From 490dc4e2a43a5f8256f0b00d5efd3c2a84487905 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 19 Apr 2022 19:01:52 +0200 Subject: extended checks for readonly_exec, enabled by default introduced config options: readonly_exec.extended_checks() or xchecks() readonly_exec.no_extended_checks() or noxchecks() --- src/sp_config_keywords.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/sp_config_keywords.c') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index f7be731..e0e5166 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -96,7 +96,7 @@ SP_PARSE_FN(parse_unserialize) { } SP_PARSE_FN(parse_readonly_exec) { - bool enable = false, disable = false; + bool enable = false, disable = false, xchecks = false, no_xchecks = false; sp_config_readonly_exec *cfg = (sp_config_readonly_exec*)retval; sp_config_keyword config_keywords[] = { @@ -105,6 +105,10 @@ SP_PARSE_FN(parse_readonly_exec) { {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, {parse_str, SP_TOKEN_DUMP, &(cfg->dump)}, + {parse_empty, "extended_checks", &(xchecks)}, + {parse_empty, "xchecks", &(xchecks)}, + {parse_empty, "no_extended_checks", &(no_xchecks)}, + {parse_empty, "noxchecks", &(no_xchecks)}, {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); @@ -112,6 +116,7 @@ SP_PARSE_FN(parse_readonly_exec) { cfg->textual_representation = sp_get_textual_representation(parsed_rule); SP_SET_ENABLE_DISABLE(enable, disable, cfg->enable); + if (xchecks) { cfg->extended_checks = true; } else if (no_xchecks) { cfg->extended_checks = false; } return SP_PARSER_STOP; } -- cgit v1.3 From e37ee22908fccfbf28314f59e52e89e50c533bb2 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 18 Jul 2022 17:08:22 +0200 Subject: added config error for ini rules with identical key --- src/sp_config_keywords.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/sp_config_keywords.c') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index e0e5166..2afefb5 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -494,6 +494,11 @@ SP_PARSE_FN(parse_ini_entry) { goto err; } + if (zend_hash_find_ptr(SPCFG(ini).entries, entry->key)) { + sp_log_err("config", "duplicate INI key '%s' on line %zu", ZSTR_VAL(entry->key), parsed_rule->lineno); + goto err; + } + if (ro && rw) { sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", parsed_rule->lineno); goto err; -- cgit v1.3 From 49e074c5914d4dd90d9c03394e5aa161c74f28ca Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 20 Jul 2022 10:45:48 +0200 Subject: fixed mem leak while parsing cookie config --- src/sp_config_keywords.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/sp_config_keywords.c') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 2afefb5..c8922ae 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -228,6 +228,8 @@ SP_PARSE_FN(parse_cookie) { ZSTR_VAL(samesite), parsed_rule->lineno); goto err; } + zend_string_release(samesite); + samesite = NULL; } SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie); -- cgit v1.3 From 72109c9bf016145364b19162a5ff998fc5858a9c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 20 Jul 2022 10:46:16 +0200 Subject: fixed cookie config parsing with same cookie name (update instead of ignore) --- src/sp_config_keywords.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'src/sp_config_keywords.c') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index c8922ae..c3ef24e 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -232,7 +232,28 @@ SP_PARSE_FN(parse_cookie) { samesite = NULL; } - SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie); + // find other cookie entry with identical name or name_r + sp_cookie *entry = NULL; + sp_list_node *pList = NULL; + for (pList = SPCFG(cookie).cookies; pList; pList = pList->next) { + entry = pList->data; + if (!entry) { continue; } + if ((entry->name && cookie->name && sp_zend_string_equals(entry->name, cookie->name)) || + (entry->name_r && cookie->name_r && sp_zend_string_equals(entry->name_r->pattern, cookie->name_r->pattern))) { + break; + } + } + if (pList && entry) { + // override cookie settings if set + if (cookie->samesite) { entry->samesite = cookie->samesite; } + if (cookie->encrypt) { entry->encrypt = cookie->encrypt; } + if (cookie->simulation) { entry->simulation = cookie->simulation; } + sp_free_cookie(cookie); + pefree(cookie, 1); + cookie = NULL; + } else { + SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie); + } return SP_PARSER_STOP; -- cgit v1.3