| Age | Commit message (Collapse) | Author |
|---|
|
Dead since almost 5 years with commit ae4ac9f ("properly free memory on
shutdown")
|
|
Can causes issues on uncommon architectures, like s390x.
|
|
|
|
|
|
People are usually well-aware of the outdatedness of the PHP version they're
running, which is likely why they're running Snuffleupagus in the first place.
This feature shouldn't have been enabled by default, and I fail to see any case
where anyone would want to enable it. Moreover, it doesn't take LTS versions
from vendors/distributions into account, thus breaking on RHEL/Debian (old)stable.
|
|
No need to use an ulong, an uint is more than enough for our usecases.
This fixes the following warning:
```
src/sp_config.c:207:20: runtime error: store to misaligned address 0x796d1f9a78d4 for type 'u_long', which requires 8 byte alignment
0x796d1f9a78d4: note: pointer points here
00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x796d1f92251a in parse_ulong src/sp_config.c:207
#1 0x796d1f9239a9 in sp_process_rule src/sp_config.c:76
#2 0x796d1f92404f in sp_process_config_root src/sp_config.c:31
#3 0x796d1f96770d in sp_config_scan src/sp_config_scanner.c:1482
#4 0x796d1f922cd3 in sp_parse_config src/sp_config.c:62
#5 0x796d1f91e6cf in OnUpdateConfiguration src/snuffleupagus.c:522
#6 0x598aae727646 in zend_register_ini_entries_ex (/usr/bin/php8.2+0x36d646) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#7 0x796d1f91cae1 in zm_startup_snuffleupagus src/snuffleupagus.c:121
#8 0x598aae6b70df in zend_startup_module_ex (/usr/bin/php8.2+0x2fd0df) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#9 0x598aae6b717f (/usr/bin/php8.2+0x2fd17f) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#10 0x598aae6c566a in zend_hash_apply (/usr/bin/php8.2+0x30b66a) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#11 0x598aae64c0b5 in php_module_startup (/usr/bin/php8.2+0x2920b5) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#12 0x598aae4e2265 (/usr/bin/php8.2+0x128265) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
#13 0x796d21b4dc89 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#14 0x796d21b4dd44 in __libc_start_main_impl ../csu/libc-start.c:360
#15 0x598aae4e3550 in _start (/usr/bin/php8.2+0x129550) (BuildId: 5228f916ded87172ddf0f3eca448f1e43874d60f)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/sp_config.c:207:20 in
```
|
|
In addition of the current possibility to filter wrappers by their
protocol name, also add the option to filter the "php" wrapper by the
requested kind.
Especially the 'filter' backend can be disabled that way.
|
|
Adjusts casts to void dropping const qualifiers. This helps to avoid
mistakes, e.g. modifying string literals.
Also use size_t for length, similar to the upstream php interfaces.
|
|
|
|
|
|
introduced config options:
readonly_exec.extended_checks() or xchecks()
readonly_exec.no_extended_checks() or noxchecks()
|
|
|
|
|
|
|
|
|
|
|
|
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible
* SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read
* execution_depth is re-initialized to 0 for each request
* function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1
* execution is actually hooked if recursion protection is enabled
* some line breaks were removed to make the code more readable
|
|
|
|
|
|
|
|
fixed related unittests
|
|
|
|
|
|
|
|
|
|
Add the possibility to log directly into the syslog, instead of using php's log system.
|
|
|
|
Ensure that certificates are verified in curl
should close #47
|
|
|
|
|
|
This commit does a lot of things:
- Use hashtables instead of lists to store the rules
- Rules that can be applied at launch time won't be tried at runtime
- Improve feedback when writing nonsensical rules
- Make intensive use of `zend_string` instead of `char*`
|
|
* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by
modifying php's opcode
|
|
Implement session encryption.
|
|
|
|
|
|
|
|
This should close #129
|
|
Implement whitelist in eval
|
|
Add support for eval filtering, only blacklist for now
|
|
- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h`
- Update the documentation accordingly
|
|
It's now possible to encrypt cookies matching a specific regexp.
This should close #106
|
|
This should close #102
This commit can be useful for two use-cases:
1. When deploying Snuffleupagus on big CMS like Magento, and not knowing
what cookies are modified via javascript.
2. When deploying Snuffleupagus on big websites: you don't want to disconnect
every single user at once.
When simulation is enabled, if the decryption fails, a log message is
now issued, and the cookie value taken as it (since odds are that it's
non-encrypted).
|
|
Since we now have sp_list and sp_tree, it makes sense to specify that
nodes are only for lists.
|
|
Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.
|
|
|
|
|
|
It's not possible to hook the `eval` builtin like other functions.
|
|
This is done by using the "samesite" cookie attribute.
|
|
This should close #65
|
|
References #43.
|
