From 08f21d8b878b6c1490e6d6bb3d44aa640a88e9ca Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 4 Jul 2020 17:56:03 +0200
Subject: Factorize how snuffleupagus gets client's ip addr

---
 src/sp_disabled_functions.c |  2 +-
 src/sp_utils.c              | 20 ++++++++++++++++----
 src/sp_utils.h              |  1 +
 3 files changed, 18 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
index 4807955..a6fc194 100644
--- a/src/sp_disabled_functions.c
+++ b/src/sp_disabled_functions.c
@@ -327,7 +327,7 @@ static void should_disable(zend_execute_data* execute_data,
     }
 
     if (config_node->cidr) {
-      char* client_ip = getenv("REMOTE_ADDR");
+      const char* client_ip = get_ipaddr();
       if (client_ip && false == cidr_match(client_ip, config_node->cidr)) {
         goto next;
       }
diff --git a/src/sp_utils.c b/src/sp_utils.c
index 40cf44e..1bd37fe 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -7,6 +7,21 @@ bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) {
          !memcmp(ZSTR_VAL(s1), ZSTR_VAL(s2), ZSTR_LEN(s1));
 }
 
+static const char* default_ipaddr = "0.0.0.0";
+const char* get_ipaddr() {
+  const char* client_ip = getenv("REMOTE_ADDR");
+  if (client_ip) {
+    return client_ip;
+  }
+
+  const char* fwd_ip = getenv("HTTP_X_FORWARDED_FOR");
+  if (fwd_ip) {
+    return fwd_ip;
+  }
+
+  return default_ipaddr;
+}
+
 void sp_log_msg(char const* feature, int type, const char* fmt, ...) {
   char* msg;
   va_list args;
@@ -15,10 +30,7 @@ void sp_log_msg(char const* feature, int type, const char* fmt, ...) {
   vspprintf(&msg, 0, fmt, args);
   va_end(args);
 
-  const char *client_ip = getenv("REMOTE_ADDR");
-  if (!client_ip) {
-    client_ip = "0.0.0.0";
-  }
+  const char* client_ip = get_ipaddr();
   switch (SNUFFLEUPAGUS_G(config).log_media) {
     case SP_SYSLOG:
       openlog(PHP_SNUFFLEUPAGUS_EXTNAME, LOG_PID, LOG_AUTH);
diff --git a/src/sp_utils.h b/src/sp_utils.h
index 200e82c..6fc59e5 100644
--- a/src/sp_utils.h
+++ b/src/sp_utils.h
@@ -44,6 +44,7 @@
 
 #define GET_SUFFIX(x) (x == 1) ? "st" : ((x == 2) ? "nd" : "th")
 
+const char* get_ipaddr();
 void sp_log_msg(char const *feature, int type, const char *fmt, ...);
 int compute_hash(const char *const filename, char *file_hash);
 const zend_string *sp_zval_to_zend_string(const zval *);
-- 
cgit v1.3