From 01528718850c8528ef6d2ed5296e244d4aa7b675 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 18 Feb 2021 15:49:39 +0100
Subject: log forging protection

---
 src/sp_utils.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/sp_utils.c')

diff --git a/src/sp_utils.c b/src/sp_utils.c
index a7a3d27..73c0546 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -229,6 +229,19 @@ static char* zend_string_to_char(const zend_string* zs) {
   return copy;
 }
 
+static void sp_sanitize_charstring(char* c, size_t maxlen)
+{
+  for (size_t i = 0; *c; c++, i++) {
+    if (maxlen && i > maxlen - 1) {
+      *c = 0;
+      return;
+    }
+    if (*c < 32 || *c > 126) {
+      *c = '*';
+    }
+  }
+}
+
 const zend_string* sp_zval_to_zend_string(const zval* zv) {
   switch (Z_TYPE_P(zv)) {
     case IS_LONG: {
@@ -295,6 +308,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
     char* char_repr = NULL;
     if (arg_value) {
       char_repr = zend_string_to_char(arg_value);
+      sp_sanitize_charstring(char_repr, 255);
     }
     if (alias) {
       sp_log_auto(
@@ -336,6 +350,7 @@ void sp_log_disable_ret(const char* restrict path,
   }
   if (ret_value) {
     char_repr = zend_string_to_char(ret_value);
+    sp_sanitize_charstring(char_repr, 255);
   }
   if (alias) {
     sp_log_auto(
-- 
cgit v1.3