diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/php_snuffleupagus.h | 2 | ||||
| -rw-r--r-- | src/snuffleupagus.c | 87 | ||||
| -rw-r--r-- | src/sp_disable_xxe.c | 7 | ||||
| -rw-r--r-- | src/sp_utils.c | 2 |
4 files changed, 52 insertions, 46 deletions
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 248045c..5b2b414 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h | |||
| @@ -56,7 +56,7 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); | |||
| 56 | #define TSRMLS_FETCH() | 56 | #define TSRMLS_FETCH() |
| 57 | #define TSRMLS_C | 57 | #define TSRMLS_C |
| 58 | #else | 58 | #else |
| 59 | #if ( !HAVE_PCRE && !HAVE_BUNDLED_PCRE ) | 59 | #if (!HAVE_PCRE && !HAVE_BUNDLED_PCRE) |
| 60 | #error Snuffleupagus requires PHP7+ with PCRE support | 60 | #error Snuffleupagus requires PHP7+ with PCRE support |
| 61 | #endif | 61 | #endif |
| 62 | #endif | 62 | #endif |
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 9a5ac90..f192dd2 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c | |||
| @@ -47,8 +47,7 @@ static PHP_INI_MH(StrictMode) { | |||
| 47 | PHP_INI_BEGIN() | 47 | PHP_INI_BEGIN() |
| 48 | PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, | 48 | PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, |
| 49 | OnUpdateConfiguration) | 49 | OnUpdateConfiguration) |
| 50 | PHP_INI_ENTRY("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, | 50 | PHP_INI_ENTRY("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, StrictMode) |
| 51 | StrictMode) | ||
| 52 | PHP_INI_END() | 51 | PHP_INI_END() |
| 53 | 52 | ||
| 54 | ZEND_DLEXPORT zend_extension zend_extension_entry = { | 53 | ZEND_DLEXPORT zend_extension zend_extension_entry = { |
| @@ -59,24 +58,24 @@ ZEND_DLEXPORT zend_extension zend_extension_entry = { | |||
| 59 | PHP_SNUFFLEUPAGUS_COPYRIGHT, | 58 | PHP_SNUFFLEUPAGUS_COPYRIGHT, |
| 60 | sp_zend_startup, | 59 | sp_zend_startup, |
| 61 | NULL, | 60 | NULL, |
| 62 | NULL, /* activate_func_t */ | 61 | NULL, /* activate_func_t */ |
| 63 | NULL, /* deactivate_func_t */ | 62 | NULL, /* deactivate_func_t */ |
| 64 | NULL, /* message_handler_func_t */ | 63 | NULL, /* message_handler_func_t */ |
| 65 | sp_op_array_handler, /* op_array_handler_func_t */ | 64 | sp_op_array_handler, /* op_array_handler_func_t */ |
| 66 | NULL, /* statement_handler_func_t */ | 65 | NULL, /* statement_handler_func_t */ |
| 67 | NULL, /* fcall_begin_handler_func_t */ | 66 | NULL, /* fcall_begin_handler_func_t */ |
| 68 | NULL, /* fcall_end_handler_func_t */ | 67 | NULL, /* fcall_end_handler_func_t */ |
| 69 | NULL, /* op_array_ctor_func_t */ | 68 | NULL, /* op_array_ctor_func_t */ |
| 70 | NULL, /* op_array_dtor_func_t */ | 69 | NULL, /* op_array_dtor_func_t */ |
| 71 | STANDARD_ZEND_EXTENSION_PROPERTIES}; | 70 | STANDARD_ZEND_EXTENSION_PROPERTIES}; |
| 72 | 71 | ||
| 73 | PHP_GINIT_FUNCTION(snuffleupagus) { | 72 | PHP_GINIT_FUNCTION(snuffleupagus) { |
| 74 | snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; | 73 | snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; |
| 75 | snuffleupagus_globals->in_eval = 0; | 74 | snuffleupagus_globals->in_eval = 0; |
| 76 | 75 | ||
| 77 | #define SP_INIT_HT(F) snuffleupagus_globals->F = \ | 76 | #define SP_INIT_HT(F) \ |
| 78 | pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \ | 77 | snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \ |
| 79 | zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); | 78 | zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); |
| 80 | SP_INIT_HT(disabled_functions_hook); | 79 | SP_INIT_HT(disabled_functions_hook); |
| 81 | SP_INIT_HT(sp_internal_functions_hook); | 80 | SP_INIT_HT(sp_internal_functions_hook); |
| 82 | SP_INIT_HT(sp_eval_blacklist_functions_hook); | 81 | SP_INIT_HT(sp_eval_blacklist_functions_hook); |
| @@ -86,8 +85,9 @@ PHP_GINIT_FUNCTION(snuffleupagus) { | |||
| 86 | SP_INIT_HT(config.config_disabled_functions_ret_hooked); | 85 | SP_INIT_HT(config.config_disabled_functions_ret_hooked); |
| 87 | #undef SP_INIT_HT | 86 | #undef SP_INIT_HT |
| 88 | 87 | ||
| 89 | #define SP_INIT(F) snuffleupagus_globals->config.F = \ | 88 | #define SP_INIT(F) \ |
| 90 | pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1); | 89 | snuffleupagus_globals->config.F = \ |
| 90 | pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1); | ||
| 91 | SP_INIT(config_unserialize); | 91 | SP_INIT(config_unserialize); |
| 92 | SP_INIT(config_random); | 92 | SP_INIT(config_random); |
| 93 | SP_INIT(config_sloppy); | 93 | SP_INIT(config_sloppy); |
| @@ -128,16 +128,15 @@ static void free_disabled_functions_hashtable(HashTable *ht) { | |||
| 128 | } | 128 | } |
| 129 | 129 | ||
| 130 | PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { | 130 | PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { |
| 131 | |||
| 132 | #define FREE_HT(F) \ | 131 | #define FREE_HT(F) \ |
| 133 | zend_hash_destroy(SNUFFLEUPAGUS_G(F)); \ | 132 | zend_hash_destroy(SNUFFLEUPAGUS_G(F)); \ |
| 134 | pefree(SNUFFLEUPAGUS_G(F), 1); | 133 | pefree(SNUFFLEUPAGUS_G(F), 1); |
| 135 | FREE_HT(disabled_functions_hook); | 134 | FREE_HT(disabled_functions_hook); |
| 136 | FREE_HT(sp_eval_blacklist_functions_hook); | 135 | FREE_HT(sp_eval_blacklist_functions_hook); |
| 137 | 136 | ||
| 138 | #define FREE_HT_LIST(F) \ | 137 | #define FREE_HT_LIST(F) \ |
| 139 | free_disabled_functions_hashtable(SNUFFLEUPAGUS_G(config).F); \ | 138 | free_disabled_functions_hashtable(SNUFFLEUPAGUS_G(config).F); \ |
| 140 | FREE_HT(config.F); | 139 | FREE_HT(config.F); |
| 141 | FREE_HT_LIST(config_disabled_functions); | 140 | FREE_HT_LIST(config_disabled_functions); |
| 142 | FREE_HT_LIST(config_disabled_functions_hooked); | 141 | FREE_HT_LIST(config_disabled_functions_hooked); |
| 143 | FREE_HT_LIST(config_disabled_functions_ret); | 142 | FREE_HT_LIST(config_disabled_functions_ret); |
| @@ -145,12 +144,12 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { | |||
| 145 | #undef FREE_HT_LIST | 144 | #undef FREE_HT_LIST |
| 146 | #undef FREE_HT | 145 | #undef FREE_HT |
| 147 | 146 | ||
| 148 | #define FREE_LST_DISABLE(L) \ | 147 | #define FREE_LST_DISABLE(L) \ |
| 149 | do { \ | 148 | do { \ |
| 150 | sp_list_node *_n = SNUFFLEUPAGUS_G(config).L; \ | 149 | sp_list_node *_n = SNUFFLEUPAGUS_G(config).L; \ |
| 151 | sp_disabled_function_list_free(_n); \ | 150 | sp_disabled_function_list_free(_n); \ |
| 152 | sp_list_free(_n); \ | 151 | sp_list_free(_n); \ |
| 153 | } while (0) | 152 | } while (0) |
| 154 | FREE_LST_DISABLE(config_disabled_functions_reg->disabled_functions); | 153 | FREE_LST_DISABLE(config_disabled_functions_reg->disabled_functions); |
| 155 | FREE_LST_DISABLE(config_disabled_functions_reg_ret->disabled_functions); | 154 | FREE_LST_DISABLE(config_disabled_functions_reg_ret->disabled_functions); |
| 156 | #undef FREE_LST_DISABLE | 155 | #undef FREE_LST_DISABLE |
| @@ -184,24 +183,26 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { | |||
| 184 | } | 183 | } |
| 185 | 184 | ||
| 186 | PHP_RINIT_FUNCTION(snuffleupagus) { | 185 | PHP_RINIT_FUNCTION(snuffleupagus) { |
| 187 | const sp_config_wrapper* config_wrapper = | 186 | const sp_config_wrapper *config_wrapper = |
| 188 | SNUFFLEUPAGUS_G(config).config_wrapper; | 187 | SNUFFLEUPAGUS_G(config).config_wrapper; |
| 189 | #if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) | 188 | #if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) |
| 190 | ZEND_TSRMLS_CACHE_UPDATE(); | 189 | ZEND_TSRMLS_CACHE_UPDATE(); |
| 191 | #endif | 190 | #endif |
| 192 | 191 | ||
| 193 | if (!SNUFFLEUPAGUS_G(allow_broken_configuration)) { | 192 | if (!SNUFFLEUPAGUS_G(allow_broken_configuration)) { |
| 194 | if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_INVALID ) { | 193 | if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_INVALID) { |
| 195 | sp_log_err("config", "Invalid configuration file"); | 194 | sp_log_err("config", "Invalid configuration file"); |
| 196 | } else if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_NONE) { | 195 | } else if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_NONE) { |
| 197 | sp_log_warn("config", "No configuration specificed via sp.configuration_file"); | 196 | sp_log_warn("config", |
| 197 | "No configuration specificed via sp.configuration_file"); | ||
| 198 | } | 198 | } |
| 199 | } | 199 | } |
| 200 | 200 | ||
| 201 | // We need to disable wrappers loaded by extensions loaded after SNUFFLEUPAGUS. | 201 | // We need to disable wrappers loaded by extensions loaded after |
| 202 | // SNUFFLEUPAGUS. | ||
| 202 | if (config_wrapper->enabled && | 203 | if (config_wrapper->enabled && |
| 203 | zend_hash_num_elements(php_stream_get_url_stream_wrappers_hash()) != | 204 | zend_hash_num_elements(php_stream_get_url_stream_wrappers_hash()) != |
| 204 | config_wrapper->num_wrapper) { | 205 | config_wrapper->num_wrapper) { |
| 205 | sp_disable_wrapper(); | 206 | sp_disable_wrapper(); |
| 206 | } | 207 | } |
| 207 | 208 | ||
| @@ -218,7 +219,7 @@ PHP_RSHUTDOWN_FUNCTION(snuffleupagus) { return SUCCESS; } | |||
| 218 | 219 | ||
| 219 | PHP_MINFO_FUNCTION(snuffleupagus) { | 220 | PHP_MINFO_FUNCTION(snuffleupagus) { |
| 220 | const char *valid_config; | 221 | const char *valid_config; |
| 221 | switch(SNUFFLEUPAGUS_G(is_config_valid)) { | 222 | switch (SNUFFLEUPAGUS_G(is_config_valid)) { |
| 222 | case SP_CONFIG_VALID: | 223 | case SP_CONFIG_VALID: |
| 223 | valid_config = "yes"; | 224 | valid_config = "yes"; |
| 224 | break; | 225 | break; |
| @@ -230,10 +231,11 @@ PHP_MINFO_FUNCTION(snuffleupagus) { | |||
| 230 | valid_config = "no"; | 231 | valid_config = "no"; |
| 231 | } | 232 | } |
| 232 | php_info_print_table_start(); | 233 | php_info_print_table_start(); |
| 233 | php_info_print_table_row(2, "snuffleupagus support", | 234 | php_info_print_table_row( |
| 234 | SNUFFLEUPAGUS_G(is_config_valid)?"enabled":"disabled"); | 235 | 2, "snuffleupagus support", |
| 236 | SNUFFLEUPAGUS_G(is_config_valid) ? "enabled" : "disabled"); | ||
| 235 | php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION); | 237 | php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION); |
| 236 | php_info_print_table_row( 2, "Valid config", valid_config); | 238 | php_info_print_table_row(2, "Valid config", valid_config); |
| 237 | php_info_print_table_end(); | 239 | php_info_print_table_end(); |
| 238 | DISPLAY_INI_ENTRIES(); | 240 | DISPLAY_INI_ENTRIES(); |
| 239 | } | 241 | } |
| @@ -315,11 +317,12 @@ static PHP_INI_MH(OnUpdateConfiguration) { | |||
| 315 | 317 | ||
| 316 | // If `zend_write_default` is not NULL it is already hooked. | 318 | // If `zend_write_default` is not NULL it is already hooked. |
| 317 | if ((zend_hash_str_find( | 319 | if ((zend_hash_str_find( |
| 318 | SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked, "echo", | 320 | SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked, "echo", |
| 319 | sizeof("echo") - 1) || | 321 | sizeof("echo") - 1) || |
| 320 | zend_hash_str_find( | 322 | zend_hash_str_find( |
| 321 | SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, "echo", | 323 | SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, "echo", |
| 322 | sizeof("echo") - 1)) && NULL == zend_write_default) { | 324 | sizeof("echo") - 1)) && |
| 325 | NULL == zend_write_default) { | ||
| 323 | zend_write_default = zend_write; | 326 | zend_write_default = zend_write; |
| 324 | zend_write = hook_echo; | 327 | zend_write = hook_echo; |
| 325 | } | 328 | } |
diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c index 9dea33c..f9712b5 100644 --- a/src/sp_disable_xxe.c +++ b/src/sp_disable_xxe.c | |||
| @@ -1,12 +1,15 @@ | |||
| 1 | #include "php_snuffleupagus.h" | 1 | #include "php_snuffleupagus.h" |
| 2 | 2 | ||
| 3 | PHP_FUNCTION(sp_libxml_disable_entity_loader) { | 3 | PHP_FUNCTION(sp_libxml_disable_entity_loader) { |
| 4 | sp_log_warn( "xxe", "A call to libxml_disable_entity_loader was tried and nopped"); | 4 | sp_log_warn("xxe", |
| 5 | "A call to libxml_disable_entity_loader was tried and nopped"); | ||
| 5 | RETURN_TRUE; | 6 | RETURN_TRUE; |
| 6 | } | 7 | } |
| 7 | 8 | ||
| 8 | PHP_FUNCTION(sp_libxml_set_external_entity_loader) { | 9 | PHP_FUNCTION(sp_libxml_set_external_entity_loader) { |
| 9 | sp_log_warn("xxe", "A call to libxml_set_external_entity_loader was tried and nopped"); | 10 | sp_log_warn( |
| 11 | "xxe", | ||
| 12 | "A call to libxml_set_external_entity_loader was tried and nopped"); | ||
| 10 | RETURN_TRUE; | 13 | RETURN_TRUE; |
| 11 | } | 14 | } |
| 12 | 15 | ||
diff --git a/src/sp_utils.c b/src/sp_utils.c index a1fa400..3d2dfcc 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c | |||
| @@ -19,7 +19,7 @@ const char* get_ipaddr() { | |||
| 19 | return fwd_ip; | 19 | return fwd_ip; |
| 20 | } | 20 | } |
| 21 | 21 | ||
| 22 | return default_ipaddr; | 22 | return default_ipaddr; |
| 23 | } | 23 | } |
| 24 | 24 | ||
| 25 | void sp_log_msgf(char const* restrict feature, int level, int type, | 25 | void sp_log_msgf(char const* restrict feature, int level, int type, |