From f9da3ecb31683f77e899e57f780c04d772490558 Mon Sep 17 00:00:00 2001 From: xXx-caillou-xXx Date: Thu, 21 Dec 2017 15:38:20 +0100 Subject: Remove the now useless `validate_str` function --- src/sp_config_utils.c | 43 +++-------------------------- src/sp_tree.h | 4 +-- src/sp_var_parser.c | 45 +++++++++++++++++-------------- src/tests/broken_conf_local_var_16.phpt | 1 + src/tests/broken_conf_quotes.phpt | 3 ++- src/tests/broken_regexp.phpt | 2 +- src/tests/broken_unmatching_brackets.phpt | 3 ++- src/tests/config/broken_conf_quotes.ini | 2 +- 8 files changed, 37 insertions(+), 66 deletions(-) diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index 3c1d89d..bf558d4 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -2,32 +2,6 @@ size_t sp_line_no; -static int validate_str(const char *value) { - int balance = 0; // ghetto [] validation - - if (!strchr(value, '[')) { - return 0; - } - - for (size_t i = 0; i < strlen(value); i++) { - if (value[i] == '[') { - balance++; - } else if (value[i] == ']') { - balance--; - } - if (balance < 0) { - sp_log_err("config", "The string '%s' contains unbalanced brackets.", value); - return -1; - } - } - if (balance != 0) { - sp_log_err("config", "You forgot to close %d bracket%c in the string '%s'", - balance, (balance>1)?'s':' ', value); - return -1; - } - return 0; -} - int parse_keywords(sp_config_functions *funcs, char *line) { int value_len = 0; const char *original_line = line; @@ -58,8 +32,8 @@ int parse_keywords(sp_config_functions *funcs, char *line) { return 0; } -static char *get_string(size_t *consumed, char *restrict line, - const char *restrict keyword) { +char *get_param(size_t *consumed, char *restrict line, sp_type type, + const char *restrict keyword) { enum { IN_ESCAPE, NONE } state = NONE; char *original_line = line; size_t j = 0; @@ -122,19 +96,8 @@ err: return NULL; } -char *get_param(size_t *consumed, char *restrict line, sp_type type, - const char *restrict keyword) { - char *retval = get_string(consumed, line, keyword); - - if (retval && 0 == validate_str(retval)) { - return retval; - } - - return NULL; -} - zend_always_inline sp_list_node *parse_functions_list(char *value) { - const char *sep = ">"; + static const char *sep = ">"; if (NULL == strchr(value, sep[0])) { return NULL; diff --git a/src/sp_tree.h b/src/sp_tree.h index c831736..d29d095 100644 --- a/src/sp_tree.h +++ b/src/sp_tree.h @@ -7,10 +7,10 @@ typedef enum { OBJECT, ARRAY, ARRAY_END, - STRING_DELIMITER, + INTERPRETED_STRING, + LITERAL_STRING, CLASS, VAR, - ESC_STRING_DELIMITER, CONSTANT } elem_type; diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c index 2b4c544..3f3dcdc 100644 --- a/src/sp_var_parser.c +++ b/src/sp_var_parser.c @@ -72,7 +72,7 @@ static int create_var(sp_tree *tree, const char *restrict value, sp_log_err("config", "Can't allocate a strndup"); return -1; } - if (var_node->type != STRING_DELIMITER && !is_var_name_valid(var_node->value)) { + if (var_node->type != INTERPRETED_STRING && !is_var_name_valid(var_node->value)) { sp_log_err("config", "Invalid var name: %s.", var_node->value); return -1; } @@ -101,7 +101,7 @@ static int is_next_token_empty(sp_conf_token *token, sp_conf_token *token_next, return 0; } -static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, +static int is_token_valid(sp_list_node *tokens_list, elem_type quote, int array_count, const char * restrict str, size_t pos) { sp_conf_token *token = (sp_conf_token *)tokens_list->data; @@ -111,9 +111,9 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, token_next = (sp_conf_token *)tokens_list->next->data; } switch (token->type) { - case ESC_STRING_DELIMITER: - case STRING_DELIMITER: - if (ignore == token->type) { + case LITERAL_STRING: + case INTERPRETED_STRING: + if (quote == token->type) { if (token_next) { if (token_next->pos != token->pos + 1) { return -1; @@ -124,12 +124,12 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, } break; case ARRAY_END: - if (!ignore) { + if (!quote) { if (array_count < 1) { return -1; } else if (token_next) { - if (token_next->type == STRING_DELIMITER - || token_next->type == ESC_STRING_DELIMITER) { + if (token_next->type == INTERPRETED_STRING + || token_next->type == LITERAL_STRING) { return -1; } } else if (token->pos != strlen(str) - strlen(token->text_repr)) { @@ -138,7 +138,7 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, } break; case OBJECT: - if (!ignore && -1 == is_next_token_empty(token, token_next, str)) { + if (!quote && -1 == is_next_token_empty(token, token_next, str)) { return -1; } if (pos == 0 && *str != VARIABLE_TOKEN) { @@ -146,7 +146,7 @@ static int is_token_valid(sp_list_node *tokens_list, elem_type ignore, } break; case CLASS: - if (!ignore && -1 == is_next_token_empty(token, token_next, str)) { + if (!quote && -1 == is_next_token_empty(token, token_next, str)) { return -1; } break; @@ -160,7 +160,7 @@ static sp_tree *parse_tokens(const char * restrict str, sp_list_node *tokens_list) { size_t pos = 0; int array_count = 0, pos_idx_start = -1; - elem_type ignore = 0; + elem_type quote = 0; sp_tree *tree = sp_tree_new(); for (; tokens_list && tokens_list->data; tokens_list = tokens_list->next) { @@ -168,16 +168,16 @@ static sp_tree *parse_tokens(const char * restrict str, size_t value_len; char *idx = NULL; - if (-1 == is_token_valid(tokens_list, ignore, array_count, str, pos)) { + if (-1 == is_token_valid(tokens_list, quote, array_count, str, pos)) { sp_log_err("config", "Invalid `%s` position.", token->text_repr); goto error; } - if (token->type == STRING_DELIMITER || token->type == ESC_STRING_DELIMITER) { - pos = (!ignore && !array_count) ? pos + strlen(token->text_repr) : pos; - ignore = (!ignore) ? token->type : (ignore == token->type) ? 0 : ignore; - token->type = STRING_DELIMITER; + if (token->type == INTERPRETED_STRING || token->type == LITERAL_STRING) { + pos = (!quote && !array_count) ? pos + strlen(token->text_repr) : pos; + quote = (!quote) ? token->type : (quote == token->type) ? 0 : quote; + token->type = INTERPRETED_STRING; } - if (ignore == 0) { + if (quote == 0) { if (token->type == ARRAY) { pos_idx_start = (array_count) ? pos_idx_start : (int)(token->pos + strlen(token->text_repr)); array_count++; @@ -204,7 +204,12 @@ static sp_tree *parse_tokens(const char * restrict str, } } - if (ignore != 0 || array_count != 0) { + if (array_count != 0) { + sp_log_err("config", "You forgot to close a bracket."); + goto error; + } + if (quote != 0) { + sp_log_err("config", "Missing a closing quote."); error: sp_tree_free(tree); return NULL; @@ -223,8 +228,8 @@ sp_tree *parse_var(const char *line) { {.type=OBJECT, .text_repr=OBJECT_TOKEN}, {.type=ARRAY, .text_repr=ARRAY_TOKEN}, {.type=ARRAY_END, .text_repr=ARRAY_END_TOKEN}, - {.type=STRING_DELIMITER, .text_repr=STRING_TOKEN}, - {.type=ESC_STRING_DELIMITER, .text_repr=ESC_STRING_TOKEN}, + {.type=INTERPRETED_STRING, .text_repr=STRING_TOKEN}, + {.type=LITERAL_STRING, .text_repr=ESC_STRING_TOKEN}, {.type=CLASS, .text_repr=CLASS_TOKEN} }; diff --git a/src/tests/broken_conf_local_var_16.phpt b/src/tests/broken_conf_local_var_16.phpt index 40b66b2..84b29bf 100644 --- a/src/tests/broken_conf_local_var_16.phpt +++ b/src/tests/broken_conf_local_var_16.phpt @@ -6,4 +6,5 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_local_var_16.ini --FILE-- --EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Missing a closing quote. [snuffleupagus][0.0.0.0][config][error] Invalid value '"' for `var` on line 1. diff --git a/src/tests/broken_conf_quotes.phpt b/src/tests/broken_conf_quotes.phpt index 7f754e6..a928650 100644 --- a/src/tests/broken_conf_quotes.phpt +++ b/src/tests/broken_conf_quotes.phpt @@ -6,4 +6,5 @@ Broken configuration - missing quote sp.configuration_file={PWD}/config/broken_conf_quotes.ini --FILE-- --EXPECT-- -[snuffleupagus][0.0.0.0][config][error] You forgot to close 1 bracket in the string '_SERVER[PHP_SELF' +[snuffleupagus][0.0.0.0][config][error] You forgot to close a bracket. +[snuffleupagus][0.0.0.0][config][error] Invalid value '_SERVER[PHP_SELF' for `var` on line 1. diff --git a/src/tests/broken_regexp.phpt b/src/tests/broken_regexp.phpt index 680cf22..3f027f1 100644 --- a/src/tests/broken_regexp.phpt +++ b/src/tests/broken_regexp.phpt @@ -6,5 +6,5 @@ Broken regexp sp.configuration_file={PWD}/config/broken_regexp.ini --FILE-- --EXPECTF-- -[snuffleupagus][0.0.0.0][config][error] You forgot to close 1 bracket in the string '^$[' +[snuffleupagus][0.0.0.0][config][error] Failed to compile '^$[': missing terminating ] for character class on line 1. [snuffleupagus][0.0.0.0][config][error] '.value_r()' is expecting a valid regexp, and not '"^$["' on line 1. diff --git a/src/tests/broken_unmatching_brackets.phpt b/src/tests/broken_unmatching_brackets.phpt index 14b9414..ee2bc4d 100644 --- a/src/tests/broken_unmatching_brackets.phpt +++ b/src/tests/broken_unmatching_brackets.phpt @@ -6,4 +6,5 @@ Broken configuration - unmatching brackets sp.configuration_file={PWD}/config/config_unmatching_brackets.ini --FILE-- --EXPECTF-- -[snuffleupagus][0.0.0.0][config][error] The string 'arr[b]]]]]' contains unbalanced brackets. +[snuffleupagus][0.0.0.0][config][error] Invalid `]` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'arr[b]]]]]' for `param` on line 1. diff --git a/src/tests/config/broken_conf_quotes.ini b/src/tests/config/broken_conf_quotes.ini index 7c3b0cd..eac8739 100644 --- a/src/tests/config/broken_conf_quotes.ini +++ b/src/tests/config/broken_conf_quotes.ini @@ -1,3 +1,3 @@ -sp.disable_function.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS"); +sp.disable_function.function("system").filename("/static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS"); sp.disable_function.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop(); -- cgit v1.3