summaryrefslogtreecommitdiff
path: root/src/sp_disabled_functions.c (unfollow)
AgeCommit message (Collapse)Author
2025-08-17Fix a NULL-ptr derefjvoisin
``` Program terminated with signal SIGSEGV, Segmentation fault. 20 if (!(func->common.function_name)) { (gdb) info locals func = 0x0 function_name = 0xffb25f6d0190 "SearchByCallback" complete_path_function = 0xffb26c8a0570 "\240\005\212l\262\377" ``` It seems that in some callback shenanigans, there is currently no non-NULL `func` member in execute_data. PHP truly is marvelous. This should close #515
2022-05-15Fix a possible null-pointer dereferencejvoisin
2022-05-03Two more constjvoisin
2022-03-20fixed trigger logic to parameter matchingBen Fuhrmannek
2022-02-05introduced sp_regexp / store original regexBen Fuhrmannek
2022-01-07fixed invalid return valueBen Fuhrmannek
2022-01-06prevent double checks and fixed segfault on return value accessBen Fuhrmannek
2021-12-14fix: include class name in eval whitelist matchingBen Fuhrmannek
2021-12-14code cleanup + removed line breaks for easier IDE integrationBen Fuhrmannek
2021-12-14get class name from execution_dataBen Fuhrmannek
2021-11-30PHP 8.1 compatibility with streams/includes + fix for ticksBen Fuhrmannek
2021-09-23config is stack allocated now + some code improvements (see details)Ben Fuhrmannek
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-08-16config supports variables nowBen Fuhrmannek
2021-08-16fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵Ben Fuhrmannek
fixed related unittests
2021-02-18rewrote parameter matching logic. breaks compatibility with previous versions.Ben Fuhrmannek
2021-01-30Improve a bit type diversityjvoisin
2021-01-01Constify a functionjvoisin
2020-11-29Fix zend_write booking typejvoisin
The signature was changed in PHP8: https://github.com/php/php-src/commit/e15409b43cacf711608189c299191f2969ea331c
2020-11-29Make the `>` operator skip over functionsjvoisin
2020-08-12Allow empty configuration (#342)jvoisin
This commit allows php to run (with a warning) if there is no specified snuffleupagus configuration, instead of refusing to start.
2020-07-22refactoring sp_log_* (#340)Giovanni
Co-authored-by: Giovanni Dante Grazioli <giovanni.dantegrazioli@nbs-system.com>
2020-07-12One more constjvoisin
2020-07-04Run clang-format on the codebasejvoisin
2020-07-04Factorize how snuffleupagus gets client's ip addrjvoisin
2020-06-15fixed trigger logic to parameter matchingBen Fuhrmannek
2020-03-04%s/nbs-system/jvoisinjvoisin
Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork.
2020-02-19Improve a bit php8 compatibilityjvoisin
PHP changed the way it exposes if a function has variadic arguments or not, hence why we need yet an other ifdef.
2019-06-20Fix snufflepagus_globals linking issues and one mac compatibility issuebef
2019-06-19fix snufflepagus_globals linking issues and one mac compatibility issueBen Fuhrmannek
2019-05-14Fix the cookie's handling for PHP7.3+jvoisin
PHP 7.3+ added a new prototype for the cookie setting mechanism, breaking our ghetto samesite-injection, this commit takes care of it.
2019-02-23Try to unify the includesjvoisin
2019-02-23Add php8 to travis and fix php7.4jvoisin
- Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup
2018-12-26Document that it's not possible to hook builtins via regexpjvoisin
Also bump a bit the coverage
2018-11-18Minor code clarificationjvoisin
2018-10-09Bump againjvoisin
2018-10-09Don't check the return values of functions that might not return (#255)jvoisin
This is due to our modifications to the logging system
2018-10-06Bump coverage againjvoisin
2018-10-06Bump a bit the coveragejvoisin
* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-10-06Remove sp_terminate and bump a bit the coveragejvoisin
2018-09-03Fix #241 segfault on 32-bit related to bad protype (#242)Remi Collet
This should close #241
2018-08-30Minor code cleanupxXx-caillou-xXx
2018-08-30Match on ret improvementsxXx-caillou-xXx
This commit does two things: - Implement matching on calltraces for ret - Implement matching on ret of user functions if the return value is not used.
2018-08-28Fix some compilation warningsxXx-caillou-xXx
2018-08-28Use php's logging functionsxXx-caillou-xXx
This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-20Fix two minor issuesxXx-caillou-xXx
- Fix an infinite loop on `echo` hook - Use the correct function to compare filenames internally
2018-07-13Yet an other pass of clang-formatjvoisin
2018-07-13Reduce call to get_complete_function_pathxXx-caillou-xXx
2018-07-13Fix hooking on `print`xXx-caillou-xXx
2018-07-13Allow rules matching on echo and printxXx-caillou-xXx
2018-07-13Massively optimize how rules are handledxXx-caillou-xXx
This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`