diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/config.m4 | 2 | ||||
| -rw-r--r-- | src/snuffleupagus.c | 4 | ||||
| -rw-r--r-- | src/sp_config_keywords.c | 30 | ||||
| -rw-r--r-- | src/sp_execute.c | 2 |
4 files changed, 36 insertions, 2 deletions
diff --git a/src/config.m4 b/src/config.m4 index 1958979..619dcbd 100644 --- a/src/config.m4 +++ b/src/config.m4 | |||
| @@ -31,6 +31,8 @@ CFLAGS="$CFLAGS -fstack-protector-strong" | |||
| 31 | 31 | ||
| 32 | LDFLAGS="$LDFLAGS `pcre2-config --libs8`" | 32 | LDFLAGS="$LDFLAGS `pcre2-config --libs8`" |
| 33 | 33 | ||
| 34 | AX_CHECK_COMPILE_FLAG([-Wl,-z,relro,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"], {}, [-Werror]) | ||
| 35 | |||
| 34 | if test "$PHP_DEBUG" = "yes"; then | 36 | if test "$PHP_DEBUG" = "yes"; then |
| 35 | AC_DEFINE(SP_DEBUG, 1, [Enable SP debug messages]) | 37 | AC_DEFINE(SP_DEBUG, 1, [Enable SP debug messages]) |
| 36 | CFLAGS="$CFLAGS -g -ggdb -O0" | 38 | CFLAGS="$CFLAGS -g -ggdb -O0" |
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 1f5b660..30f6b3d 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c | |||
| @@ -265,7 +265,7 @@ static void add_df_to_arr(zval *arr, sp_disabled_function const *const df) { | |||
| 265 | if (df->functions_list && df->functions_list->data) { | 265 | if (df->functions_list && df->functions_list->data) { |
| 266 | zval arr_fl; | 266 | zval arr_fl; |
| 267 | array_init(&arr_fl); | 267 | array_init(&arr_fl); |
| 268 | for (sp_list_node *p = df->functions_list; p; p = p->next) { add_next_index_str(&arr_fl, p->data); } | 268 | for (sp_list_node *p = df->functions_list; p; p = p->next) { add_next_index_string(&arr_fl, (char*)p->data); } |
| 269 | add_assoc_zval(&arr_df, "function_list", &arr_fl); | 269 | add_assoc_zval(&arr_df, "function_list", &arr_fl); |
| 270 | } else { | 270 | } else { |
| 271 | add_assoc_null(&arr_df, "function_list"); | 271 | add_assoc_null(&arr_df, "function_list"); |
| @@ -283,6 +283,7 @@ static void add_df_to_arr(zval *arr, sp_disabled_function const *const df) { | |||
| 283 | add_assoc_long(&arr_df, SP_TOKEN_LINE_NUMBER, df->line); | 283 | add_assoc_long(&arr_df, SP_TOKEN_LINE_NUMBER, df->line); |
| 284 | ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_RET, df->ret); | 284 | ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_RET, df->ret); |
| 285 | ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_RET_REGEXP, df->r_ret); | 285 | ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_RET_REGEXP, df->r_ret); |
| 286 | add_assoc_long(&arr_df, SP_TOKEN_RET_TYPE, df->ret_type); | ||
| 286 | ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_VALUE, df->value); | 287 | ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_VALUE, df->value); |
| 287 | ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_VALUE_REGEXP, df->r_value); | 288 | ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_VALUE_REGEXP, df->r_value); |
| 288 | ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_KEY, df->key); | 289 | ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_KEY, df->key); |
| @@ -495,6 +496,7 @@ static PHP_INI_MH(OnUpdateConfiguration) { | |||
| 495 | 496 | ||
| 496 | // set some defaults | 497 | // set some defaults |
| 497 | SPCFG(show_old_php_warning) = true; | 498 | SPCFG(show_old_php_warning) = true; |
| 499 | SPCFG(readonly_exec).extended_checks = true; | ||
| 498 | 500 | ||
| 499 | char *str = new_value->val; | 501 | char *str = new_value->val; |
| 500 | 502 | ||
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index ea4e1cd..fa26635 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c | |||
| @@ -228,9 +228,32 @@ SP_PARSE_FN(parse_cookie) { | |||
| 228 | ZSTR_VAL(samesite), parsed_rule->lineno); | 228 | ZSTR_VAL(samesite), parsed_rule->lineno); |
| 229 | goto err; | 229 | goto err; |
| 230 | } | 230 | } |
| 231 | zend_string_release(samesite); | ||
| 232 | samesite = NULL; | ||
| 231 | } | 233 | } |
| 232 | 234 | ||
| 233 | SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie); | 235 | // find other cookie entry with identical name or name_r |
| 236 | sp_cookie *entry = NULL; | ||
| 237 | sp_list_node *pList = NULL; | ||
| 238 | for (pList = SPCFG(cookie).cookies; pList; pList = pList->next) { | ||
| 239 | entry = pList->data; | ||
| 240 | if (!entry) { continue; } | ||
| 241 | if ((entry->name && cookie->name && sp_zend_string_equals(entry->name, cookie->name)) || | ||
| 242 | (entry->name_r && cookie->name_r && sp_zend_string_equals(entry->name_r->pattern, cookie->name_r->pattern))) { | ||
| 243 | break; | ||
| 244 | } | ||
| 245 | } | ||
| 246 | if (pList && entry) { | ||
| 247 | // override cookie settings if set | ||
| 248 | if (cookie->samesite) { entry->samesite = cookie->samesite; } | ||
| 249 | if (cookie->encrypt) { entry->encrypt = cookie->encrypt; } | ||
| 250 | if (cookie->simulation) { entry->simulation = cookie->simulation; } | ||
| 251 | sp_free_cookie(cookie); | ||
| 252 | pefree(cookie, 1); | ||
| 253 | cookie = NULL; | ||
| 254 | } else { | ||
| 255 | SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie); | ||
| 256 | } | ||
| 234 | 257 | ||
| 235 | return SP_PARSER_STOP; | 258 | return SP_PARSER_STOP; |
| 236 | 259 | ||
| @@ -492,6 +515,11 @@ SP_PARSE_FN(parse_ini_entry) { | |||
| 492 | goto err; | 515 | goto err; |
| 493 | } | 516 | } |
| 494 | 517 | ||
| 518 | if (zend_hash_find_ptr(SPCFG(ini).entries, entry->key)) { | ||
| 519 | sp_log_err("config", "duplicate INI key '%s' on line %zu", ZSTR_VAL(entry->key), parsed_rule->lineno); | ||
| 520 | goto err; | ||
| 521 | } | ||
| 522 | |||
| 495 | if (ro && rw) { | 523 | if (ro && rw) { |
| 496 | sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", parsed_rule->lineno); | 524 | sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", parsed_rule->lineno); |
| 497 | goto err; | 525 | goto err; |
diff --git a/src/sp_execute.c b/src/sp_execute.c index 81614f3..b4e5c6c 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | #include "php_snuffleupagus.h" | 1 | #include "php_snuffleupagus.h" |
| 2 | #include "ext/standard/php_string.h" | ||
| 2 | 3 | ||
| 3 | static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL; | 4 | static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL; |
| 4 | static void (*orig_zend_execute_internal)(zend_execute_data *execute_data, | 5 | static void (*orig_zend_execute_internal)(zend_execute_data *execute_data, |
| @@ -40,6 +41,7 @@ ZEND_COLD static inline void terminate_if_writable(char const* const filename) { | |||
| 40 | php_dirname(dirname, strlen(dirname)); | 41 | php_dirname(dirname, strlen(dirname)); |
| 41 | if (0 == access(dirname, W_OK)) { | 42 | if (0 == access(dirname, W_OK)) { |
| 42 | errmsg = "Attempted execution of a file in a writable directory"; | 43 | errmsg = "Attempted execution of a file in a writable directory"; |
| 44 | |||
| 43 | efree(dirname); | 45 | efree(dirname); |
| 44 | goto violation; | 46 | goto violation; |
| 45 | } | 47 | } |