From c0e72a25f32e4916ac5eda8cb47888fd0a200b23 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 15 May 2022 18:07:23 +0200 Subject: Bump the changelog --- src/php_snuffleupagus.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 8dc7ccb..e40b31b 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,7 +1,7 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.8.0" +#define PHP_SNUFFLEUPAGUS_VERSION "0.9.0" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" -- cgit v1.3 From 3d206b9ae51680ae6c0f0eee3e11e667d343d3e4 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 16 May 2022 19:49:18 +0200 Subject: Bump the changelog --- debian/changelog | 7 +++++++ doc/source/changelog.rst | 11 ++++++++++- src/php_snuffleupagus.h | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/debian/changelog b/debian/changelog index 831a0f2..3282469 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +snuffleupagus (0.8.1) UNRELEASED; urgency=low + [ jvoisin ] + * Fix the version number + * Fix a test on PHP7 + + -- jvoisin Sun, 16 Apr 2022 19:45:00 +0200 + snuffleupagus (0.8.0) UNRELEASED; urgency=low [ jvoisin ] * Compatibility with PHP8.1 diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index a69ec20..794afb8 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,7 +1,16 @@ Changelog ========= -0.8.0 - `Woolly Mammoth` `__ 2022/05/15 +0.8.1 - `Batyr `__ 2022/05/16 +------------------------------------------------------------------------------------------- + +Bug fixes +^^^^^^^^^ +* Fix the version number +* Fix a test on PHP7 + + +0.8.0 - `Woolly Mammoth `__ 2022/05/15 ----------------------------------------------------------------------------------------------------- New features diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index e40b31b..8faaf3a 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,7 +1,7 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.9.0" +#define PHP_SNUFFLEUPAGUS_VERSION "0.8.1" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" -- cgit v1.3 From a1a7d2030f40ce1f880e9944417c6ccbb48a3c13 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 20 May 2022 22:00:35 +0200 Subject: Bump the changelog --- debian/changelog | 7 +++++++ doc/source/changelog.rst | 9 +++++++++ src/php_snuffleupagus.h | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) (limited to 'src/php_snuffleupagus.h') diff --git a/debian/changelog b/debian/changelog index 3282469..034a34d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +snuffleupagus (0.8.2) UNRELEASED; urgency=low + [ jvoisin ] + * Fix compilation when ZTS is used + * Fix a possible infinite loop + + -- jvoisin Sun, 20 Apr 2022 22:00:00 +0200 + snuffleupagus (0.8.1) UNRELEASED; urgency=low [ jvoisin ] * Fix the version number diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index 4bb0583..a406953 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,6 +1,15 @@ Changelog ========= +0.8.2 - `Surus `__ 2022/05/20 +------------------------------------------------------------------------------------------- + +Bug fixes +^^^^^^^^^ +* Fix compilation when ZTS is used +* Fix a possible infinite loop + + 0.8.1 - `Batyr `__ 2022/05/16 ------------------------------------------------------------------------------------------- diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 8faaf3a..97fa0e4 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,7 +1,7 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.8.1" +#define PHP_SNUFFLEUPAGUS_VERSION "0.8.2" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin & SektionEins GmbH" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" -- cgit v1.3 From a5f070cd7d982ae96ad72fb79420407574e7682a Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 27 Jun 2022 20:55:20 +0200 Subject: Dump the eval'ed code --- src/php_snuffleupagus.h | 7 +++++++ src/sp_execute.c | 2 ++ src/sp_utils.c | 9 +++++++++ src/tests/dump_request/dump_eval_blacklist.phpt | 2 ++ 4 files changed, 20 insertions(+) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 97fa0e4..a4a0ed4 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -148,6 +148,13 @@ u_long execution_depth; HashTable *disabled_functions_hook; HashTable *sp_internal_functions_hook; HashTable *sp_eval_blacklist_functions_hook; + +#if PHP_VERSION_ID >= 80000 +zend_string* eval_source_string; +#else +zval* eval_source_string; +#endif + ZEND_END_MODULE_GLOBALS(snuffleupagus) ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus) diff --git a/src/sp_execute.c b/src/sp_execute.c index b81f408..a8798e4 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -302,6 +302,8 @@ ZEND_API zend_op_array* sp_compile_string(zend_string* source_string, #else ZEND_API zend_op_array* sp_compile_string(zval* source_string, char* filename) { #endif + // TODO(jvoisin) handle recursive calls to `eval` + SPG(eval_source_string) = source_string; zend_op_array* opline = orig_zend_compile_string(source_string, filename); sp_sloppy_modify_opcode(opline); return opline; diff --git a/src/sp_utils.c b/src/sp_utils.c index df2f0d6..d7200b1 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -177,6 +177,15 @@ int sp_log_request(const zend_string* restrict folder, const zend_string* restri ZEND_HASH_FOREACH_END(); fputs("\n", file); } + + if (UNEXPECTED(0 != SPG(in_eval))) { +#if PHP_VERSION_ID >= 80000 + fprintf(file, "EVAL_CODE: %s\n", ZSTR_VAL(SPG(eval_source_string))); +#else + fprintf(file, "EVAL_CODE: %s\n", ZSTR_VAL(zval_get_string(SPG(eval_source_string)))); +#endif + } + fclose(file); return 0; diff --git a/src/tests/dump_request/dump_eval_blacklist.phpt b/src/tests/dump_request/dump_eval_blacklist.phpt index c9f48e4..a8c1618 100644 --- a/src/tests/dump_request/dump_eval_blacklist.phpt +++ b/src/tests/dump_request/dump_eval_blacklist.phpt @@ -38,6 +38,8 @@ if ($res[3] != "GET:get_a='data_get_a' get_b='data_get_b' \n") { echo "Invalid POST"; } elseif ($res[5] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") { echo "Invalid COOKIE"; +} elseif ($res[6] != "EVAL_CODE: \$a = strtoupper(\"1234\");\n") { + echo "Invalid EVAL_CODE"; } ?> --EXPECTF-- -- cgit v1.3 From 83014d7df165f8b8a9bf6dd4fde93fd1d42e4b7e Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 12 Jul 2022 21:24:44 +0200 Subject: Minor refactorisation --- src/php_snuffleupagus.h | 11 +++++++++-- src/snuffleupagus.c | 8 -------- 2 files changed, 9 insertions(+), 10 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index a4a0ed4..95caa65 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -11,6 +11,12 @@ #include "config.h" #endif +#ifdef PHP_WIN32 +#include "win32/glob.h" +#else +#include +#endif + #include #include #include @@ -41,6 +47,7 @@ #include "zend_extensions.h" #include "zend_hash.h" #include "zend_string.h" +#include "zend_smart_str.h" #include "zend_types.h" #include "zend_vm.h" @@ -150,9 +157,9 @@ HashTable *sp_internal_functions_hook; HashTable *sp_eval_blacklist_functions_hook; #if PHP_VERSION_ID >= 80000 -zend_string* eval_source_string; +const zend_string* eval_source_string; #else -zval* eval_source_string; +const zval* eval_source_string; #endif ZEND_END_MODULE_GLOBALS(snuffleupagus) diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 06b93e1..4c9e904 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -1,11 +1,3 @@ -#ifdef PHP_WIN32 -#include "win32/glob.h" -#else -#include -#endif - -#include "zend_smart_str.h" - #include "php_snuffleupagus.h" #ifndef ZEND_EXT_API -- cgit v1.3 From 8d6496efcab420267a228c35f9f627fec209d031 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 12 Jul 2022 23:03:46 +0200 Subject: Refactoring of the previous commit --- src/php_snuffleupagus.h | 1 + src/sp_execute.c | 20 +++++++------------- .../deny_writable_execution_simulation.phpt | 4 ++-- 3 files changed, 10 insertions(+), 15 deletions(-) (limited to 'src/php_snuffleupagus.h') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 95caa65..3eeb9db 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -38,6 +38,7 @@ #include "ext/standard/head.h" #include "ext/standard/info.h" #include "ext/standard/url.h" +#include "ext/standard/php_string.h" #include "ext/standard/php_var.h" #include "ext/session/php_session.h" #include "php.h" diff --git a/src/sp_execute.c b/src/sp_execute.c index 56d25c5..65a32db 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -1,5 +1,4 @@ #include "php_snuffleupagus.h" -#include "ext/standard/php_string.h" static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL; static void (*orig_zend_execute_internal)(zend_execute_data *execute_data, @@ -11,11 +10,10 @@ static zend_result (*orig_zend_stream_open)(zend_file_handle *handle) = NULL; #endif // FIXME handle symlink -ZEND_COLD static inline void terminate_if_writable(const char *filename) { - const sp_config_readonly_exec *config_ro_exec = &(SPCFG(readonly_exec)); - char *errmsg = "unknown access problem"; +ZEND_COLD static inline void terminate_if_writable(char const* const filename) { + sp_config_readonly_exec const* const config_ro_exec = &(SPCFG(readonly_exec)); + char const *errmsg = "unknown access problem"; - // check write access if (0 == access(filename, W_OK)) { errmsg = "Attempted execution of a writable file"; goto violation; @@ -29,21 +27,19 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) { return; } - // check effective uid struct stat buf; if (0 != stat(filename, &buf)) { goto err; } if (buf.st_uid == geteuid()) { - errmsg = "Attempted execution of file owned by process"; + errmsg = "Attempted execution of a file owned by the PHP process"; goto violation; } - // check write access on directory - char *dirname = estrndup(filename, strlen(filename)); + char *const dirname = estrndup(filename, strlen(filename)); php_dirname(dirname, strlen(dirname)); if (0 == access(dirname, W_OK)) { - errmsg = "Attempted execution of file in writable directory"; + errmsg = "Attempted execution of a file in a writable directory"; efree(dirname); goto violation; } @@ -52,18 +48,16 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) { goto err; } - // check effecite uid of directory if (0 != stat(dirname, &buf)) { efree(dirname); goto err; } efree(dirname); if (buf.st_uid == geteuid()) { - errmsg = "Attempted execution of file in directory owned by process"; + errmsg = "Attempted execution of a file in directory owned by the PHP process"; goto violation; } - // we would actually need to check all parent directories as well, but that task is left for other tools return; violation: diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt index abc276f..d4e4801 100644 --- a/src/tests/deny_writable/deny_writable_execution_simulation.phpt +++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt @@ -48,7 +48,7 @@ Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line 1 Code execution within a writable file. -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of file owned by process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line 13 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line 13 -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of file owned by process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line 1 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line 1 Code execution within a non-writable file. -- cgit v1.3