From 3ab467100883adedab71a28e1699799e45ab0b2d Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Wed, 19 Jun 2019 11:04:17 +0200
Subject: fix snufflepagus_globals linking issues and one mac compatibility
 issue

---
 src/sp_disable_xxe.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'src/sp_disable_xxe.c')

diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
index df00dbd..53148c8 100644
--- a/src/sp_disable_xxe.c
+++ b/src/sp_disable_xxe.c
@@ -1,7 +1,5 @@
 #include "php_snuffleupagus.h"
 
-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
-
 PHP_FUNCTION(sp_libxml_disable_entity_loader) { RETURN_TRUE; }
 
 int hook_libxml_disable_entity_loader() {
-- 
cgit v1.3


From 8e95c5d30f197716ba132e3f2494c5e220f3e5cd Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 21 Oct 2021 18:55:48 +0200
Subject: added some array initialization, just in case.

---
 src/sp_disable_xxe.c | 2 +-
 src/sp_pcre_compat.c | 2 +-
 src/sp_sloppy.c      | 2 +-
 src/sp_unserialize.c | 4 ++--
 src/sp_utils.c       | 4 ++--
 5 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'src/sp_disable_xxe.c')

diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
index f9712b5..7db2451 100644
--- a/src/sp_disable_xxe.c
+++ b/src/sp_disable_xxe.c
@@ -18,7 +18,7 @@ int hook_libxml_disable_entity_loader() {
 
   zval func_name;
   zval retval;
-  zval params[1];
+  zval params[1] = {0};
 
 #if PHP_VERSION_ID < 80000
   // This function is deprecated in PHP8, but better safe than sorry for php7.
diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
index 657e650..e994123 100644
--- a/src/sp_pcre_compat.c
+++ b/src/sp_pcre_compat.c
@@ -45,7 +45,7 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str,
   ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL);
   pcre2_match_data_free(match_data);
 #else
-  int vec[30];
+  int vec[30] = {0};
   ret = pcre_exec(regexp, NULL, str, len, 0, 0, vec, sizeof(vec) / sizeof(int));
 #endif
 
diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c
index 8afddc9..fca4be5 100644
--- a/src/sp_sloppy.c
+++ b/src/sp_sloppy.c
@@ -48,7 +48,7 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name,
                           const char* spec) {
   zif_handler handler;
   zval func_name;
-  zval params[3];
+  zval params[3] = {0};
   zval *value, *array = NULL;
   zend_bool strict = 0;
   uint32_t nb_params = ZEND_NUM_ARGS();
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
index 1c9f731..5ede015 100644
--- a/src/sp_unserialize.c
+++ b/src/sp_unserialize.c
@@ -12,7 +12,7 @@ PHP_FUNCTION(sp_serialize) {
   /* Compute the HMAC of the textual representation of the serialized data*/
   zval func_name;
   zval hmac;
-  zval params[3];
+  zval params[3] = {0};
 
   ZVAL_STRING(&func_name, "hash_hmac");
   ZVAL_STRING(&params[0], "sha256");
@@ -65,7 +65,7 @@ PHP_FUNCTION(sp_unserialize) {
   zval func_name;
   ZVAL_STRING(&func_name, "hash_hmac");
 
-  zval params[3];
+  zval params[3] = {0};
   ZVAL_STRING(&params[0], "sha256");
   ZVAL_STRING(&params[1], serialized_str);
   ZVAL_STRING(
diff --git a/src/sp_utils.c b/src/sp_utils.c
index ff85494..2f0f565 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -72,8 +72,8 @@ void sp_log_msgf(char const* restrict feature, int level, int type,
 
 int compute_hash(const char* const restrict filename,
                  char* restrict file_hash) {
-  unsigned char buf[1024];
-  unsigned char digest[SHA256_SIZE];
+  unsigned char buf[1024] = {0};
+  unsigned char digest[SHA256_SIZE] = {0};
   PHP_SHA256_CTX context;
   size_t n;
 
-- 
cgit v1.3


From 0be11fcc6e73f7e35bf2f3b884676413f5522cf1 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 11 Nov 2021 13:32:07 +0100
Subject: more tests for xxe + optional xml support

---
 src/sp_disable_xxe.c                             |  7 +++
 src/tests/xxe/disable_xxe_dom_disabled_php8.phpt | 57 +++++++++++++++++++++++
 src/tests/xxe/disable_xxe_dom_php8.phpt          | 59 ++++++++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 src/tests/xxe/disable_xxe_dom_disabled_php8.phpt
 create mode 100644 src/tests/xxe/disable_xxe_dom_php8.phpt

(limited to 'src/sp_disable_xxe.c')

diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
index 7db2451..b6030c6 100644
--- a/src/sp_disable_xxe.c
+++ b/src/sp_disable_xxe.c
@@ -1,5 +1,7 @@
 #include "php_snuffleupagus.h"
 
+#ifdef HAVE_XML
+
 PHP_FUNCTION(sp_libxml_disable_entity_loader) {
   sp_log_warn("xxe",
               "A call to libxml_disable_entity_loader was tried and nopped");
@@ -39,3 +41,8 @@ int hook_libxml_disable_entity_loader() {
 
   return SUCCESS;
 }
+#else
+int hook_libxml_disable_entity_loader() {
+  sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP.");
+}
+#endif
\ No newline at end of file
diff --git a/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt
new file mode 100644
index 0000000..01e3349
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt
@@ -0,0 +1,57 @@
+--TEST--
+Disable XXE (feature disabled)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?>
+<?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
+--EXTENSIONS--
+dom
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = '<content>WARNING, external entity loaded!</content>';
+file_put_contents($dir . '/content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents($dir . '/content.xml', $xml);
+
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("default setting with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD);
+printf("default setting without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+libxml_set_external_entity_loader(null);
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("disabled entity loader with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD);
+printf("disabled entity loader without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+?>
+--EXPECTF-- 
+default setting with LIBXML_NOENT: WARNING, external entity loaded!
+default setting without LIBXML_NOENT: 
+disabled entity loader with LIBXML_NOENT: WARNING, external entity loaded!
+disabled entity loader without LIBXML_NOENT:
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_dom_php8.phpt b/src/tests/xxe/disable_xxe_dom_php8.phpt
new file mode 100644
index 0000000..485828f
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_dom_php8.phpt
@@ -0,0 +1,59 @@
+--TEST--
+Disable XXE (feature enabled)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?>
+<?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--EXTENSIONS--
+dom
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = '<content>WARNING, external entity loaded!</content>';
+file_put_contents($dir . '/content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents($dir . '/content.xml', $xml);
+
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("default setting with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD);
+printf("default setting without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+libxml_set_external_entity_loader(null);
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("disabled entity loader with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD);
+printf("disabled entity loader without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+?>
+--EXPECTF-- 
+default setting with LIBXML_NOENT: WARNING, external entity loaded!
+default setting without LIBXML_NOENT: 
+
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_set_external_entity_loader was tried and nopped in %a.php on line 26
+disabled entity loader with LIBXML_NOENT: WARNING, external entity loaded!
+disabled entity loader without LIBXML_NOENT:
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
-- 
cgit v1.3


From 2ed170be25a3a0dfe74c6520baf40ada89797ff7 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Tue, 11 Jan 2022 19:46:47 +0100
Subject: made xml a runtime requirement instead of compile time

---
 src/sp_disable_xxe.c | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

(limited to 'src/sp_disable_xxe.c')

diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
index b6030c6..44e60ab 100644
--- a/src/sp_disable_xxe.c
+++ b/src/sp_disable_xxe.c
@@ -1,23 +1,22 @@
 #include "php_snuffleupagus.h"
 
-#ifdef HAVE_XML
-
 PHP_FUNCTION(sp_libxml_disable_entity_loader) {
-  sp_log_warn("xxe",
-              "A call to libxml_disable_entity_loader was tried and nopped");
+  sp_log_warn("xxe", "A call to libxml_disable_entity_loader was tried and nopped");
   RETURN_TRUE;
 }
 
 PHP_FUNCTION(sp_libxml_set_external_entity_loader) {
-  sp_log_warn(
-      "xxe",
-      "A call to libxml_set_external_entity_loader was tried and nopped");
+  sp_log_warn("xxe", "A call to libxml_set_external_entity_loader was tried and nopped");
   RETURN_TRUE;
 }
 
 int hook_libxml_disable_entity_loader() {
   TSRMLS_FETCH();
 
+  if (!zend_hash_str_find_ptr(&module_registry, ZEND_STRL("xml"))) {
+    sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP.");
+  }
+
   zval func_name;
   zval retval;
   zval params[1] = {0};
@@ -34,15 +33,8 @@ int hook_libxml_disable_entity_loader() {
   ZVAL_NULL(&params[0]);
   call_user_function(CG(function_table), NULL, &func_name, &retval, 1, params);
 
-  HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook,
-                PHP_FN(sp_libxml_disable_entity_loader));
-  HOOK_FUNCTION("libxml_set_external_entity_loader", sp_internal_functions_hook,
-                PHP_FN(sp_libxml_set_external_entity_loader));
+  HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook, PHP_FN(sp_libxml_disable_entity_loader));
+  HOOK_FUNCTION("libxml_set_external_entity_loader", sp_internal_functions_hook, PHP_FN(sp_libxml_set_external_entity_loader));
 
   return SUCCESS;
 }
-#else
-int hook_libxml_disable_entity_loader() {
-  sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP.");
-}
-#endif
\ No newline at end of file
-- 
cgit v1.3