From 529a13648fd9e0c6fa9cfdff877e62ed19185b6c Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 5 Dec 2017 17:25:29 +0100 Subject: Dump environnement variables (#83) Apparently, PHP thinks that it's a great idea to type environnement variables, because why not.--- src/sp_utils.c | 38 ++++++++++++++------------ src/tests/config/config_dump_segfault1.ini | 2 +- src/tests/config/dump_request.ini | 2 +- src/tests/disabled_functions_ret_val_dump.phpt | 2 ++ src/tests/dump_request.phpt | 8 +++--- src/tests/dump_request_too_big.phpt | 4 +-- 6 files changed, 31 insertions(+), 25 deletions(-) (limited to 'src') diff --git a/src/sp_utils.c b/src/sp_utils.c index 74fbff7..62cb1a1 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -81,12 +81,12 @@ int compute_hash(const char* const filename, char* file_hash) { } static int construct_filename(char* filename, const char* folder, - const char* textual) { - time_t t = time(NULL); - struct tm* tm = localtime(&t); // FIXME use `localtime_r` instead - struct timeval tval; + const char* textual) { + PHP_SHA256_CTX context; + unsigned char digest[SHA256_SIZE] = {0}; + char strhash[65] = {0}; - if (0 > mkdir(folder, 0700) && errno != EEXIST) { + if (-1 == mkdir(folder, 0700) && errno != EEXIST) { sp_log_err("request_logging", "Unable to create the folder '%s'.", folder); return -1; @@ -95,9 +95,6 @@ static int construct_filename(char* filename, const char* folder, /* We're using the sha256 sum of the rule's textual representation * as filename, in order to only have one dump per rule, to migitate * DoS attacks. */ - PHP_SHA256_CTX context; - unsigned char digest[SHA256_SIZE] = {0}; - char strhash[65] = {0}; PHP_SHA256Init(&context); PHP_SHA256Update(&context, (const unsigned char *) textual, strlen(textual)); PHP_SHA256Final(digest, &context); @@ -116,18 +113,15 @@ int sp_log_request(const char* folder, const char* text_repr) { const char* str; const int key; } zones[] = {{"GET", TRACK_VARS_GET}, {"POST", TRACK_VARS_POST}, - {"COOKIE", TRACK_VARS_COOKIE}, /*{"SERVER", TRACK_VARS_SERVER}, */ - {"ENV", TRACK_VARS_ENV}, /*{"REQUEST", TRACK_VARS_REQUEST},*/ - {NULL, 0}}; - // Apparently, PHP has trouble always giving SERVER, - // and REQUEST is never used in its source code. + {"COOKIE", TRACK_VARS_COOKIE}, {"SERVER", TRACK_VARS_SERVER}, + {"ENV", TRACK_VARS_ENV}, {NULL, 0}}; if (0 != construct_filename(filename, folder, text_repr)) { return -1; } if (NULL == (file = fopen(filename, "w+"))) { sp_log_err("request_logging", "Unable to open %s: %s", filename, - strerror(errno)); + strerror(errno)); return -1; } @@ -145,7 +139,17 @@ int sp_log_request(const char* folder, const char* text_repr) { HashTable* ht = Z_ARRVAL(PG(http_globals)[zones[i].key]); fprintf(file, "%s:", zones[i].str); ZEND_HASH_FOREACH_STR_KEY_VAL(ht, variable_key, variable_value) { - fprintf(file, "%s=%s&", ZSTR_VAL(variable_key), Z_STRVAL_P(variable_value)); + const char* key = ZSTR_VAL(variable_key); + + if (Z_TYPE_INFO_P(variable_value) == IS_LONG) { + fprintf(file, "%s=%ld\n", key, Z_DVAL_P(variable_value)); + } else if (Z_TYPE_INFO_P(variable_value) == IS_DOUBLE) { + fprintf(file, "%s=%lf\n", key, Z_DVAL_P(variable_value)); + } else if (Z_TYPE_INFO_P(variable_value) == IS_ARRAY) { + fprintf(file, "%s=array", key); + } else { + fprintf(file, "%s=%s\n", key, Z_STRVAL_P(variable_value)); + } } ZEND_HASH_FOREACH_END(); fputs("\n", file); @@ -245,7 +249,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, } else { sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The call to the function '%s' in %s:%d has been disabled.", - path, zend_get_executed_filename(TSRMLS_C), + path, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C)); } } @@ -362,7 +366,7 @@ int hook_function(const char* original_name, HashTable* hook_table, VAR_AND_LEN(original_name), func->handler) == NULL) { sp_log_err("function_pointer_saving", - "Could not save function pointer for %s", original_name); + "Could not save function pointer for %s", original_name); return FAILURE; } else { func->handler = new_function; diff --git a/src/tests/config/config_dump_segfault1.ini b/src/tests/config/config_dump_segfault1.ini index 5db57a4..1ea139a 100644 --- a/src/tests/config/config_dump_segfault1.ini +++ b/src/tests/config/config_dump_segfault1.ini @@ -1 +1 @@ -sp.disable_function.function("strpos").ret("0").drop().alias("test").dump("/tmp/dump_results/"); +sp.disable_function.function("strpos").ret("0").drop().alias("test").dump("/tmp/dump_result/"); diff --git a/src/tests/config/dump_request.ini b/src/tests/config/dump_request.ini index e0aa4aa..7e13007 100644 --- a/src/tests/config/dump_request.ini +++ b/src/tests/config/dump_request.ini @@ -1 +1 @@ -sp.disable_function.function("system").drop().dump("/tmp/dump_results/"); +sp.disable_function.function("system").drop().dump("/tmp/dump_result/"); diff --git a/src/tests/disabled_functions_ret_val_dump.phpt b/src/tests/disabled_functions_ret_val_dump.phpt index 63c5667..c08334b 100644 --- a/src/tests/disabled_functions_ret_val_dump.phpt +++ b/src/tests/disabled_functions_ret_val_dump.phpt @@ -4,6 +4,8 @@ Disable functions ret val - dump --INI-- sp.configuration_file={PWD}/config/disabled_functions_retval_dump.ini +--ENV-- +DOCUMENT_ROOT=a --POST-- post_a=data_post_a&post_b=data_post_b --GET-- diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt index c8b31ce..9798b7f 100644 --- a/src/tests/dump_request.phpt +++ b/src/tests/dump_request.phpt @@ -6,10 +6,10 @@ if (!extension_loaded("snuffleupagus")) { print "skip"; } -foreach (glob("/tmp/dump_results/*.dump") as $dump) { +foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) { @unlink($dump); } -@rmdir("/tmp/dump_results/"); +@rmdir("/tmp/dump_result/"); ?> --POST-- post_a=data_post_a&post_b=data_post_b @@ -21,10 +21,10 @@ cookie_a=data_cookie_a&cookie_b=data_cookie_b sp.configuration_file={PWD}/config/dump_request.ini --FILE-- --POST-- post_a=data_post_a&post_b=data_post_b&post_c=c -- cgit v1.3