summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-11-29Add a test for `include`jvoisin
2017-11-29Fix segfault in should_drop_on_ret xXx-caillou-xXx
This commit is almost the same than 8df77884f38e7a7334b56aafe2f441567f175af8
2017-11-29Implement eval hookingjvoisin
It's not possible to hook the `eval` builtin like other functions.
2017-11-29Fix segfault in sp_disabled_functions.cxXx-caillou-xXx
There was an off-by-one in `should_disable`, effectively smashing the last byte of the stack canary. This was discovered while building the package for Alpine Linux. Kudos to their hardened toolchain!
2017-11-28Use an "internal link" for our berlinsides talkjvoisin
2017-11-28Add our berlinsides slidesjvoisin
2017-11-28Add some references for `unserialize`, and fix an external linkjvoisin
2017-11-28Fix a link in the documentationjvoisin
2017-11-27Improve Archlinux' PKGBUILD wrt. gitxXx-caillou-xXx
2017-11-27Archlinux pkgxXx-caillou-xXx
Add a PKGBUILD for Archlinux
2017-11-27Improve a link, thanks to @mikewestjvoisin
2017-11-27Improve our nonce's randomnessjvoisin
2017-11-27Initialize some possibly uninitialized variablesjvoisin
Thanks to coverity
2017-11-24Add a small bla about user-agent and encryptionjvoisin
This should close #70
2017-11-24Fix harden_rand (#72)jvoisin
This one was tricky. It was a great half-hour of joy, full of macros, ctags, gdb, radare2, tears, hardcoded `int3`, … to finally find that php calls `return` when it fails to parse some parameters for various reasons, even if everything goes fine. This must be a better way to do this, but this is good enough™ for now. This closes #66
2017-11-24Implement anti csrf measuresxXx-caillou-xXx
This is done by using the "samesite" cookie attribute.
2017-11-18Add a link to our blackalps talkjvoisin
2017-11-17Add our blackalps 2017 slidesjvoisin
2017-11-13Fix a silly warningjvoisin
2017-11-12Improve a bit the filter-related documentationjvoisin
2017-11-06Add a failing testjvoisin
2017-11-0653 absolute path (#62)jvoisin
* Add error for relative path
2017-11-01Travis is now pushing to coverityjvoisin
2017-10-31Add a test to match on arrayjvoisin
2017-10-31Minor factorization of the keyword parsing codejvoisin
2017-10-31Unify two struct members related to virtual-patchingxXx-caillou-xXx
This should close #65
2017-10-31Minor factorizationjvoisin
2017-10-31Remove an unused variablejvoisin
2017-10-31Merge pull request #60 from nbs-system/fix_off_by_oneThibault "bui" Koechlin
Fix a silly and useless off-by-one
2017-10-31Merge pull request #63 from nbs-system/fix_toctouThibault "bui" Koechlin
Fix a silly TOCTOU to make coverity happy
2017-10-30Fix a silly TOCTOU to make coverity happyjvoisin
2017-10-30Minor code cleanupjvoisin
2017-10-30Fix the segfault?jvoisin
2017-10-30Bump coverage and simplify some codejvoisin
2017-10-30Merge pull request #54 from arpd/43-free-at-shutdownblotus
43 free at shutdown
2017-10-30Fix a silly and useless off-by-onejvoisin
2017-10-27Bump the coveragejvoisin
2017-10-27Improve a bit the coverage wrt. broken configurationsjvoisin
2017-10-26Free additionally allocated `sp_list` instancesBen Foster
References #43.
2017-10-26Renames `sp_new_list` -> `sp_list_new`Ben Foster
To be consistent with the rest of the `sp_list` functions.
2017-10-26Free `config_disabled_constructs`Ben Foster
In reference to #43.
2017-10-26Remove an arbitrary limitationjvoisin
2017-10-26Improve a bit our CONTRIBUTING.md filejvoisin
2017-10-26Added some debugging tips to ContributingBen Foster
2017-10-25.drop() is now bailoutjvoisin
Courtesy of @buixor
2017-10-25Make the testsuite a bit more robustjvoisin
2017-10-24Bump coverage ♥jvoisin
2017-10-24Remove the `enable` member from the disable function structurejvoisin
Also add some more tests
2017-10-23Add a test for unmatched bracketsjvoisin
2017-10-23Add some tests for upload validation and fix a related typojvoisin