| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
```
Program terminated with signal SIGSEGV, Segmentation fault.
20 if (!(func->common.function_name)) {
(gdb) info locals
func = 0x0
function_name = 0xffb25f6d0190 "SearchByCallback"
complete_path_function = 0xffb26c8a0570 "\240\005\212l\262\377"
```
It seems that in some callback shenanigans, there is currently no non-NULL
`func` member in execute_data. PHP truly is marvelous.
This should close #515
|
|
|
|
|
|
|
|
|
|
sp_log_debug() does not take a feature as first argument:
src/sp_wrapper.c: In function 'sp_reregister_php_wrapper':
src/sp_utils.h:61:53: warning: too many arguments for format [-Wformat-extra-args]
61 | if (sp_debug_stderr > 0) dprintf(sp_debug_stderr, "[snuffleupagus][DEBUG] %s(): " fmt "\n", __FUNCTION__, ##__VA_ARGS__);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/sp_wrapper.c:144:3: note: in expansion of macro 'sp_log_debug'
144 | sp_log_debug(LOG_FEATURE, "Stream \"php\" successfully re-registered");
| ^~~~~~~~~~~~
|
|
Please GCC conversion warning:
src/sp_upload_validation.c: In function 'sp_rfc1867_callback':
src/sp_utils.h:61:53: warning: format '%lld' expects argument of type 'long long int', but argument 7 has type 'zend_long' {aka 'long int'} [-Wformat=]
61 | if (sp_debug_stderr > 0) dprintf(sp_debug_stderr, "[snuffleupagus][DEBUG] %s(): " fmt "\n", __FUNCTION__, ##__VA_ARGS__);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/sp_upload_validation.c:48:7: note: in expansion of macro 'sp_log_debug'
48 | sp_log_debug("Filename: %s\nTmpname: %s\nSize: %zd\nError: %lld\nScript: %s",
| ^~~~~~~~~~~~
|
|
Do not dereference the hash key for cookie encryption if it's NULL:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 zend_string_equal_content (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:386
No locals.
#1 zend_string_equals (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:391
No locals.
#2 sp_match_value (value=0x0, to_match=0x79bdb92170f0, rx=0x0) at ./src/sp_utils.c:273
No locals.
#3 0x00007989377b0709 in sp_lookup_cookie_config (key=0x0) at ./src/sp_cookie_encryption.c:8
config = 0x79bdb92158d0
it = 0x79ae80dabd00
it = <optimized out>
config = <optimized out>
#4 decrypt_cookie (pDest=0x79893b6787c0, num_args=<optimized out>, args=<optimized out>, hash_key=0x7ffe657c3880) at ./src/sp_cookie_encryption.c:19
cookie = <optimized out>
#5 0x000061875aac52df in zend_hash_apply_with_arguments ()
No symbol table info available.
#6 0x00007989377ae74b in zm_activate_snuffleupagus (type=<optimized out>, module_number=<optimized out>) at ./src/snuffleupagus.c:228
config_wrapper = 0x7989377c3490 <snuffleupagus_globals+144>
#7 0x000061875aa21710 in zend_activate_modules ()
No symbol table info available.
#8 0x000061875a9a7f18 in php_request_startup ()
No symbol table info available.
|
|
|
|
|
|
|
|
People are usually well-aware of the outdatedness of the PHP version they're
running, which is likely why they're running Snuffleupagus in the first place.
This feature shouldn't have been enabled by default, and I fail to see any case
where anyone would want to enable it. Moreover, it doesn't take LTS versions
from vendors/distributions into account, thus breaking on RHEL/Debian (old)stable.
|
|
> configure: error: Could not find awk; Install GNU awk
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
vld-beta is currently bugged.
|
|
This is a follow-up for d7b7a0d4e10d.
|
|
tidy up
|
|
Spotted by @kpcyrd
|
|
|
|
|
|
See https://github.com/jvoisin/snuffleupagus/issues/498 for details.
|
|
PHP changed some includes for PHP8.4. This commit also adds php8.4-rc to the CI
This fixes #497 and #496
Reported-by: rainerjung
|
|
It's not shipped anymore on Debian stable.
|
|
|
|
|
|
No need to use an ulong, an uint is more than enough for our usecases.
This fixes the following warning:
```
src/sp_config.c:207:20: runtime error: store to misaligned address 0x796d1f9a78d4 for type 'u_long', which requires 8 byte alignment
0x796d1f9a78d4: note: pointer points here
00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x796d1f92251a in parse_ulong src/sp_config.c:207
#1 0x796d1f9239a9 in sp_process_rule src/sp_config.c:76
#2 0x796d1f92404f in sp_process_config_root src/sp_config.c:31
#3 0x796d1f96770d in sp_config_scan src/sp_config_scanner.c:1482
#4 0x796d1f922cd3 in sp_parse_config src/sp_config.c:62
#5 0x796d1f91e6cf in OnUpdateConfiguration src/snuffleupagus.c:522
#6 0x598aae727646 in zend_register_ini_entries_ex (/usr/bin/php8.2+0x36d646) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#7 0x796d1f91cae1 in zm_startup_snuffleupagus src/snuffleupagus.c:121
#8 0x598aae6b70df in zend_startup_module_ex (/usr/bin/php8.2+0x2fd0df) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#9 0x598aae6b717f (/usr/bin/php8.2+0x2fd17f) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#10 0x598aae6c566a in zend_hash_apply (/usr/bin/php8.2+0x30b66a) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#11 0x598aae64c0b5 in php_module_startup (/usr/bin/php8.2+0x2920b5) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#12 0x598aae4e2265 (/usr/bin/php8.2+0x128265) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#13 0x796d21b4dc89 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#14 0x796d21b4dd44 in __libc_start_main_impl ../csu/libc-start.c:360
#15 0x598aae4e3550 in _start (/usr/bin/php8.2+0x129550) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/sp_config.c:207:20 in
```
|
|
This should fix the following compilation issue:
```
/wrkdirs/usr/ports/security/snuffleupagus/work-php83/snuffleupagus-0.10.0/src/sp_utils.c:438:37: error: too few arguments provided to function-like macro invocation
438 | memcpy(mb_name, ZEND_STRL("mb_"));
| ^
/usr/include/ssp/string.h:117:9: note: macro 'memcpy' defined here
117 | #define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
```
|
|
|
|
Clean the source directory before building the source for the Debian
package.
|
|
|
|
|
|
Not sure this is needed, but better safe than sorry.
|
|
|
|
In addition of the current possibility to filter wrappers by their
protocol name, also add the option to filter the "php" wrapper by the
requested kind.
Especially the 'filter' backend can be disabled that way.
|
|
Annotate the common logging function sp_log_msgf() with the format
attribute so compilers can check the used format string and passed
arguments for discrepancies.
Adjust the lineno printing by using %zu and the type size_t
consistently.
|
|
src/sp_unserialize.c: In function 'zif_sp_unserialize':
src/sp_unserialize.c:131:15: warning: unused variable 'orig_handler' [-Wunused-variable]
131 | zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize"));
| ^~~~~~~~~~~~
|
|
|
|
|
|
|
|
Adjusts casts to void dropping const qualifiers. This helps to avoid
mistakes, e.g. modifying string literals.
Also use size_t for length, similar to the upstream php interfaces.
|
|
Avoid missing prototype warnings by declaring variables and functions
that are only used in a single file static.
|
