From 8f94a1179e9cf9d96f18ec6c851dddbecd54ea6f Mon Sep 17 00:00:00 2001 From: Thibault "bui" Koechlin Date: Wed, 18 Oct 2017 13:17:46 +0200 Subject: .drop() is not a `nop` anymore `.drop()` is now baillout out, instead of nop'ing the call. This closes #13--- src/sp_disabled_functions.c | 4 ++-- src/sp_harden_rand.c | 6 ++++-- src/sp_unserialize.c | 1 + src/tests/disabled_functions.phpt | 8 ++------ src/tests/disabled_functions_cidr.phpt | 2 -- src/tests/disabled_functions_cidr_6.phpt | 1 - src/tests/disabled_functions_namespace.phpt | 3 --- src/tests/disabled_functions_nul_byte.phpt | 1 - src/tests/disabled_functions_param.phpt | 6 ------ src/tests/disabled_functions_param_alias.phpt | 1 - src/tests/disabled_functions_param_r.phpt | 1 - src/tests/disabled_functions_upper.phpt | 5 ----- src/tests/disabled_functions_zero_cidr.phpt | 1 - src/tests/dump_request_invalid_folder.phpt | 1 - 14 files changed, 9 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 0f5f859..c8c723a 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -358,7 +358,7 @@ ZEND_FUNCTION(check_disabled_function) { const char* current_function_name = get_active_function_name(TSRMLS_C); if (true == should_disable(execute_data)) { - return; + sp_terminate(); } if ((orig_handler = zend_hash_str_find_ptr( @@ -366,7 +366,7 @@ ZEND_FUNCTION(check_disabled_function) { strlen(current_function_name)))) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); if (true == should_drop_on_ret(return_value, execute_data)) { - zend_bailout(); + sp_terminate(); } } else { sp_log_err( diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c index 130f748..2155e7e 100644 --- a/src/sp_harden_rand.c +++ b/src/sp_harden_rand.c @@ -51,8 +51,9 @@ PHP_FUNCTION(sp_rand) { /* call the original `rand` function, * since we might no be the only ones to hook it*/ orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); + } else { + sp_log_err("harden_rand", "Unable to find the pointer to the original function 'rand' in the hashtable.\n"); } - random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU); } @@ -64,8 +65,9 @@ PHP_FUNCTION(sp_mt_rand) { /* call the original `mt_rand` function, * since we might no be the only ones to hook it*/ orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); + } else { + sp_log_err("harden_rand", "Unable to find the pointer to the original function 'mt_rand' in the hashtable.\n"); } - random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU); } diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index b3dfad7..64e34a5 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -13,6 +13,7 @@ PHP_FUNCTION(sp_serialize) { sp_log_err("disabled_functions", "Unable to find the pointer to the original function 'serialize' in " "the hashtable.\n"); + return; } /* Compute the HMAC of the textual representation of the serialized data*/ diff --git a/src/tests/disabled_functions.phpt b/src/tests/disabled_functions.phpt index 1c66ede..de2e4d6 100644 --- a/src/tests/disabled_functions.phpt +++ b/src/tests/disabled_functions.phpt @@ -13,9 +13,5 @@ var_dump("this is a super test"); echo strpos("pouet", "o"); ?> --EXPECTF-- -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions.php:%d has been disabled. -[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'printf' in %a/tests/disabled_functions.php:%d has been disabled. -printf in simulation mode -print in disabled mode -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'var_dump' in %a/tests/disabled_functions.php:%d has been disabled. -1 +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions.php:2 has been disabled. + diff --git a/src/tests/disabled_functions_cidr.phpt b/src/tests/disabled_functions_cidr.phpt index 5b13107..ed59fb7 100644 --- a/src/tests/disabled_functions_cidr.phpt +++ b/src/tests/disabled_functions_cidr.phpt @@ -11,8 +11,6 @@ sp.configuration_file={PWD}/config/disabled_functions_cidr.ini --FILE-- --EXPECTF-- [snuffleupagus][127.0.0.1][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_cidr.php:2 has been disabled. -1337 diff --git a/src/tests/disabled_functions_cidr_6.phpt b/src/tests/disabled_functions_cidr_6.phpt index f2c5f5a..9e5e567 100644 --- a/src/tests/disabled_functions_cidr_6.phpt +++ b/src/tests/disabled_functions_cidr_6.phpt @@ -15,4 +15,3 @@ printf(1337); ?> --EXPECTF-- [snuffleupagus][2001:0db8:0000:0000:0000:ff00:0042:8328][disabled_function][drop] The call to the function 'strpos' in %a/tests/disabled_functions_cidr_6.php:2 has been disabled. -1337 diff --git a/src/tests/disabled_functions_namespace.phpt b/src/tests/disabled_functions_namespace.phpt index 8934337..24f3b4c 100644 --- a/src/tests/disabled_functions_namespace.phpt +++ b/src/tests/disabled_functions_namespace.phpt @@ -28,6 +28,3 @@ my_function(); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strcmp' in %a/disabled_functions_namespace.php:%d has been disabled. -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'my_super_namespace\my_function' in %a/disabled_functions_namespace.php:%d has been disabled. -Second namespace -Anonymous namespace diff --git a/src/tests/disabled_functions_nul_byte.phpt b/src/tests/disabled_functions_nul_byte.phpt index 95e87de..b4974a9 100644 --- a/src/tests/disabled_functions_nul_byte.phpt +++ b/src/tests/disabled_functions_nul_byte.phpt @@ -12,4 +12,3 @@ system("id"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_nul_byte.php:2 has been disabled, because its argument 'command' content (0id) matched a rule. -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_nul_byte.php:3 has been disabled, because its argument 'command' content (id) matched a rule. \ No newline at end of file diff --git a/src/tests/disabled_functions_param.phpt b/src/tests/disabled_functions_param.phpt index 61521cd..d9f8767 100644 --- a/src/tests/disabled_functions_param.phpt +++ b/src/tests/disabled_functions_param.phpt @@ -16,9 +16,3 @@ strncmp("bla", "ble", 2); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/disabled_functions_param.php:2 has been disabled, because its argument 'command' content (id) matched the rule '1'. -win -int(15) -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'shell_exec' in %a/disabled_functions_param.php:5 has been disabled, because its argument 'cmd' content (id) matched the rule '3'. -42 -[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'strcmp' in %a/tests/disabled_functions_param.php:7 has been disabled, because its argument 'str1' content (bla) matched the rule '5'. -[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'strncmp' in %a/tests/disabled_functions_param.php:8 has been disabled, because its argument 'str1' content (bla) matched a rule. diff --git a/src/tests/disabled_functions_param_alias.phpt b/src/tests/disabled_functions_param_alias.phpt index b549d70..e5f9686 100644 --- a/src/tests/disabled_functions_param_alias.phpt +++ b/src/tests/disabled_functions_param_alias.phpt @@ -11,4 +11,3 @@ shell_exec("id"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_param_alias.php:2 has been disabled, because of the the rule '1'. -[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'shell_exec' in %a/tests/disabled_functions_param_alias.php:3 has been disabled, because of the the rule '2'. diff --git a/src/tests/disabled_functions_param_r.phpt b/src/tests/disabled_functions_param_r.phpt index 3708881..fbbbf8f 100644 --- a/src/tests/disabled_functions_param_r.phpt +++ b/src/tests/disabled_functions_param_r.phpt @@ -11,4 +11,3 @@ system("echo win"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_param_r.php:2 has been disabled, because its argument 'command' content (id) matched a rule. -win diff --git a/src/tests/disabled_functions_upper.phpt b/src/tests/disabled_functions_upper.phpt index 08c26c0..5aa5a8a 100644 --- a/src/tests/disabled_functions_upper.phpt +++ b/src/tests/disabled_functions_upper.phpt @@ -14,8 +14,3 @@ echo sTRPOs("pouet", "o"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_upper.php:%d has been disabled. -[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'printf' in %a/tests/disabled_functions_upper.php:%d has been disabled. -printf in simulation mode -print in disabled mode -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'var_dump' in %a/tests/disabled_functions_upper.php:%d has been disabled. -1 diff --git a/src/tests/disabled_functions_zero_cidr.phpt b/src/tests/disabled_functions_zero_cidr.phpt index 35d187a..326d405 100644 --- a/src/tests/disabled_functions_zero_cidr.phpt +++ b/src/tests/disabled_functions_zero_cidr.phpt @@ -15,4 +15,3 @@ printf("1337"); ?> --EXPECTF-- [snuffleupagus][127.0.0.1][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_zero_cidr.php:2 has been disabled. -1337 diff --git a/src/tests/dump_request_invalid_folder.phpt b/src/tests/dump_request_invalid_folder.phpt index e7ed45d..f8e3b43 100644 --- a/src/tests/dump_request_invalid_folder.phpt +++ b/src/tests/dump_request_invalid_folder.phpt @@ -23,4 +23,3 @@ echo "2\n"; [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %atests/dump_request_invalid_folder.php:3 has been disabled. [snuffleupagus][0.0.0.0][request_logging][error] Unable to create the folder '/root/NON_EXISTENT/FOLDER/PLEASE/'. [snuffleupagus][0.0.0.0][request_logging][error] Unable to open /root/NON_EXISTENT/FOLDER/PLEASE/sp_dump_%a_0.0.0.0.dump -2 \ No newline at end of file -- cgit v1.3