3 files changed, 25 insertions, 21 deletions
diff --git a/src/sp_config.h b/src/sp_config.h
index b8fd679..8ef62a2 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -66,6 +66,8 @@ typedef struct {
 } sp_config_unserialize;
 typedef struct {
+  char *textual_representation;
  char *filename;
  pcre *r_filename;
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index 9bb8021..dd9a880 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -287,6 +287,7 @@ int parse_disabled_functions(char *line) {
    }
  }
  df->allow = allow;
+  df->textual_representation = estrdup(line);
  if (df->function) {
    df->functions_list = parse_functions_list(df->function);
diff --git a/src/sp_utils.c b/src/sp_utils.c
index e2747fb..74fbff7 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -80,7 +80,8 @@ int compute_hash(const char* const filename, char* file_hash) {
  return SUCCESS;
 }
-static int construct_filename(char* filename, const char* folder) {
+static int construct_filename(char* filename, const char* folder,
+                const char* textual) {
  time_t t = time(NULL);
  struct tm* tm = localtime(&t);  // FIXME use `localtime_r` instead
  struct timeval tval;
@@ -91,25 +92,22 @@ static int construct_filename(char* filename, const char* folder) {
    return -1;
  }
-  memcpy(filename, folder, strlen(folder));
+  /* We're using the sha256 sum of the rule's textual representation
-  strcat(filename, "sp_dump_");
+   * as filename, in order to only have one dump per rule, to migitate
-  strftime(filename + strlen(filename), 27, "%F_%T:", tm);
+   * DoS attacks. */
-  gettimeofday(&tval, NULL);
+  PHP_SHA256_CTX context;
-  sprintf(filename + strlen(filename), "%04ld", tval.tv_usec);
+  unsigned char digest[SHA256_SIZE] = {0};
-  strcat(filename, "_");
+  char strhash[65] = {0};
+  PHP_SHA256Init(&context);
-  char* remote_addr = getenv("REMOTE_ADDR");
+  PHP_SHA256Update(&context, (const unsigned char *) textual, strlen(textual));
-  if (remote_addr) { // ipv6: 8*4 bytes + 7 colons = 39 chars max
+  PHP_SHA256Final(digest, &context);
-    strncat(filename, remote_addr, 40);
+  make_digest_ex(strhash, digest, SHA256_SIZE);
-  } else {
+  snprintf(filename, MAX_FOLDER_LEN-1, "%s/sp_dump.%s", folder, strhash);
-    strcat(filename, "0.0.0.0");
-  }
-  strcat(filename, ".dump");
  return 0;
 }
-int sp_log_request(const char* folder) {
+int sp_log_request(const char* folder, const char* text_repr) {
  FILE* file;
  const char* current_filename = zend_get_executed_filename(TSRMLS_C);
  const int current_line = zend_get_executed_lineno(TSRMLS_C);
@@ -124,15 +122,18 @@ int sp_log_request(const char* folder) {
        // Apparently, PHP has trouble always giving SERVER,
        // and REQUEST is never used in its source code.
-  if (0 != construct_filename(filename, folder)) {
+  if (0 != construct_filename(filename, folder, text_repr)) {
    return -1;
  }
  if (NULL == (file = fopen(filename, "w+"))) {
-    sp_log_err("request_logging", "Unable to open %s", filename);
+    sp_log_err("request_logging", "Unable to open %s: %s", filename,
+                                strerror(errno));
    return -1;
  }
-  fprintf(file, "%s:%d\n", current_filename, current_line);
+  fprintf(file, "RULE: %s\n", text_repr);
+  fprintf(file, "FILE: %s:%d\n", current_filename, current_line);
  for (size_t i = 0; i < (sizeof(zones) / sizeof(zones[0])) - 1; i++) {
    zval* variable_value;
    zend_string* variable_key;
@@ -249,7 +250,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
    }
  }
  if (dump) {
-    sp_log_request(config_node->dump);
+    sp_log_request(config_node->dump, config_node->textual_representation);
  }
 }
@@ -273,7 +274,7 @@ void sp_log_disable_ret(const char* restrict path,
        zend_get_executed_lineno(TSRMLS_C), ret_value?ret_value:"?", path);
  }
  if (dump) {
-    sp_log_request(dump);
+    sp_log_request(dump, config_node->textual_representation);
  }
 }

diff --git a/src/sp_config.h b/src/sp_config.h index b8fd679..8ef62a2 100644 --- a/src/sp_config.h +++ b/src/sp_config.h
@@ -66,6 +66,8 @@ typedef struct {
66	} sp_config_unserialize;	66	} sp_config_unserialize;
67		67
68	typedef struct {	68	typedef struct {
		69	char *textual_representation;
		70
69	char *filename;	71	char *filename;
70	pcre *r_filename;	72	pcre *r_filename;
71		73


diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 9bb8021..dd9a880 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c
@@ -287,6 +287,7 @@ int parse_disabled_functions(char *line) {
287	}	287	}
288	}	288	}
289	df->allow = allow;	289	df->allow = allow;
		290	df->textual_representation = estrdup(line);
290		291
291	if (df->function) {	292	if (df->function) {
292	df->functions_list = parse_functions_list(df->function);	293	df->functions_list = parse_functions_list(df->function);


diff --git a/src/sp_utils.c b/src/sp_utils.c index e2747fb..74fbff7 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c
@@ -80,7 +80,8 @@ int compute_hash(const char* const filename, char* file_hash) {
80	return SUCCESS;	80	return SUCCESS;
81	}	81	}
82		82
83	static int construct_filename(char* filename, const char* folder) {	83	static int construct_filename(char* filename, const char* folder,
		84	const char* textual) {
84	time_t t = time(NULL);	85	time_t t = time(NULL);
85	struct tm* tm = localtime(&t); // FIXME use `localtime_r` instead	86	struct tm* tm = localtime(&t); // FIXME use `localtime_r` instead
86	struct timeval tval;	87	struct timeval tval;
@@ -91,25 +92,22 @@ static int construct_filename(char* filename, const char* folder) {
91	return -1;	92	return -1;
92	}	93	}
93		94
94	memcpy(filename, folder, strlen(folder));	95	/* We're using the sha256 sum of the rule's textual representation
95	strcat(filename, "sp_dump_");	96	* as filename, in order to only have one dump per rule, to migitate
96	strftime(filename + strlen(filename), 27, "%F_%T:", tm);	97	* DoS attacks. */
97	gettimeofday(&tval, NULL);	98	PHP_SHA256_CTX context;
98	sprintf(filename + strlen(filename), "%04ld", tval.tv_usec);	99	unsigned char digest[SHA256_SIZE] = {0};
99	strcat(filename, "_");	100	char strhash[65] = {0};
100		101	PHP_SHA256Init(&context);
101	char* remote_addr = getenv("REMOTE_ADDR");	102	PHP_SHA256Update(&context, (const unsigned char *) textual, strlen(textual));
102	if (remote_addr) { // ipv6: 8*4 bytes + 7 colons = 39 chars max	103	PHP_SHA256Final(digest, &context);
103	strncat(filename, remote_addr, 40);	104	make_digest_ex(strhash, digest, SHA256_SIZE);
104	} else {	105	snprintf(filename, MAX_FOLDER_LEN-1, "%s/sp_dump.%s", folder, strhash);
105	strcat(filename, "0.0.0.0");
106	}
107	strcat(filename, ".dump");
108		106
109	return 0;	107	return 0;
110	}	108	}
111		109
112	int sp_log_request(const char* folder) {	110	int sp_log_request(const char* folder, const char* text_repr) {
113	FILE* file;	111	FILE* file;
114	const char* current_filename = zend_get_executed_filename(TSRMLS_C);	112	const char* current_filename = zend_get_executed_filename(TSRMLS_C);
115	const int current_line = zend_get_executed_lineno(TSRMLS_C);	113	const int current_line = zend_get_executed_lineno(TSRMLS_C);
@@ -124,15 +122,18 @@ int sp_log_request(const char* folder) {
124	// Apparently, PHP has trouble always giving SERVER,	122	// Apparently, PHP has trouble always giving SERVER,
125	// and REQUEST is never used in its source code.	123	// and REQUEST is never used in its source code.
126		124
127	if (0 != construct_filename(filename, folder)) {	125	if (0 != construct_filename(filename, folder, text_repr)) {
128	return -1;	126	return -1;
129	}	127	}
130	if (NULL == (file = fopen(filename, "w+"))) {	128	if (NULL == (file = fopen(filename, "w+"))) {
131	sp_log_err("request_logging", "Unable to open %s", filename);	129	sp_log_err("request_logging", "Unable to open %s: %s", filename,
		130	strerror(errno));
132	return -1;	131	return -1;
133	}	132	}
134		133
135	fprintf(file, "%s:%d\n", current_filename, current_line);	134	fprintf(file, "RULE: %s\n", text_repr);
		135
		136	fprintf(file, "FILE: %s:%d\n", current_filename, current_line);
136	for (size_t i = 0; i < (sizeof(zones) / sizeof(zones[0])) - 1; i++) {	137	for (size_t i = 0; i < (sizeof(zones) / sizeof(zones[0])) - 1; i++) {
137	zval* variable_value;	138	zval* variable_value;
138	zend_string* variable_key;	139	zend_string* variable_key;
@@ -249,7 +250,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
249	}	250	}
250	}	251	}
251	if (dump) {	252	if (dump) {
252	sp_log_request(config_node->dump);	253	sp_log_request(config_node->dump, config_node->textual_representation);
253	}	254	}
254	}	255	}
255		256
@@ -273,7 +274,7 @@ void sp_log_disable_ret(const char* restrict path,
273	zend_get_executed_lineno(TSRMLS_C), ret_value?ret_value:"?", path);	274	zend_get_executed_lineno(TSRMLS_C), ret_value?ret_value:"?", path);
274	}	275	}
275	if (dump) {	276	if (dump) {
276	sp_log_request(dump);	277	sp_log_request(dump, config_node->textual_representation);
277	}	278	}
278	}	279	}
279		280