP_INIT(config_auto_cookie_secure);
120 SP_INIT(config_global_strict);
121 SP_INIT(config_disable_xxe);
122 SP_INIT(config_eval);
123 SP_INIT(config_wrapper);
124 SP_INIT(config_session);
125 SP_INIT(config_ini);
126 SP_INIT(config_disabled_functions_reg);
127 SP_INIT(config_disabled_functions_reg_ret);
128#undef SP_INIT
129
130#define SP_INIT_HT(F) \ 108#define SP_INIT_HT(F) \
131 snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \ 109 snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \
132 zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); 110 zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1);
133 SP_INIT_HT(disabled_functions_hook); 111 SP_INIT_HT(disabled_functions_hook);
134 SP_INIT_HT(sp_internal_functions_hook); 112 SP_INIT_HT(sp_internal_functions_hook);
135 SP_INIT_HT(sp_eval_blacklist_functions_hook); 113 SP_INIT_HT(sp_eval_blacklist_functions_hook);
136 SP_INIT_HT(config.config_disabled_functions); 114 SP_INIT_HT(config_disabled_functions);
137 SP_INIT_HT(config.config_disabled_functions_hooked); 115 SP_INIT_HT(config_disabled_functions_hooked);
138 SP_INIT_HT(config.config_disabled_functions_ret); 116 SP_INIT_HT(config_disabled_functions_ret);
139 SP_INIT_HT(config.config_disabled_functions_ret_hooked); 117 SP_INIT_HT(config_disabled_functions_ret_hooked);
140 SP_INIT_HT(config.config_ini->entries); 118 SP_INIT_HT(config_ini.entries);
141#undef SP_INIT_HT 119#undef SP_INIT_HT
142 120
143#define SP_INIT_NULL(F) snuffleupagus_globals->config.F = NULL; 121#define SP_INIT_NULL(F) snuffleupagus_globals->F = NULL;
144 SP_INIT_NULL(config_disabled_functions_reg->disabled_functions); 122 SP_INIT_NULL(config_encryption_key);
145 SP_INIT_NULL(config_disabled_functions_reg_ret->disabled_functions); 123 SP_INIT_NULL(config_cookies_env_var);
146 SP_INIT_NULL(config_cookie->cookies); 124 SP_INIT_NULL(config_disabled_functions_reg.disabled_functions);
147 SP_INIT_NULL(config_eval->blacklist); 125 SP_INIT_NULL(config_disabled_functions_reg_ret.disabled_functions);
148 SP_INIT_NULL(config_eval->whitelist); 126 SP_INIT_NULL(config_cookie.cookies);
149 SP_INIT_NULL(config_wrapper->whitelist); 127 SP_INIT_NULL(config_eval.blacklist);
128 SP_INIT_NULL(config_eval.whitelist);
129 SP_INIT_NULL(config_wrapper.whitelist);
150#undef SP_INIT_NULL 130#undef SP_INIT_NULL
151} 131}
152 132
@@ -159,10 +139,10 @@ PHP_MINIT_FUNCTION(snuffleupagus) {
159 139
160PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { 140PHP_MSHUTDOWN_FUNCTION(snuffleupagus) {
161 sp_log_debug("(MSHUTDOWN)"); 141 sp_log_debug("(MSHUTDOWN)");
162 unhook_functions(SNUFFLEUPAGUS_G(sp_internal_functions_hook)); 142 unhook_functions(SPG(sp_internal_functions_hook));
163 unhook_functions(SNUFFLEUPAGUS_G(disabled_functions_hook)); 143 unhook_functions(SPG(disabled_functions_hook));
164 unhook_functions(SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook)); 144 unhook_functions(SPG(sp_eval_blacklist_functions_hook));
165 if (SNUFFLEUPAGUS_G(config).config_ini->enable) { sp_unhook_ini(); } 145 if (SPCFG(ini).enable) { sp_unhook_ini(); }
166 UNREGISTER_INI_ENTRIES(); 146 UNREGISTER_INI_ENTRIES();
167 147
168 return SUCCESS; 148 return SUCCESS;
@@ -189,57 +169,37 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) {
189 FREE_HT(sp_eval_blacklist_functions_hook); 169 FREE_HT(sp_eval_blacklist_functions_hook);
190 170
191#define FREE_HT_LIST(F) \ 171#define FREE_HT_LIST(F) \
192 free_disabled_functions_hashtable(snuffleupagus_globals->config.F); \ 172 free_disabled_functions_hashtable(snuffleupagus_globals->F); \
193 FREE_HT(config.F); 173 FREE_HT(F);
194 FREE_HT_LIST(config_disabled_functions); 174 FREE_HT_LIST(config_disabled_functions);
195 FREE_HT_LIST(config_disabled_functions_hooked); 175 FREE_HT_LIST(config_disabled_functions_hooked);
196 FREE_HT_LIST(config_disabled_functions_ret); 176 FREE_HT_LIST(config_disabled_functions_ret);
197 FREE_HT_LIST(config_disabled_functions_ret_hooked); 177 FREE_HT_LIST(config_disabled_functions_ret_hooked);
198#undef FREE_HT_LIST 178#undef FREE_HT_LIST
199 179
200 free_config_ini_entries(snuffleupagus_globals->config.config_ini->entries); 180 free_config_ini_entries(snuffleupagus_globals->config_ini.entries);
201 FREE_HT(config.config_ini->entries); 181 FREE_HT(config_ini.entries);
202#undef FREE_HT 182#undef FREE_HT
203 183
204#define FREE_LST_DISABLE(L) \ 184 sp_list_free(snuffleupagus_globals->config_disabled_functions_reg.disabled_functions, sp_free_disabled_function);
205 sp_list_free(snuffleupagus_globals->config.L, sp_free_disabled_function); 185 sp_list_free(snuffleupagus_globals->config_disabled_functions_reg_ret.disabled_functions, sp_free_disabled_function);
206 FREE_LST_DISABLE(config_disabled_functions_reg->disabled_functions); 186 sp_list_free(snuffleupagus_globals->config_cookie.cookies, sp_free_cookie);
207 FREE_LST_DISABLE(config_disabled_functions_reg_ret->disabled_functions);
208#undef FREE_LST_DISABLE
209
210 sp_list_free(snuffleupagus_globals->config.config_cookie->cookies, sp_free_cookie);
211 187
212#define FREE_LST(L) sp_list_free(snuffleupagus_globals->config.L, sp_free_zstr); 188#define FREE_LST(L) sp_list_free(snuffleupagus_globals->L, sp_free_zstr);
213 FREE_LST(config_eval->blacklist); 189 FREE_LST(config_eval.blacklist);
214 FREE_LST(config_eval->whitelist); 190 FREE_LST(config_eval.whitelist);
215 FREE_LST(config_wrapper->whitelist); 191 FREE_LST(config_wrapper.whitelist);
216#undef FREE_LST 192#undef FREE_LST
217 193
218 194
219#define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1); 195// #define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1);
220#define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->config.C); 196#define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->C);
221 FREE_CFG(config_random); 197 FREE_CFG_ZSTR(config_unserialize.dump);
222 FREE_CFG(config_sloppy); 198 FREE_CFG_ZSTR(config_unserialize.textual_representation);
223 FREE_CFG_ZSTR(config_unserialize->dump); 199 FREE_CFG_ZSTR(config_upload_validation.script);
224 FREE_CFG_ZSTR(config_unserialize->textual_representation); 200 FREE_CFG_ZSTR(config_eval.dump);
225 FREE_CFG(config_unserialize); 201 FREE_CFG_ZSTR(config_eval.textual_representation);
226 FREE_CFG(config_readonly_exec); 202// #undef FREE_CFG
227 FREE_CFG_ZSTR(config_upload_validation->script);
228 FREE_CFG(config_upload_validation);
229 FREE_CFG(config_cookie);
230 FREE_CFG(config_snuffleupagus);
231 FREE_CFG(config_auto_cookie_secure);
232 FREE_CFG(config_global_strict);
233 FREE_CFG(config_disable_xxe);
234 FREE_CFG_ZSTR(config_eval->dump);
235 FREE_CFG_ZSTR(config_eval->textual_representation);
236 FREE_CFG(config_eval);
237 FREE_CFG(config_wrapper);
238 FREE_CFG(config_session);
239 FREE_CFG(config_ini);
240 FREE_CFG(config_disabled_functions_reg);
241 FREE_CFG(config_disabled_functions_reg_ret);
242#undef FREE_CFG
243#undef FREE_CFG_ZSTR 203#undef FREE_CFG_ZSTR
244 204
245#ifdef SP_DEBUG_STDERR 205#ifdef SP_DEBUG_STDERR
@@ -251,35 +211,32 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) {
251} 211}
252 212
253PHP_RINIT_FUNCTION(snuffleupagus) { 213PHP_RINIT_FUNCTION(snuffleupagus) {
254 SNUFFLEUPAGUS_G(execution_depth) = 0; 214 SPG(execution_depth) = 0;
215 SPG(in_eval) = 0;
255 216
256 const sp_config_wrapper *const config_wrapper = 217 const sp_config_wrapper *const config_wrapper = &(SPCFG(wrapper));
257 SNUFFLEUPAGUS_G(config).config_wrapper;
258#if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) 218#if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS)
259 ZEND_TSRMLS_CACHE_UPDATE(); 219 ZEND_TSRMLS_CACHE_UPDATE();
260#endif 220#endif
261 221
262 if (!SNUFFLEUPAGUS_G(allow_broken_configuration)) { 222 if (!SPG(allow_broken_configuration)) {
263 if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_INVALID) { 223 if (SPG(is_config_valid) == SP_CONFIG_INVALID) {
264 sp_log_err("config", "Invalid configuration file"); 224 sp_log_err("config", "Invalid configuration file");
265 } else if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_NONE) { 225 } else if (SPG(is_config_valid) == SP_CONFIG_NONE) {
266 sp_log_warn("config", 226 sp_log_warn("config",
267 "No configuration specificed via sp.configuration_file"); 227 "No configuration specificed via sp.configuration_file");
268 } 228 }
269 } 229 }
270 230
271 // We need to disable wrappers loaded by extensions loaded after 231 // We need to disable wrappers loaded by extensions loaded after SNUFFLEUPAGUS.
272 // SNUFFLEUPAGUS.
273 if (config_wrapper->enabled && 232 if (config_wrapper->enabled &&
274 zend_hash_num_elements(php_stream_get_url_stream_wrappers_hash()) != 233 zend_hash_num_elements(php_stream_get_url_stream_wrappers_hash()) != config_wrapper->num_wrapper) {
275 config_wrapper->num_wrapper) {
276 sp_disable_wrapper(); 234 sp_disable_wrapper();
277 } 235 }
278 236
279 if (NULL != SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { 237 if (NULL != SPCFG(encryption_key)) {
280 if (NULL != SNUFFLEUPAGUS_G(config).config_cookie->cookies) { 238 if (NULL != SPCFG(cookie).cookies) {
281 zend_hash_apply_with_arguments( 239 zend_hash_apply_with_arguments(Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]), decrypt_cookie, 0);
282 Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]), decrypt_cookie, 0);
283 } 240 }
284 } 241 }
285 return SUCCESS; 242 return SUCCESS;
@@ -289,7 +246,7 @@ PHP_RSHUTDOWN_FUNCTION(snuffleupagus) { return SUCCESS; }
289 246
290PHP_MINFO_FUNCTION(snuffleupagus) { 247PHP_MINFO_FUNCTION(snuffleupagus) {
291 const char *valid_config; 248 const char *valid_config;
292 switch (SNUFFLEUPAGUS_G(is_config_valid)) { 249 switch (SPG(is_config_valid)) {
293 case SP_CONFIG_VALID: 250 case SP_CONFIG_VALID:
294 valid_config = "yes"; 251 valid_config = "yes";
295 break; 252 break;
@@ -303,7 +260,7 @@ PHP_MINFO_FUNCTION(snuffleupagus) {
303 php_info_print_table_start(); 260 php_info_print_table_start();
304 php_info_print_table_row( 261 php_info_print_table_row(
305 2, "snuffleupagus support", 262 2, "snuffleupagus support",
306 SNUFFLEUPAGUS_G(is_config_valid) ? "enabled" : "disabled"); 263 SPG(is_config_valid) ? "enabled" : "disabled");
307 php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION "-sng (with Suhosin-NG patches)"); 264 php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION "-sng (with Suhosin-NG patches)");
308 php_info_print_table_row(2, "Valid config", valid_config); 265 php_info_print_table_row(2, "Valid config", valid_config);
309 php_info_print_table_end(); 266 php_info_print_table_end();
@@ -328,14 +285,14 @@ static PHP_INI_MH(OnUpdateConfiguration) {
328 285
329 glob_t globbuf; 286 glob_t globbuf;
330 if (0 != glob(config_file, GLOB_NOCHECK, NULL, &globbuf)) { 287 if (0 != glob(config_file, GLOB_NOCHECK, NULL, &globbuf)) {
331 SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_INVALID; 288 SPG(is_config_valid) = SP_CONFIG_INVALID;
332 globfree(&globbuf); 289 globfree(&globbuf);
333 return FAILURE; 290 return FAILURE;
334 } 291 }
335 292
336 for (size_t i = 0; globbuf.gl_pathv[i]; i++) { 293 for (size_t i = 0; globbuf.gl_pathv[i]; i++) {
337 if (sp_parse_config(globbuf.gl_pathv[i]) != SUCCESS) { 294 if (sp_parse_config(globbuf.gl_pathv[i]) != SUCCESS) {
338 SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_INVALID; 295 SPG(is_config_valid) = SP_CONFIG_INVALID;
339 globfree(&globbuf); 296 globfree(&globbuf);
340 return FAILURE; 297 return FAILURE;
341 } 298 }
@@ -343,34 +300,34 @@ static PHP_INI_MH(OnUpdateConfiguration) {
343 globfree(&globbuf); 300 globfree(&globbuf);
344 } 301 }
345 302
346 SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_VALID; 303 SPG(is_config_valid) = SP_CONFIG_VALID;
347 304
348 if ((SNUFFLEUPAGUS_G(config).config_sloppy->enable)) { 305 if (SPCFG(sloppy).enable) {
349 hook_sloppy(); 306 hook_sloppy();
350 } 307 }
351 308
352 if (SNUFFLEUPAGUS_G(config).config_random->enable) { 309 if (SPCFG(random).enable) {
353 hook_rand(); 310 hook_rand();
354 } 311 }
355 312
356 if (SNUFFLEUPAGUS_G(config).config_upload_validation->enable) { 313 if (SPCFG(upload_validation).enable) {
357 hook_upload(); 314 hook_upload();
358 } 315 }
359 316
360 if (SNUFFLEUPAGUS_G(config).config_disable_xxe->enable == 0) { 317 if (SPCFG(disable_xxe).enable == 0) {
361 hook_libxml_disable_entity_loader(); 318 hook_libxml_disable_entity_loader();
362 } 319 }
363 320
364 if (SNUFFLEUPAGUS_G(config).config_wrapper->enabled) { 321 if (SPCFG(wrapper).enabled) {
365 hook_stream_wrappers(); 322 hook_stream_wrappers();
366 } 323 }
367 324
368 if (SNUFFLEUPAGUS_G(config).config_session->encrypt || SNUFFLEUPAGUS_G(config).config_session->sid_min_length || SNUFFLEUPAGUS_G(config).config_session->sid_max_length) { 325 if (SPCFG(session).encrypt || SPCFG(session).sid_min_length || SPCFG(session).sid_max_length) {
369 hook_session(); 326 hook_session();
370 } 327 }
371 328
372 if (NULL != SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { 329 if (NULL != SPCFG(encryption_key)) {
373 if (SNUFFLEUPAGUS_G(config).config_unserialize->enable) { 330 if (SPCFG(unserialize).enable) {
374 hook_serialize(); 331 hook_serialize();
375 } 332 }
376 } 333 }
@@ -379,13 +336,13 @@ static PHP_INI_MH(OnUpdateConfiguration) {
379 hook_execute(); 336 hook_execute();
380 hook_cookies(); 337 hook_cookies();
381 338
382 if (SNUFFLEUPAGUS_G(config).config_ini->enable) { 339 if (SPCFG(ini).enable) {
383 sp_hook_ini(); 340 sp_hook_ini();
384 } 341 }
385 342
386 sp_hook_register_server_variables(); 343 sp_hook_register_server_variables();
387 344
388 if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { 345 if (SPCFG(global_strict).enable) {
389 if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) { 346 if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {
390 zend_extension_entry.startup = NULL; 347 zend_extension_entry.startup = NULL;
391 zend_register_extension(&zend_extension_entry, NULL); 348 zend_register_extension(&zend_extension_entry, NULL);
@@ -395,26 +352,18 @@ static PHP_INI_MH(OnUpdateConfiguration) {
395 } 352 }
396 353
397 // If `zend_write_default` is not NULL it is already hooked. 354 // If `zend_write_default` is not NULL it is already hooked.
398 if ((zend_hash_str_find( 355 if ((zend_hash_str_find(SPCFG(disabled_functions_hooked), ZEND_STRL("echo")) ||
399 SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked, "echo", 356 zend_hash_str_find(SPCFG(disabled_functions_ret_hooked), ZEND_STRL("echo"))) &&
400 sizeof("echo") - 1) ||
401 zend_hash_str_find(
402 SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, "echo",
403 sizeof("echo") - 1)) &&
404 NULL == zend_write_default && zend_write != hook_echo) { 357 NULL == zend_write_default && zend_write != hook_echo) {
405 zend_write_default = zend_write; 358 zend_write_default = zend_write;
406 zend_write = hook_echo; 359 zend_write = hook_echo;
407 } 360 }
408 361
409 SNUFFLEUPAGUS_G(config).hook_execute = 362 SPG(hook_execute) = SPCFG(max_execution_depth) > 0 ||
410 SNUFFLEUPAGUS_G(config) 363 SPCFG(disabled_functions_reg).disabled_functions ||
411 .config_disabled_functions_reg->disabled_functions || 364 SPCFG(disabled_functions_reg_ret).disabled_functions ||
412 SNUFFLEUPAGUS_G(config) 365 (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions))) ||
413 .config_disabled_functions_reg_ret->disabled_functions || 366 (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions_ret)));
414 zend_hash_num_elements(
415 SNUFFLEUPAGUS_G(config).config_disabled_functions) ||
416 zend_hash_num_elements(
417 SNUFFLEUPAGUS_G(config).config_disabled_functions_ret);
418 367
419 return SUCCESS; 368 return SUCCESS;
420} 369}
diff --git a/src/sp_config.c b/src/sp_config.c
index 4d96bbe..ec6c5a8 100644
--- a/src/sp_config.c
+++ b/src/sp_config.c
@@ -7,24 +7,24 @@
7 7
8static zend_result sp_process_config_root(sp_parsed_keyword *parsed_rule) { 8static zend_result sp_process_config_root(sp_parsed_keyword *parsed_rule) {
9 sp_config_keyword sp_func[] = { 9 sp_config_keyword sp_func[] = {
10 {parse_unserialize, SP_TOKEN_UNSERIALIZE_HMAC, SNUFFLEUPAGUS_G(config).config_unserialize}, 10 {parse_unserialize, SP_TOKEN_UNSERIALIZE_HMAC, &(SPCFG(unserialize))},
11 {parse_enable, SP_TOKEN_HARDEN_RANDOM, &(SNUFFLEUPAGUS_G(config).config_random->enable)}, 11 {parse_enable, SP_TOKEN_HARDEN_RANDOM, &(SPCFG(random).enable)},
12 {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, 12 {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SPCFG(log_media))},
13 {parse_disabled_functions, SP_TOKEN_DISABLE_FUNC, NULL}, 13 {parse_disabled_functions, SP_TOKEN_DISABLE_FUNC, NULL},
14 {parse_readonly_exec, SP_TOKEN_READONLY_EXEC, SNUFFLEUPAGUS_G(config).config_readonly_exec}, 14 {parse_readonly_exec, SP_TOKEN_READONLY_EXEC, &(SPCFG(readonly_exec))},
15 {parse_enable, SP_TOKEN_GLOBAL_STRICT, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable)}, 15 {parse_enable, SP_TOKEN_GLOBAL_STRICT, &(SPCFG(global_strict).enable)},
16 {parse_upload_validation, SP_TOKEN_UPLOAD_VALIDATION, SNUFFLEUPAGUS_G(config).config_upload_validation}, 16 {parse_upload_validation, SP_TOKEN_UPLOAD_VALIDATION, &(SPCFG(upload_validation))},
17 {parse_cookie, SP_TOKEN_COOKIE_ENCRYPTION, NULL}, 17 {parse_cookie, SP_TOKEN_COOKIE_ENCRYPTION, NULL},
18 {parse_global, SP_TOKEN_GLOBAL, NULL}, 18 {parse_global, SP_TOKEN_GLOBAL, NULL},
19 {parse_enable, SP_TOKEN_AUTO_COOKIE_SECURE, &(SNUFFLEUPAGUS_G(config).config_auto_cookie_secure->enable)}, 19 {parse_enable, SP_TOKEN_AUTO_COOKIE_SECURE, &(SPCFG(auto_cookie_secure).enable)},
20 {parse_enable, SP_TOKEN_DISABLE_XXE, &(SNUFFLEUPAGUS_G(config).config_disable_xxe->enable)}, 20 {parse_enable, SP_TOKEN_DISABLE_XXE, &(SPCFG(disable_xxe).enable)},
21 {parse_eval_filter_conf, SP_TOKEN_EVAL_BLACKLIST, &(SNUFFLEUPAGUS_G(config).config_eval->blacklist)}, 21 {parse_eval_filter_conf, SP_TOKEN_EVAL_BLACKLIST, &(SPCFG(eval).blacklist)},
22 {parse_eval_filter_conf, SP_TOKEN_EVAL_WHITELIST, &(SNUFFLEUPAGUS_G(config).config_eval->whitelist)}, 22 {parse_eval_filter_conf, SP_TOKEN_EVAL_WHITELIST, &(SPCFG(eval).whitelist)},
23 {parse_session, SP_TOKEN_SESSION_ENCRYPTION, SNUFFLEUPAGUS_G(config).config_session}, 23 {parse_session, SP_TOKEN_SESSION_ENCRYPTION, &(SPCFG(session))},
24 {parse_enable, SP_TOKEN_SLOPPY_COMPARISON, &(SNUFFLEUPAGUS_G(config).config_sloppy->enable)}, 24 {parse_enable, SP_TOKEN_SLOPPY_COMPARISON, &(SPCFG(sloppy).enable)},
25 {parse_wrapper_whitelist, SP_TOKEN_ALLOW_WRAPPERS, SNUFFLEUPAGUS_G(config).config_wrapper}, 25 {parse_wrapper_whitelist, SP_TOKEN_ALLOW_WRAPPERS, &(SPCFG(wrapper))},
26 {parse_ini_protection, SP_TOKEN_INI_PROTECTION, SNUFFLEUPAGUS_G(config).config_ini}, 26 {parse_ini_protection, SP_TOKEN_INI_PROTECTION, &(SPCFG(ini))},
27 {parse_ini_entry, SP_TOKEN_INI, SNUFFLEUPAGUS_G(config).config_unserialize}, 27 {parse_ini_entry, SP_TOKEN_INI, NULL},
28 {NULL, NULL, NULL}}; 28 {NULL, NULL, NULL}};
29 return sp_process_rule(parsed_rule, sp_func); 29 return sp_process_rule(parsed_rule, sp_func);
30} 30}
diff --git a/src/sp_config.h b/src/sp_config.h
index df36976..262050b 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -33,11 +33,6 @@ typedef struct {
33} sp_cidr; 33} sp_cidr;
34 34
35typedef struct { 35typedef struct {
36 zend_string *encryption_key;
37 zend_string *cookies_env_var;
38} sp_config_global;
39
40typedef struct {
41 bool enable; 36 bool enable;
42 bool simulation; 37 bool simulation;
43 zend_string *dump; 38 zend_string *dump;
@@ -181,35 +176,6 @@ typedef struct {
181 HashTable *entries; // ht of sp_ini_entry 176 HashTable *entries; // ht of sp_ini_entry
182} sp_config_ini; 177} sp_config_ini;
183 178
184typedef struct {
185 sp_config_random *config_random;
186 sp_config_sloppy *config_sloppy;
187 sp_config_unserialize *config_unserialize;
188 sp_config_readonly_exec *config_readonly_exec;
189 sp_config_upload_validation *config_upload_validation;
190 sp_config_cookie *config_cookie;
191 sp_config_global *config_snuffleupagus;
192 sp_config_auto_cookie_secure *config_auto_cookie_secure;
193 sp_config_global_strict *config_global_strict;
194 sp_config_disable_xxe *config_disable_xxe;
195 sp_config_eval *config_eval;
196 sp_config_wrapper *config_wrapper;
197 sp_config_session *config_session;
198 sp_config_ini *config_ini;
199 bool hook_execute;
200 char log_media;
201 u_long max_execution_depth;
202 bool server_encode;
203 bool server_strip;
204
205 HashTable *config_disabled_functions;
206 HashTable *config_disabled_functions_hooked;
207 HashTable *config_disabled_functions_ret;
208 HashTable *config_disabled_functions_ret_hooked;
209 sp_config_disabled_functions *config_disabled_functions_reg;
210 sp_config_disabled_functions *config_disabled_functions_reg_ret;
211} sp_config;
212
213#define SP_PARSE_FN_(fname, kwvar) int fname(char *token, sp_parsed_keyword *kwvar, void *retval) 179#define SP_PARSE_FN_(fname, kwvar) int fname(char *token, sp_parsed_keyword *kwvar, void *retval)
214#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule) 180#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule)
215#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw) 181#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw)
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index bd8a9a1..f6af86b 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -49,12 +49,12 @@ SP_PARSE_FN(parse_session) {
49#endif 49#endif
50 50
51 if (cfg->encrypt) { 51 if (cfg->encrypt) {
52 if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { 52 if (!SPCFG(cookies_env_var)) {
53 sp_log_err("config", "You're trying to use the session cookie encryption feature " 53 sp_log_err("config", "You're trying to use the session cookie encryption feature "
54 "on line %zu without having set the `.cookie_env_var` option in " 54 "on line %zu without having set the `.cookie_env_var` option in "
55 "`sp.global`: please set it first", parsed_rule->lineno); 55 "`sp.global`: please set it first", parsed_rule->lineno);
56 return SP_PARSER_ERROR; 56 return SP_PARSER_ERROR;
57 } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { 57 } else if (!SPCFG(encryption_key)) {
58 sp_log_err("config", "You're trying to use the session cookie encryption feature " 58 sp_log_err("config", "You're trying to use the session cookie encryption feature "
59 "on line %zu without having set the `.secret_key` option in " 59 "on line %zu without having set the `.secret_key` option in "
60 "`sp.global`: please set it first", parsed_rule->lineno); 60 "`sp.global`: please set it first", parsed_rule->lineno);
@@ -127,12 +127,12 @@ SP_PARSE_FN(parse_readonly_exec) {
127 127
128SP_PARSE_FN(parse_global) { 128SP_PARSE_FN(parse_global) {
129 sp_config_keyword config_keywords[] = { 129 sp_config_keyword config_keywords[] = {
130 {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, 130 {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SPCFG(encryption_key))},
131 {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, 131 {parse_str, SP_TOKEN_ENV_VAR, &(SPCFG(cookies_env_var))},
132 {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, 132 {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SPCFG(log_media))},
133 {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SNUFFLEUPAGUS_G(config).max_execution_depth)}, 133 {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SPCFG(max_execution_depth))},
134 {parse_enable, SP_TOKEN_SERVER_ENCODE, &(SNUFFLEUPAGUS_G(config).server_encode)}, 134 {parse_enable, SP_TOKEN_SERVER_ENCODE, &(SPCFG(server_encode))},
135 {parse_enable, SP_TOKEN_SERVER_STRIP, &(SNUFFLEUPAGUS_G(config).server_strip)}, 135 {parse_enable, SP_TOKEN_SERVER_STRIP, &(SPCFG(server_strip))},
136 {0, 0, 0}}; 136 {0, 0, 0}};
137 137
138 SP_PROCESS_CONFIG_KEYWORDS_ERR(); 138 SP_PROCESS_CONFIG_KEYWORDS_ERR();
@@ -140,7 +140,7 @@ SP_PARSE_FN(parse_global) {
140} 140}
141 141
142SP_PARSE_FN(parse_eval_filter_conf) { 142SP_PARSE_FN(parse_eval_filter_conf) {
143 sp_config_eval *cfg = SNUFFLEUPAGUS_G(config).config_eval; 143 sp_config_eval *cfg = &(SPCFG(eval));
144 144
145 sp_config_keyword config_keywords[] = { 145 sp_config_keyword config_keywords[] = {
146 {parse_list, SP_TOKEN_LIST, retval}, 146 {parse_list, SP_TOKEN_LIST, retval},
@@ -186,11 +186,11 @@ SP_PARSE_FN(parse_cookie) {
186 SP_PROCESS_CONFIG_KEYWORDS(goto err); 186 SP_PROCESS_CONFIG_KEYWORDS(goto err);
187 187
188 if (cookie->encrypt) { 188 if (cookie->encrypt) {
189 if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { 189 if (!SPCFG(cookies_env_var)) {
190 sp_log_err("config", "You're trying to use the cookie encryption feature on line %zu " 190 sp_log_err("config", "You're trying to use the cookie encryption feature on line %zu "
191 "without having set the `." SP_TOKEN_ENV_VAR "` option in `sp.global`: please set it first", parsed_rule->lineno); 191 "without having set the `." SP_TOKEN_ENV_VAR "` option in `sp.global`: please set it first", parsed_rule->lineno);
192 goto err; 192 goto err;
193 } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { 193 } else if (!SPCFG(encryption_key)) {
194 sp_log_err("config", "You're trying to use the cookie encryption feature " 194 sp_log_err("config", "You're trying to use the cookie encryption feature "
195 "on line %zu without having set the `." SP_TOKEN_ENCRYPTION_KEY "` option in " 195 "on line %zu without having set the `." SP_TOKEN_ENCRYPTION_KEY "` option in "
196 "`sp." SP_TOKEN_GLOBAL "`: please set it first", parsed_rule->lineno); 196 "`sp." SP_TOKEN_GLOBAL "`: please set it first", parsed_rule->lineno);
@@ -220,7 +220,7 @@ SP_PARSE_FN(parse_cookie) {
220 } 220 }
221 } 221 }
222 222
223 SNUFFLEUPAGUS_G(config).config_cookie->cookies = sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, cookie); 223 SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie);
224 224
225 return SP_PARSER_STOP; 225 return SP_PARSER_STOP;
226 226
@@ -316,7 +316,7 @@ SP_PARSE_FN(parse_disabled_functions) {
316 goto out; 316 goto out;
317 } 317 }
318 if (df->filename && (*ZSTR_VAL(df->filename) != '/') && 318 if (df->filename && (*ZSTR_VAL(df->filename) != '/') &&
319 (0 != strncmp(ZSTR_VAL(df->filename), "phar://", strlen("phar://")))) { 319 (0 != strncmp(ZSTR_VAL(df->filename), ZEND_STRL("phar://")))) {
320 sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line %zu", parsed_rule->lineno); 320 sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line %zu", parsed_rule->lineno);
321 goto out; 321 goto out;
322 } 322 }
@@ -365,20 +365,20 @@ SP_PARSE_FN(parse_disabled_functions) {
365 365
366 if (df->function && zend_string_equals_literal(df->function, "print")) { 366 if (df->function && zend_string_equals_literal(df->function, "print")) {
367 zend_string_release(df->function); 367 zend_string_release(df->function);
368 df->function = zend_string_init("echo", sizeof("echo") - 1, 1); 368 df->function = zend_string_init(ZEND_STRL("echo"), 1);
369 } 369 }
370 370
371 if (df->function && !df->functions_list) { 371 if (df->function && !df->functions_list) {
372 if (df->ret || df->r_ret || df->ret_type) { 372 if (df->ret || df->r_ret || df->ret_type) {
373 add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, df); 373 add_df_to_hashtable(SPCFG(disabled_functions_ret), df);
374 } else { 374 } else {
375 add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions, df); 375 add_df_to_hashtable(SPCFG(disabled_functions), df);
376 } 376 }
377 } else { 377 } else {
378 if (df->ret || df->r_ret || df->ret_type) { 378 if (df->ret || df->r_ret || df->ret_type) {
379 SNUFFLEUPAGUS_G(config).config_disabled_functions_reg_ret->disabled_functions = sp_list_insert(SNUFFLEUPAGUS_G(config).config_disabled_functions_reg_ret->disabled_functions, df); 379 SPCFG(disabled_functions_reg_ret).disabled_functions = sp_list_insert(SPCFG(disabled_functions_reg_ret).disabled_functions, df);
380 } else { 380 } else {
381 SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions = sp_list_insert(SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions, df); 381 SPCFG(disabled_functions_reg).disabled_functions = sp_list_insert(SPCFG(disabled_functions_reg).disabled_functions, df);
382 } 382 }
383 } 383 }
384 return SP_PARSER_STOP; 384 return SP_PARSER_STOP;
@@ -493,7 +493,7 @@ SP_PARSE_FN(parse_ini_entry) {
493 } 493 }
494 entry->access = ro - rw; 494 entry->access = ro - rw;
495 495
496 zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_ini->entries, entry->key, entry); 496 zend_hash_add_ptr(SPCFG(ini).entries, entry->key, entry);
497 return SP_PARSER_STOP; 497 return SP_PARSER_STOP;
498 498
499err: 499err:
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 7bcedd2..b2cff66 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -1,7 +1,7 @@
1#include "php_snuffleupagus.h" 1#include "php_snuffleupagus.h"
2 2
3static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) { 3static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) {
4 const sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies; 4 const sp_list_node *it = SPCFG(cookie).cookies;
5 5
6 while (it) { 6 while (it) {
7 const sp_cookie *config = it->data; 7 const sp_cookie *config = it->data;
@@ -133,11 +133,11 @@ PHP_FUNCTION(sp_setcookie) {
133 } 133 }
134 134
135 /* If the request was issued over HTTPS, the cookie should be "secure" */ 135 /* If the request was issued over HTTPS, the cookie should be "secure" */
136 if (SNUFFLEUPAGUS_G(config).config_auto_cookie_secure) { 136 if (SPCFG(auto_cookie_secure).enable) {
137 const zval server_vars = PG(http_globals)[TRACK_VARS_SERVER]; 137 const zval server_vars = PG(http_globals)[TRACK_VARS_SERVER];
138 if (Z_TYPE(server_vars) == IS_ARRAY) { 138 if (Z_TYPE(server_vars) == IS_ARRAY) {
139 const zval *is_https = 139 const zval *is_https =
140 zend_hash_str_find(Z_ARRVAL(server_vars), "HTTPS", strlen("HTTPS")); 140 zend_hash_str_find(Z_ARRVAL(server_vars), ZEND_STRL("HTTPS"));
141 if (NULL != is_https) { 141 if (NULL != is_https) {
142 secure = 1; 142 secure = 1;
143 } 143 }
diff --git a/src/sp_crypt.c b/src/sp_crypt.c
index ff8f65e..c1d9403 100644
--- a/src/sp_crypt.c
+++ b/src/sp_crypt.c
@@ -3,13 +3,10 @@
3void generate_key(unsigned char *key) { 3void generate_key(unsigned char *key) {
4 PHP_SHA256_CTX ctx; 4 PHP_SHA256_CTX ctx;
5 const char *user_agent = getenv("HTTP_USER_AGENT"); 5 const char *user_agent = getenv("HTTP_USER_AGENT");
6 const zend_string *env_var_zend = 6 const zend_string *env_var_zend = SPCFG(cookies_env_var);
7 SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var; 7 const zend_string *encryption_key_zend = SPCFG(encryption_key);
8 const zend_string *encryption_key_zend =
9 SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key;
10 const char *env_var = (env_var_zend ? getenv(ZSTR_VAL(env_var_zend)) : NULL); 8 const char *env_var = (env_var_zend ? getenv(ZSTR_VAL(env_var_zend)) : NULL);
11 const char *encryption_key = 9 const char *encryption_key = (encryption_key_zend ? ZSTR_VAL(encryption_key_zend) : NULL);
12 (encryption_key_zend ? ZSTR_VAL(encryption_key_zend) : NULL);
13 10
14 assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. 11 assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256.
15 assert(encryption_key); // Encryption key can't be NULL 12 assert(encryption_key); // Encryption key can't be NULL
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
index 6ff3915..4ef72bf 100644
--- a/src/sp_disabled_functions.c
+++ b/src/sp_disabled_functions.c
@@ -479,21 +479,13 @@ ZEND_FUNCTION(check_disabled_function) {
479 zif_handler orig_handler; 479 zif_handler orig_handler;
480 const char* current_function_name = get_active_function_name(TSRMLS_C); 480 const char* current_function_name = get_active_function_name(TSRMLS_C);
481 481
482 should_disable_ht( 482 should_disable_ht(execute_data, current_function_name, NULL, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions_hooked));
483 execute_data, current_function_name, NULL, NULL,
484 SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions,
485 SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked);
486 483
487 orig_handler = zend_hash_str_find_ptr( 484 orig_handler = zend_hash_str_find_ptr(
488 SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name, 485 SPG(disabled_functions_hook), current_function_name,
489 strlen(current_function_name)); 486 strlen(current_function_name));
490 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 487 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
491 should_drop_on_ret_ht( 488 should_drop_on_ret_ht(return_value, current_function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret_hooked), execute_data);
492 return_value, current_function_name,
493 SNUFFLEUPAGUS_G(config)
494 .config_disabled_functions_reg_ret->disabled_functions,
495 SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked,
496 execute_data);
497} 489}
498 490
499static int hook_functions_regexp(const sp_list_node* config) { 491static int hook_functions_regexp(const sp_list_node* config) {
@@ -547,10 +539,10 @@ ZEND_FUNCTION(eval_blacklist_callback) {
547 } 539 }
548 zend_string_release(tmp); 540 zend_string_release(tmp);
549 541
550 if (SNUFFLEUPAGUS_G(in_eval) > 0) { 542 if (SPG(in_eval) > 0) {
551 // zend_string* filename = get_eval_filename(zend_get_executed_filename()); 543 // zend_string* filename = get_eval_filename(zend_get_executed_filename());
552 // const int line_number = zend_get_executed_lineno(TSRMLS_C); 544 // const int line_number = zend_get_executed_lineno(TSRMLS_C);
553 const sp_config_eval* config_eval = SNUFFLEUPAGUS_G(config).config_eval; 545 const sp_config_eval* config_eval = &(SPCFG(eval));
554 546
555 if (config_eval->dump) { 547 if (config_eval->dump) {
556 sp_log_request(config_eval->dump, config_eval->textual_representation); 548 sp_log_request(config_eval->dump, config_eval->textual_representation);
@@ -565,7 +557,7 @@ ZEND_FUNCTION(eval_blacklist_callback) {
565 557
566whitelisted: 558whitelisted:
567 orig_handler = zend_hash_str_find_ptr( 559 orig_handler = zend_hash_str_find_ptr(
568 SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook), current_function_name, 560 SPG(sp_eval_blacklist_functions_hook), current_function_name,
569 strlen(current_function_name)); 561 strlen(current_function_name));
570 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 562 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
571} 563}
@@ -575,26 +567,19 @@ int hook_disabled_functions(void) {
575 567
576 int ret = SUCCESS; 568 int ret = SUCCESS;
577 569
578 hook_functions(SNUFFLEUPAGUS_G(config).config_disabled_functions, 570 hook_functions(SPCFG(disabled_functions), SPCFG(disabled_functions_hooked));
579 SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked); 571 hook_functions(SPCFG(disabled_functions_ret), SPCFG(disabled_functions_ret_hooked));
580 572
581 hook_functions(SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, 573 ret |= hook_functions_regexp(SPCFG(disabled_functions_reg).disabled_functions);
582 SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked);
583 574
584 ret |= hook_functions_regexp( 575 ret |= hook_functions_regexp(SPCFG(disabled_functions_reg_ret).disabled_functions);
585 SNUFFLEUPAGUS_G(config)
586 .config_disabled_functions_reg->disabled_functions);
587 576
588 ret |= hook_functions_regexp( 577 if (NULL != SPCFG(eval).blacklist) {
589 SNUFFLEUPAGUS_G(config) 578 sp_list_node* it = SPCFG(eval).blacklist;
590 .config_disabled_functions_reg_ret->disabled_functions);
591
592 if (NULL != SNUFFLEUPAGUS_G(config).config_eval->blacklist) {
593 sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->blacklist;
594 579
595 while (it) { 580 while (it) {
596 hook_function(ZSTR_VAL((zend_string*)it->data), 581 hook_function(ZSTR_VAL((zend_string*)it->data),
597 SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook), 582 SPG(sp_eval_blacklist_functions_hook),
598 PHP_FN(eval_blacklist_callback)); 583 PHP_FN(eval_blacklist_callback));
599 it = it->next; 584 it = it->next;
600 } 585 }
@@ -611,10 +596,7 @@ int hook_echo(const char* str, size_t str_length) {
611#endif 596#endif
612 zend_string* zs = zend_string_init(str, str_length, 0); 597 zend_string* zs = zend_string_init(str, str_length, 0);
613 598
614 should_disable_ht( 599 should_disable_ht(EG(current_execute_data), "echo", zs, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions_hooked));
615 EG(current_execute_data), "echo", zs, NULL,
616 SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions,
617 SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked);
618 600
619 zend_string_release(zs); 601 zend_string_release(zs);
620 602
diff --git a/src/sp_execute.c b/src/sp_execute.c
index 41257ad..ccb7508 100644
--- a/src/sp_execute.c
+++ b/src/sp_execute.c
@@ -8,8 +8,7 @@ static int (*orig_zend_stream_open)(const char *filename,
8 8
9// FIXME handle symlink 9// FIXME handle symlink
10ZEND_COLD static inline void terminate_if_writable(const char *filename) { 10ZEND_COLD static inline void terminate_if_writable(const char *filename) {
11 const sp_config_readonly_exec *config_ro_exec = 11 const sp_config_readonly_exec *config_ro_exec = &(SPCFG(readonly_exec));
12 SNUFFLEUPAGUS_G(config).config_readonly_exec;
13 12
14 if (0 == access(filename, W_OK)) { 13 if (0 == access(filename, W_OK)) {
15 if (config_ro_exec->dump) { 14 if (config_ro_exec->dump) {
@@ -43,21 +42,18 @@ inline static void is_builtin_matching(
43 return; 42 return;
44 } 43 }
45 44
46 should_disable_ht( 45 should_disable_ht(EG(current_execute_data), function_name, param_value, param_name, SPCFG(disabled_functions_reg).disabled_functions, ht);
47 EG(current_execute_data), function_name, param_value, param_name,
48 SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions,
49 ht);
50} 46}
51 47
52static void ZEND_HOT 48static void ZEND_HOT
53is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { 49is_in_eval_and_whitelisted(const zend_execute_data *execute_data) {
54 const sp_config_eval *config_eval = SNUFFLEUPAGUS_G(config).config_eval; 50 const sp_config_eval *config_eval = &(SPCFG(eval));
55 51
56 if (EXPECTED(0 == SNUFFLEUPAGUS_G(in_eval))) { 52 if (EXPECTED(0 == SPG(in_eval))) {
57 return; 53 return;
58 } 54 }
59 55
60 if (EXPECTED(NULL == SNUFFLEUPAGUS_G(config).config_eval->whitelist)) { 56 if (EXPECTED(NULL == config_eval->whitelist)) {
61 return; 57 return;
62 } 58 }
63 59
@@ -113,50 +109,45 @@ zend_string *get_eval_filename(const char *const filename) {
113} 109}
114 110
115static inline void sp_orig_execute(zend_execute_data *execute_data) { 111static inline void sp_orig_execute(zend_execute_data *execute_data) {
116 SNUFFLEUPAGUS_G(execution_depth)++; 112 SPG(execution_depth)++;
117 if (SNUFFLEUPAGUS_G(execution_depth) > SNUFFLEUPAGUS_G(config).max_execution_depth && SNUFFLEUPAGUS_G(config).max_execution_depth > 0) { 113 if (SPCFG(max_execution_depth) > 0 && SPG(execution_depth) > SPCFG(max_execution_depth)) {
118 sp_log_drop("execute", "Maximum recursion limit reached. Script terminated."); 114 sp_log_drop("execute", "Maximum recursion limit reached. Script terminated.");
119 } 115 }
120 orig_execute_ex(execute_data); 116 orig_execute_ex(execute_data);
121 SNUFFLEUPAGUS_G(execution_depth)--; 117 SPG(execution_depth)--;
122} 118}
123 119
124static void sp_execute_ex(zend_execute_data *execute_data) { 120static void sp_execute_ex(zend_execute_data *execute_data) {
125 is_in_eval_and_whitelisted(execute_data); 121 is_in_eval_and_whitelisted(execute_data);
126 const HashTable *config_disabled_functions = 122 const HashTable *config_disabled_functions = SPCFG(disabled_functions);
127 SNUFFLEUPAGUS_G(config).config_disabled_functions;
128 123
129 if (!execute_data) { 124 if (!execute_data) {
130 return; // LCOV_EXCL_LINE 125 return; // LCOV_EXCL_LINE
131 } 126 }
132 127
133 if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) { 128 if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) {
134 const sp_list_node *config = zend_hash_str_find_ptr( 129 const sp_list_node *config = zend_hash_str_find_ptr(config_disabled_functions, ZEND_STRL("eval"));
135 config_disabled_functions, "eval", sizeof("eval") - 1);
136 130
137 zend_string *filename = get_eval_filename(zend_get_executed_filename()); 131 zend_string *filename = get_eval_filename(zend_get_executed_filename());
138 is_builtin_matching(filename, "eval", NULL, config, 132 is_builtin_matching(filename, "eval", NULL, config, config_disabled_functions);
139 config_disabled_functions);
140 zend_string_release(filename); 133 zend_string_release(filename);
141 134
142 SNUFFLEUPAGUS_G(in_eval)++; 135 SPG(in_eval)++;
143 sp_orig_execute(execute_data); 136 sp_orig_execute(execute_data);
144 SNUFFLEUPAGUS_G(in_eval)--; 137 SPG(in_eval)--;
145 return; 138 return;
146 } 139 }
147 140
148 if (NULL != EX(func)->op_array.filename) { 141 if (NULL != EX(func)->op_array.filename) {
149 if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { 142 if (SPCFG(readonly_exec).enable) {
150 terminate_if_writable(ZSTR_VAL(EX(func)->op_array.filename)); 143 terminate_if_writable(ZSTR_VAL(EX(func)->op_array.filename));
151 } 144 }
152 } 145 }
153 146
154 if (SNUFFLEUPAGUS_G(config).hook_execute) { 147 if (SPG(hook_execute)) {
155 char *function_name = get_complete_function_path(execute_data); 148 char *function_name = get_complete_function_path(execute_data);
156 zval ret_val; 149 zval ret_val;
157 const sp_list_node *config_disabled_functions_reg = 150 const sp_list_node *config_disabled_functions_reg = SPCFG(disabled_functions_reg).disabled_functions;
158 SNUFFLEUPAGUS_G(config)
159 .config_disabled_functions_reg->disabled_functions;
160 151
161 if (!function_name) { 152 if (!function_name) {
162 sp_orig_execute(execute_data); 153 sp_orig_execute(execute_data);
@@ -195,11 +186,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
195 186
196 sp_orig_execute(execute_data); 187 sp_orig_execute(execute_data);
197 188
198 should_drop_on_ret_ht( 189 should_drop_on_ret_ht(EX(return_value), function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret), execute_data);
199 EX(return_value), function_name,
200 SNUFFLEUPAGUS_G(config)
201 .config_disabled_functions_reg_ret->disabled_functions,
202 SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, execute_data);
203 efree(function_name); 190 efree(function_name);
204 191
205 if (EX(return_value) == &ret_val) { 192 if (EX(return_value) == &ret_val) {
@@ -231,41 +218,36 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) {
231 } 218 }
232 219
233 zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0); 220 zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0);
234 const HashTable *disabled_functions_hooked = 221 const HashTable *disabled_functions_hooked = SPCFG(disabled_functions_hooked);
235 SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked;
236 222
237 switch (data->opline->opcode) { 223 switch (data->opline->opcode) {
238 case ZEND_INCLUDE_OR_EVAL: 224 case ZEND_INCLUDE_OR_EVAL:
239 if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { 225 if (SPCFG(readonly_exec).enable) {
240 terminate_if_writable(filename); 226 terminate_if_writable(filename);
241 } 227 }
242 switch (data->opline->extended_value) { 228 switch (data->opline->extended_value) {
243 case ZEND_INCLUDE: 229 case ZEND_INCLUDE:
244 is_builtin_matching( 230 is_builtin_matching(
245 zend_filename, "include", "inclusion path", 231 zend_filename, "include", "inclusion path",
246 zend_hash_str_find_ptr(disabled_functions_hooked, "include", 232 zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("include")),
247 sizeof("include") - 1),
248 disabled_functions_hooked); 233 disabled_functions_hooked);
249 break; 234 break;
250 case ZEND_REQUIRE: 235 case ZEND_REQUIRE:
251 is_builtin_matching( 236 is_builtin_matching(
252 zend_filename, "require", "inclusion path", 237 zend_filename, "require", "inclusion path",
253 zend_hash_str_find_ptr(disabled_functions_hooked, "require", 238 zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("require")),
254 sizeof("require") - 1),
255 disabled_functions_hooked); 239 disabled_functions_hooked);
256 break; 240 break;
257 case ZEND_REQUIRE_ONCE: 241 case ZEND_REQUIRE_ONCE:
258 is_builtin_matching( 242 is_builtin_matching(
259 zend_filename, "require_once", "inclusion path", 243 zend_filename, "require_once", "inclusion path",
260 zend_hash_str_find_ptr(disabled_functions_hooked, "require_once", 244 zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("require_once")),
261 sizeof("require_once") - 1),
262 disabled_functions_hooked); 245 disabled_functions_hooked);
263 break; 246 break;
264 case ZEND_INCLUDE_ONCE: 247 case ZEND_INCLUDE_ONCE:
265 is_builtin_matching( 248 is_builtin_matching(
266 zend_filename, "include_once", "inclusion path", 249 zend_filename, "include_once", "inclusion path",
267 zend_hash_str_find_ptr(disabled_functions_hooked, "include_once", 250 zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("include_once")),
268 sizeof("include_once") - 1),
269 disabled_functions_hooked); 251 disabled_functions_hooked);
270 break; 252 break;
271 EMPTY_SWITCH_DEFAULT_CASE(); // LCOV_EXCL_LINE 253 EMPTY_SWITCH_DEFAULT_CASE(); // LCOV_EXCL_LINE
diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c
index 43c2a5b..3e9bcb3 100644
--- a/src/sp_harden_rand.c
+++ b/src/sp_harden_rand.c
@@ -54,8 +54,7 @@ PHP_FUNCTION(sp_rand) {
54 54
55 /* call the original `rand` function, 55 /* call the original `rand` function,
56 * since we might no be the only ones to hook it*/ 56 * since we might no be the only ones to hook it*/
57 orig_handler = zend_hash_str_find_ptr( 57 orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("rand"));
58 SNUFFLEUPAGUS_G(sp_internal_functions_hook), "rand", sizeof("rand") - 1);
59 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 58 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
60 59
61 random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU); 60 random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU);
@@ -67,8 +66,7 @@ PHP_FUNCTION(sp_mt_rand) {
67 /* call the original `mt_rand` function, 66 /* call the original `mt_rand` function,
68 * since we might no be the only ones to hook it*/ 67 * since we might no be the only ones to hook it*/
69 orig_handler = 68 orig_handler =
70 zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), 69 zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("mt_rand"));
71 "mt_rand", sizeof("mt_rand") - 1);
72 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 70 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
73 71
74 random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU); 72 random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU);
diff --git a/src/sp_ifilter.c b/src/sp_ifilter.c
index a475c1e..8099882 100644
--- a/src/sp_ifilter.c
+++ b/src/sp_ifilter.c
@@ -77,12 +77,12 @@ static void sp_register_server_variables(zval *track_vars_array) {
77 svars = Z_ARRVAL_P(track_vars_array); 77 svars = Z_ARRVAL_P(track_vars_array);
78 78
79 79
80 if (SNUFFLEUPAGUS_G(config).server_encode) { 80 if (SPCFG(server_encode)) {
81 sp_server_encode(svars, ZEND_STRL("REQUEST_URI")); 81 sp_server_encode(svars, ZEND_STRL("REQUEST_URI"));
82 sp_server_encode(svars, ZEND_STRL("QUERY_STRING")); 82 sp_server_encode(svars, ZEND_STRL("QUERY_STRING"));
83 } 83 }
84 84
85 if (SNUFFLEUPAGUS_G(config).server_strip) { 85 if (SPCFG(server_strip)) {
86 sp_server_strip(svars, ZEND_STRL("PHP_SELF")); 86 sp_server_strip(svars, ZEND_STRL("PHP_SELF"));
87 sp_server_strip(svars, ZEND_STRL("HTTP_HOST")); 87 sp_server_strip(svars, ZEND_STRL("HTTP_HOST"));
88 sp_server_strip(svars, ZEND_STRL("HTTP_USER_AGENT")); 88 sp_server_strip(svars, ZEND_STRL("HTTP_USER_AGENT"));
diff --git a/src/sp_ini.c b/src/sp_ini.c
index 5777ca3..2238e3a 100644
--- a/src/sp_ini.c
+++ b/src/sp_ini.c
@@ -17,7 +17,7 @@ static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_va
17 return false; 17 return false;
18 } 18 }
19 19
20 sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; 20 sp_config_ini *cfg = &(SPCFG(ini));
21 sp_ini_entry *entry = zend_hash_find_ptr(cfg->entries, varname); 21 sp_ini_entry *entry = zend_hash_find_ptr(cfg->entries, varname);
22 if (sp_entry_p) { 22 if (sp_entry_p) {
23 *sp_entry_p = entry; 23 *sp_entry_p = entry;
@@ -92,7 +92,7 @@ static PHP_INI_MH(sp_ini_onmodify) {
92} 92}
93 93
94void sp_hook_ini() { 94void sp_hook_ini() {
95 sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; 95 sp_config_ini *cfg = &(SPCFG(ini));
96 sp_ini_entry *sp_entry; 96 sp_ini_entry *sp_entry;
97 zend_ini_entry *ini_entry; 97 zend_ini_entry *ini_entry;
98 ZEND_HASH_FOREACH_PTR(cfg->entries, sp_entry) 98 ZEND_HASH_FOREACH_PTR(cfg->entries, sp_entry)
@@ -129,7 +129,7 @@ void sp_hook_ini() {
129void sp_unhook_ini() { 129void sp_unhook_ini() {
130 sp_ini_entry *sp_entry; 130 sp_ini_entry *sp_entry;
131 zend_ini_entry *ini_entry; 131 zend_ini_entry *ini_entry;
132 ZEND_HASH_FOREACH_PTR(SNUFFLEUPAGUS_G(config).config_ini->entries, sp_entry) 132 ZEND_HASH_FOREACH_PTR(SPCFG(ini).entries, sp_entry)
133 if (!sp_entry->orig_onmodify) { 133 if (!sp_entry->orig_onmodify) {
134 // not hooked or no original onmodify 134 // not hooked or no original onmodify
135 continue; 135 continue;
diff --git a/src/sp_session.c b/src/sp_session.c
index 64233d1..b54849e 100644
--- a/src/sp_session.c
+++ b/src/sp_session.c
@@ -25,7 +25,7 @@ static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL;
25static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; 25static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL;
26 26
27static void check_sid_length(zend_string *sid) { 27static void check_sid_length(zend_string *sid) {
28 const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; 28 const sp_config_session *cfg = &(SPCFG(session));
29 29
30 if (sid) { 30 if (sid) {
31 if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) { 31 if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) {
@@ -38,7 +38,7 @@ static void check_sid_length(zend_string *sid) {
38} 38}
39 39
40static int sp_hook_s_read(PS_READ_ARGS) { 40static int sp_hook_s_read(PS_READ_ARGS) {
41 const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; 41 const sp_config_session *cfg = &(SPCFG(session));
42 check_sid_length(key); 42 check_sid_length(key);
43 43
44 int r = old_s_read(mod_data, key, val, maxlifetime); 44 int r = old_s_read(mod_data, key, val, maxlifetime);
@@ -65,7 +65,7 @@ static int sp_hook_s_read(PS_READ_ARGS) {
65} 65}
66 66
67static int sp_hook_s_write(PS_WRITE_ARGS) { 67static int sp_hook_s_write(PS_WRITE_ARGS) {
68 const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; 68 const sp_config_session *cfg = &(SPCFG(session));
69 check_sid_length(key); 69 check_sid_length(key);
70 70
71 if (ZSTR_LEN(val) > 0 && cfg->encrypt) { 71 if (ZSTR_LEN(val) > 0 && cfg->encrypt) {
diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c
index ff2d644..8afddc9 100644
--- a/src/sp_sloppy.c
+++ b/src/sp_sloppy.c
@@ -69,7 +69,7 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name,
69 69
70 ZVAL_STRING(&func_name, name); 70 ZVAL_STRING(&func_name, name);
71 71
72 handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), 72 handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook),
73 name, size); 73 name, size);
74 zend_internal_function* func = 74 zend_internal_function* func =
75 zend_hash_str_find_ptr(CG(function_table), name, size); 75 zend_hash_str_find_ptr(CG(function_table), name, size);
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 82b2cef..1c9f731 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -4,10 +4,10 @@ PHP_FUNCTION(sp_serialize) {
4 zif_handler orig_handler; 4 zif_handler orig_handler;
5 5
6 /* Call the original `serialize` function. */ 6 /* Call the original `serialize` function. */
7 orig_handler = 7 orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("serialize"));
8 zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), 8 if (orig_handler) {
9 "serialize", sizeof("serialize") - 1); 9 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
10 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 10 }
11 11
12 /* Compute the HMAC of the textual representation of the serialized data*/ 12 /* Compute the HMAC of the textual representation of the serialized data*/
13 zval func_name; 13 zval func_name;
@@ -19,7 +19,7 @@ PHP_FUNCTION(sp_serialize) {
19 params[1] = *return_value; 19 params[1] = *return_value;
20 ZVAL_STRING( 20 ZVAL_STRING(
21 &params[2], 21 &params[2],
22 ZSTR_VAL(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)); 22 ZSTR_VAL(SPCFG(encryption_key)));
23 call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params); 23 call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params);
24 24
25 size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); 25 size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
@@ -46,8 +46,7 @@ PHP_FUNCTION(sp_unserialize) {
46 size_t buf_len = 0; 46 size_t buf_len = 0;
47 zval *opts = NULL; 47 zval *opts = NULL;
48 48
49 const sp_config_unserialize *config_unserialize = 49 const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize));
50 SNUFFLEUPAGUS_G(config).config_unserialize;
51 50
52 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) == 51 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) ==
53 FAILURE) { 52 FAILURE) {
@@ -71,7 +70,7 @@ PHP_FUNCTION(sp_unserialize) {
71 ZVAL_STRING(&params[1], serialized_str); 70 ZVAL_STRING(&params[1], serialized_str);
72 ZVAL_STRING( 71 ZVAL_STRING(
73 &params[2], 72 &params[2],
74 ZSTR_VAL(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)); 73 ZSTR_VAL(SPCFG(encryption_key)));
75 call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3, 74 call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3,
76 params); 75 params);
77 76
@@ -81,9 +80,7 @@ PHP_FUNCTION(sp_unserialize) {
81 } 80 }
82 81
83 if (0 == status) { 82 if (0 == status) {
84 if ((orig_handler = zend_hash_str_find_ptr( 83 if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
85 SNUFFLEUPAGUS_G(sp_internal_functions_hook), "unserialize",
86 sizeof("unserialize") - 1))) {
87 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 84 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
88 } 85 }
89 } else { 86 } else {
@@ -93,9 +90,7 @@ PHP_FUNCTION(sp_unserialize) {
93 } 90 }
94 if (true == config_unserialize->simulation) { 91 if (true == config_unserialize->simulation) {
95 sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str); 92 sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str);
96 if ((orig_handler = zend_hash_str_find_ptr( 93 if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) {
97 SNUFFLEUPAGUS_G(sp_internal_functions_hook), "unserialize",
98 sizeof("unserialize") - 1))) {
99 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 94 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
100 } 95 }
101 } else { 96 } else {
diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c
index 4d44011..bff7e43 100644
--- a/src/sp_upload_validation.c
+++ b/src/sp_upload_validation.c
@@ -32,8 +32,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) {
32 32
33 if (event == MULTIPART_EVENT_END) { 33 if (event == MULTIPART_EVENT_END) {
34 zend_string *file_key __attribute__((unused)) = NULL; 34 zend_string *file_key __attribute__((unused)) = NULL;
35 const sp_config_upload_validation *config_upload = 35 const sp_config_upload_validation *config_upload = &(SPCFG(upload_validation));
36 SNUFFLEUPAGUS_G(config).config_upload_validation;
37 zval *file; 36 zval *file;
38 pid_t pid; 37 pid_t pid;
39 38
@@ -44,12 +43,9 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) {
44 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]), 43 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]),
45 file_key, file) { // for each uploaded file 44 file_key, file) { // for each uploaded file
46 45
47 char *filename = Z_STRVAL_P( 46 char *filename = Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("name")));
48 zend_hash_str_find(Z_ARRVAL_P(file), "name", sizeof("name") - 1)); 47 char *tmp_name = Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("tmp_name")));
49 char *tmp_name = Z_STRVAL_P(zend_hash_str_find( 48 size_t filesize = Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("size")));
50 Z_ARRVAL_P(file), "tmp_name", sizeof("tmp_name") - 1));
51 size_t filesize = Z_LVAL_P(
52 zend_hash_str_find(Z_ARRVAL_P(file), "size", sizeof("size") - 1));
53 char *cmd[3] = {0}; 49 char *cmd[3] = {0};
54 char *env[5] = {0}; 50 char *env[5] = {0};
55 51
diff --git a/src/sp_utils.c b/src/sp_utils.c
index de19321..ff85494 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -46,7 +46,7 @@ void sp_log_msgf(char const* restrict feature, int level, int type,
46 break; 46 break;
47 } 47 }
48 48
49 switch (SNUFFLEUPAGUS_G(config).log_media) { 49 switch (SPCFG(log_media)) {
50 case SP_SYSLOG: { 50 case SP_SYSLOG: {
51 const char* error_filename = zend_get_executed_filename(); 51 const char* error_filename = zend_get_executed_filename();
52 int syslog_level = (level == E_ERROR) ? LOG_ERR : LOG_INFO; 52 int syslog_level = (level == E_ERROR) ? LOG_ERR : LOG_INFO;
@@ -244,17 +244,17 @@ const zend_string* sp_zval_to_zend_string(const zval* zv) {
244 return Z_STR_P(zv); 244 return Z_STR_P(zv);
245 } 245 }
246 case IS_FALSE: 246 case IS_FALSE:
247 return zend_string_init("FALSE", sizeof("FALSE") - 1, 0); 247 return zend_string_init(ZEND_STRL("FALSE"), 0);
248 case IS_TRUE: 248 case IS_TRUE:
249 return zend_string_init("TRUE", sizeof("TRUE") - 1, 0); 249 return zend_string_init(ZEND_STRL("TRUE"), 0);
250 case IS_NULL: 250 case IS_NULL:
251 return zend_string_init("NULL", sizeof("NULL") - 1, 0); 251 return zend_string_init(ZEND_STRL("NULL"), 0);
252 case IS_OBJECT: 252 case IS_OBJECT:
253 return zend_string_init("OBJECT", sizeof("OBJECT") - 1, 0); 253 return zend_string_init(ZEND_STRL("OBJECT"), 0);
254 case IS_ARRAY: 254 case IS_ARRAY:
255 return zend_string_init("ARRAY", sizeof("ARRAY") - 1, 0); 255 return zend_string_init(ZEND_STRL("ARRAY"), 0);
256 case IS_RESOURCE: 256 case IS_RESOURCE:
257 return zend_string_init("RESOURCE", sizeof("RESOURCE") - 1, 0); 257 return zend_string_init(ZEND_STRL("RESOURCE"), 0);
258 default: // LCOV_EXCL_LINE 258 default: // LCOV_EXCL_LINE
259 return zend_string_init("", 0, 0); // LCOV_EXCL_LINE 259 return zend_string_init("", 0, 0); // LCOV_EXCL_LINE
260 } 260 }
@@ -432,7 +432,7 @@ bool hook_function(const char* original_name, HashTable* hook_table,
432 if (NULL == mb_name) { 432 if (NULL == mb_name) {
433 return FAILURE; 433 return FAILURE;
434 } 434 }
435 memcpy(mb_name, "mb_", sizeof("mb_") - 1); 435 memcpy(mb_name, ZEND_STRL("mb_"));
436 memcpy(mb_name + 3, VAR_AND_LEN(original_name)); 436 memcpy(mb_name + 3, VAR_AND_LEN(original_name));
437 _hook_function(mb_name, hook_table, new_function); 437 _hook_function(mb_name, hook_table, new_function);
438 efree(mb_name); 438 efree(mb_name);
@@ -471,7 +471,7 @@ void unhook_functions(HashTable *ht) {
471} 471}
472 472
473bool check_is_in_eval_whitelist(const zend_string* const function_name) { 473bool check_is_in_eval_whitelist(const zend_string* const function_name) {
474 const sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->whitelist; 474 const sp_list_node* it = SPCFG(eval).whitelist;
475 if (!it) { 475 if (!it) {
476 return false; 476 return false;
477 } 477 }
diff --git a/src/sp_utils.h b/src/sp_utils.h
index ef626a3..27c8bfa 100644
--- a/src/sp_utils.h
+++ b/src/sp_utils.h
@@ -23,10 +23,10 @@
23#define SHA256_SIZE 32 23#define SHA256_SIZE 32
24 24
25#define HOOK_FUNCTION(original_name, hook_table, new_function) \ 25#define HOOK_FUNCTION(original_name, hook_table, new_function) \
26 hook_function(original_name, SNUFFLEUPAGUS_G(hook_table), new_function) 26 hook_function(original_name, SPG(hook_table), new_function)
27 27
28#define HOOK_FUNCTION_BY_REGEXP(regexp, hook_table, new_function) \ 28#define HOOK_FUNCTION_BY_REGEXP(regexp, hook_table, new_function) \
29 hook_regexp(regexp, SNUFFLEUPAGUS_G(hook_table), new_function) 29 hook_regexp(regexp, SPG(hook_table), new_function)
30 30
31#define SP_TYPE_LOG (0) 31#define SP_TYPE_LOG (0)
32#define SP_TYPE_DROP (1) 32#define SP_TYPE_DROP (1)
diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c
index 7610114..1538e33 100644
--- a/src/sp_wrapper.c
+++ b/src/sp_wrapper.c
@@ -1,7 +1,7 @@
1#include "php_snuffleupagus.h" 1#include "php_snuffleupagus.h"
2 2
3static bool wrapper_is_whitelisted(const zend_string *const zs) { 3static bool wrapper_is_whitelisted(const zend_string *const zs) {
4 const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist; 4 const sp_list_node *list = SPCFG(wrapper).whitelist;
5 5
6 if (!zs) { 6 if (!zs) {
7 return false; // LCOV_EXCL_LINE 7 return false; // LCOV_EXCL_LINE
@@ -38,8 +38,7 @@ void sp_disable_wrapper() {
38 38
39 zend_hash_destroy(orig_complete); 39 zend_hash_destroy(orig_complete);
40 pefree(orig_complete, 1); 40 pefree(orig_complete, 1);
41 SNUFFLEUPAGUS_G(config).config_wrapper->num_wrapper = 41 SPCFG(wrapper).num_wrapper = zend_hash_num_elements(orig);
42 zend_hash_num_elements(orig);
43} 42}
44 43
45PHP_FUNCTION(sp_stream_wrapper_register) { 44PHP_FUNCTION(sp_stream_wrapper_register) {
@@ -53,9 +52,7 @@ PHP_FUNCTION(sp_stream_wrapper_register) {
53 // LCOV_EXCL_BR_END 52 // LCOV_EXCL_BR_END
54 53
55 if (wrapper_is_whitelisted(protocol_name)) { 54 if (wrapper_is_whitelisted(protocol_name)) {
56 orig_handler = zend_hash_str_find_ptr( 55 orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("stream_wrapper_register"));
57 SNUFFLEUPAGUS_G(sp_internal_functions_hook), "stream_wrapper_register",
58 sizeof("stream_wrapper_register") - 1);
59 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); 56 orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
60 } 57 }
61} 58}