From aa550b9abadc109a2c89a7cd6dd047ac2a953027 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 6 Oct 2018 16:15:00 +0000 Subject: Bump a bit the coverage * `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable--- src/sp_config_keywords.c | 20 ++---- src/sp_cookie_encryption.c | 22 +++--- src/sp_crypt.c | 17 ++--- src/sp_disabled_functions.c | 37 +++++----- src/sp_disabled_functions.h | 5 +- src/sp_execute.c | 83 ++++++++++++---------- src/sp_pcre_compat.c | 4 +- src/sp_session.c | 9 +-- src/sp_sloppy.c | 5 +- src/sp_unserialize.c | 21 +++--- src/sp_upload_validation.c | 32 ++++----- src/sp_utils.c | 28 ++++---- src/sp_utils.h | 2 +- src/sp_var_parser.c | 4 +- src/sp_wrapper.c | 15 ++-- ...f_cookie_encryption_without_encryption_key.phpt | 14 ++++ ...ken_conf_cookie_encryption_without_env_var.phpt | 14 ++++ src/tests/broken_conf_mutually_exclusive11.phpt | 14 ++++ src/tests/broken_conf_mutually_exclusive12.phpt | 14 ++++ src/tests/broken_conf_wrapper_whitelist.phpt | 18 +++++ ...nf_cookie_encryption_without_encryption_key.ini | 2 + ...oken_conf_cookie_encryption_without_env_var.ini | 2 + .../config/broken_conf_mutually_exclusive11.ini | 1 + .../config/broken_conf_mutually_exclusive12.ini | 1 + src/tests/config/broken_conf_wrapper_whitelist.ini | 1 + src/tests/crypt_session_invalid.phpt | 2 +- src/tests/encrypt_cookies4.phpt | 7 +- src/tests/encrypt_cookies_empty_env.phpt | 3 +- src/tests/encrypt_cookies_invalid_decryption.phpt | 15 ++-- .../encrypt_regexp_cookies_invalid_decryption.phpt | 6 +- 30 files changed, 261 insertions(+), 157 deletions(-) create mode 100644 src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt create mode 100644 src/tests/broken_conf_cookie_encryption_without_env_var.phpt create mode 100644 src/tests/broken_conf_mutually_exclusive11.phpt create mode 100644 src/tests/broken_conf_mutually_exclusive12.phpt create mode 100644 src/tests/broken_conf_wrapper_whitelist.phpt create mode 100644 src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini create mode 100644 src/tests/config/broken_conf_cookie_encryption_without_env_var.ini create mode 100644 src/tests/config/broken_conf_mutually_exclusive11.ini create mode 100644 src/tests/config/broken_conf_mutually_exclusive12.ini create mode 100644 src/tests/config/broken_conf_wrapper_whitelist.ini (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 6bb7130..04a3f41 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -52,12 +52,11 @@ int parse_session(char *line) { return -1; } else if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) { - sp_log_err( - "config", - "You're trying to use the session cookie encryption feature " - "on line %zu without having set the `.encryption_key` option in" - "`sp.global`: please set it first", - sp_line_no); + sp_log_err("config", + "You're trying to use the session cookie encryption feature " + "on line %zu without having set the `.secret_key` option in" + "`sp.global`: please set it first", + sp_line_no); pefree(session, 0); return -1; } @@ -166,7 +165,6 @@ int parse_global(char *line) { } static int parse_eval_filter_conf(char *line, sp_list_node **list) { - zend_string *rest = NULL; sp_config_eval *eval = SNUFFLEUPAGUS_G(config).config_eval; sp_config_functions sp_config_funcs[] = { @@ -183,9 +181,6 @@ static int parse_eval_filter_conf(char *line, sp_list_node **list) { return ret; } - if (rest != NULL) { - pefree(rest, 1); - } return SUCCESS; } @@ -286,8 +281,7 @@ int parse_cookie(char *line) { return -1; } } - SNUFFLEUPAGUS_G(config) - .config_cookie->cookies = + SNUFFLEUPAGUS_G(config).config_cookie->cookies = sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, cookie); return SUCCESS; } @@ -350,7 +344,7 @@ int parse_disabled_functions(char *line) { if (X && Y) { \ sp_log_err("config", \ "Invalid configuration line: 'sp.disabled_functions%s': " \ - "'.%s' and '.%s' are mutually exclusive on line %zu", \ + "'.%s' and '.%s' are mutually exclusive on line %zu", \ line, STR1, STR2, sp_line_no); \ return 1; \ } diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 31dde95..4e5242d 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -43,11 +43,12 @@ static zend_string *encrypt_data(zend_string *data) { } PHP_FUNCTION(sp_setcookie) { - zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, *value_enc = NULL, + zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL, + *value_enc = NULL, #if PHP_VERSION_ID < 70300 - *path_samesite = NULL; + *path_samesite = NULL; #else - *samesite = NULL; + *samesite = NULL; #endif zend_long expires = 0; @@ -95,7 +96,6 @@ PHP_FUNCTION(sp_setcookie) { value_enc = encrypt_data(value); } - if (cookie_node && cookie_node->samesite) { if (!path) { path = zend_string_init("", 0, 0); @@ -112,19 +112,20 @@ PHP_FUNCTION(sp_setcookie) { memcpy(ZSTR_VAL(path_samesite) + ZSTR_LEN(path), cookie_samesite, strlen(cookie_samesite) + 1); #else - cookie_samesite = (cookie_node->samesite == lax) - ? SP_TOKEN_SAMESITE_LAX - : SP_TOKEN_SAMESITE_STRICT; + cookie_samesite = (cookie_node->samesite == lax) ? SP_TOKEN_SAMESITE_LAX + : SP_TOKEN_SAMESITE_STRICT; samesite = zend_string_init(cookie_samesite, strlen(cookie_samesite), 0); #endif } - #if PHP_VERSION_ID < 70300 - if (php_setcookie(name, (value_enc ? value_enc : value), expires, (path_samesite ? path_samesite : path), domain, secure, 1, httponly)) { + if (php_setcookie(name, (value_enc ? value_enc : value), expires, + (path_samesite ? path_samesite : path), domain, secure, 1, + httponly) == SUCCESS) { #else - if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, domain, secure, httponly, samesite, 1)) { + if (php_setcookie(name, (value_enc ? value_enc : value), expires, path, + domain, secure, httponly, samesite, 1) == SUCCESS) { #endif RETVAL_TRUE; } else { @@ -139,7 +140,6 @@ PHP_FUNCTION(sp_setcookie) { zend_string_release(path_samesite); } #endif - RETURN_TRUE; // TODO why always true ? } int hook_cookies() { diff --git a/src/sp_crypt.c b/src/sp_crypt.c index 96a0cc0..b6eaa59 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -27,11 +27,10 @@ void generate_key(unsigned char *key) { if (env_var) { PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var)); } else { - sp_log_warn( - "cookie_encryption", - "The environment variable '%s' " - "is empty, cookies are weakly encrypted", - ZSTR_VAL(env_var_zend)); + sp_log_warn("cookie_encryption", + "The environment variable '%s' " + "is empty, cookies are weakly encrypted", + ZSTR_VAL(env_var_zend)); } if (encryption_key) { @@ -61,14 +60,16 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { hash_key ? ZSTR_VAL(hash_key->key) : "the session"); return ZEND_HASH_APPLY_KEEP; } else { + // LCOV_EXCL_START sp_log_msg( "cookie_encryption", SP_LOG_DROP, "Buffer underflow tentative detected in cookie encryption handling"); return ZEND_HASH_APPLY_REMOVE; + // LCOV_EXCL_STOP } } - // LCOV_EXCL_START + // LCOV_EXCL_START if (ZSTR_LEN(debase64) + (size_t)crypto_secretbox_ZEROBYTES < ZSTR_LEN(debase64)) { if (true == simulation) { @@ -85,7 +86,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { return ZEND_HASH_APPLY_REMOVE; } } - // LCOV_EXCL_END + // LCOV_EXCL_STOP generate_key(key); @@ -106,7 +107,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { hash_key ? ZSTR_VAL(hash_key->key) : "the session"); return ZEND_HASH_APPLY_KEEP; } else { - sp_log_msg("cookie_encryption", SP_LOG_DROP, + sp_log_msg("cookie_encryption", SP_LOG_WARN, "Something went wrong with the decryption of %s", hash_key ? ZSTR_VAL(hash_key->key) : "the session"); return ZEND_HASH_APPLY_REMOVE; diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 1589cd4..79dc5a7 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -106,12 +106,12 @@ static bool is_param_matching(zend_execute_data* execute_data, if (config_node->pos > nb_param - 1) { char* complete_function_path = get_complete_function_path(execute_data); sp_log_warn("config", - "It seems that you wrote a rule filtering on the " - "%d%s argument of the function '%s', but it takes only %d " - "arguments. " - "Matching on _all_ arguments instead.", - config_node->pos, GET_SUFFIX(config_node->pos), - complete_function_path, nb_param); + "It seems that you wrote a rule filtering on the " + "%d%s argument of the function '%s', but it takes only %d " + "arguments. " + "Matching on _all_ arguments instead.", + config_node->pos, GET_SUFFIX(config_node->pos), + complete_function_path, nb_param); efree(complete_function_path); } else { i = config_node->pos; @@ -209,12 +209,12 @@ static zend_execute_data* is_file_matching( zend_execute_data* ex = execute_data; if (config_node->filename) { if (sp_zend_string_equals(current_filename, config_node->filename)) { - return ex; + return ex; // LCOV_EXCL_LINE } ITERATE(ex); if (zend_string_equals(ex->func->op_array.filename, - config_node->filename)) { - return ex; + config_node->filename)) { + return ex; // LCOV_EXCL_LINE } } else if (config_node->r_filename) { if (sp_is_regexp_matching_zend(config_node->r_filename, current_filename)) { @@ -415,8 +415,8 @@ bool should_drop_on_ret_ht(const zval* return_value, const char* function_name, ht_entry = zend_hash_str_find_ptr(ht, function_name, strlen(function_name)); - if (ht_entry && should_drop_on_ret(return_value, ht_entry, function_name, - execute_data)) { + if (ht_entry && + should_drop_on_ret(return_value, ht_entry, function_name, execute_data)) { ret = true; } else if (config && config->data) { ret = should_drop_on_ret(return_value, config, function_name, execute_data); @@ -516,13 +516,12 @@ ZEND_FUNCTION(check_disabled_function) { SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name, strlen(current_function_name)); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); - if (true == - should_drop_on_ret_ht( - return_value, current_function_name, - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, - execute_data)) { + if (true == should_drop_on_ret_ht( + return_value, current_function_name, + SNUFFLEUPAGUS_G(config) + .config_disabled_functions_reg_ret->disabled_functions, + SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, + execute_data)) { zend_bailout(); } } @@ -584,7 +583,7 @@ ZEND_FUNCTION(eval_blacklist_callback) { if (config_eval->dump) { sp_log_request(config_eval->dump, config_eval->textual_representation, - SP_TOKEN_EVAL_BLACKLIST); + SP_TOKEN_EVAL_BLACKLIST); } if (config_eval->simulation) { sp_log_msg("eval", SP_LOG_SIMULATION, diff --git a/src/sp_disabled_functions.h b/src/sp_disabled_functions.h index ae1500a..b7901dd 100644 --- a/src/sp_disabled_functions.h +++ b/src/sp_disabled_functions.h @@ -9,8 +9,9 @@ bool should_disable(zend_execute_data *, const char *, const zend_string *, const char *, const sp_list_node *, const zend_string *); bool should_disable_ht(zend_execute_data *, const char *, const zend_string *, const char *, const sp_list_node *, const HashTable *); -bool should_drop_on_ret_ht(const zval *, const char *, const sp_list_node *config, - const HashTable *, zend_execute_data *); +bool should_drop_on_ret_ht(const zval *, const char *, + const sp_list_node *config, const HashTable *, + zend_execute_data *); bool should_drop_on_ret(const zval *, const sp_list_node *config, const char *, zend_execute_data *); char *get_complete_function_path(zend_execute_data const *const); diff --git a/src/sp_execute.c b/src/sp_execute.c index 6ed87cb..6def91b 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -13,13 +13,14 @@ static int (*orig_zend_stream_open)(const char *filename, // FIXME handle symlink ZEND_COLD static inline void terminate_if_writable(const char *filename) { - const sp_config_readonly_exec* config_ro_exec = + const sp_config_readonly_exec *config_ro_exec = SNUFFLEUPAGUS_G(config).config_readonly_exec; if (0 == access(filename, W_OK)) { if (config_ro_exec->dump) { - sp_log_request(config_ro_exec->dump, config_ro_exec->textual_representation, - SP_TOKEN_READONLY_EXEC); + sp_log_request(config_ro_exec->dump, + config_ro_exec->textual_representation, + SP_TOKEN_READONLY_EXEC); } if (true == config_ro_exec->simulation) { sp_log_msg("readonly_exec", SP_LOG_SIMULATION, @@ -31,8 +32,10 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) { } } else { if (EACCES != errno) { + // LCOV_EXCL_START sp_log_err("Writable execution", "Error while accessing %s: %s", filename, strerror(errno)); + // LCOV_EXCL_STOP } } } @@ -82,7 +85,7 @@ is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { if (UNEXPECTED(false == check_is_in_eval_whitelist(current_function))) { if (config_eval->dump) { sp_log_request(config_eval->dump, config_eval->textual_representation, - SP_TOKEN_EVAL_WHITELIST); + SP_TOKEN_EVAL_WHITELIST); } if (config_eval->simulation) { sp_log_msg( @@ -123,7 +126,7 @@ zend_string *get_eval_filename(const char *const filename) { static void sp_execute_ex(zend_execute_data *execute_data) { is_in_eval_and_whitelisted(execute_data); - const HashTable* config_disabled_functions = + const HashTable *config_disabled_functions = SNUFFLEUPAGUS_G(config).config_disabled_functions; if (!execute_data) { @@ -131,11 +134,12 @@ static void sp_execute_ex(zend_execute_data *execute_data) { } if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) { - const sp_list_node * config = zend_hash_str_find_ptr( + const sp_list_node *config = zend_hash_str_find_ptr( config_disabled_functions, "eval", sizeof("eval") - 1); zend_string *filename = get_eval_filename(zend_get_executed_filename()); - is_builtin_matching(filename, "eval", NULL, config, config_disabled_functions); + is_builtin_matching(filename, "eval", NULL, config, + config_disabled_functions); zend_string_release(filename); SNUFFLEUPAGUS_G(in_eval)++; @@ -153,9 +157,9 @@ static void sp_execute_ex(zend_execute_data *execute_data) { if (SNUFFLEUPAGUS_G(config).hook_execute) { char *function_name = get_complete_function_path(execute_data); zval ret_val; - const sp_list_node* config_disabled_functions_reg = - SNUFFLEUPAGUS_G(config).config_disabled_functions_reg - ->disabled_functions; + const sp_list_node *config_disabled_functions_reg = + SNUFFLEUPAGUS_G(config) + .config_disabled_functions_reg->disabled_functions; if (!function_name) { orig_execute_ex(execute_data); @@ -166,10 +170,10 @@ static void sp_execute_ex(zend_execute_data *execute_data) { !execute_data->prev_execute_data->func || !ZEND_USER_CODE(execute_data->prev_execute_data->func->type) || !execute_data->prev_execute_data->opline) { - if (UNEXPECTED(true == - should_disable_ht(execute_data, function_name, NULL, NULL, - config_disabled_functions_reg, - config_disabled_functions))) { + if (UNEXPECTED(true == should_disable_ht(execute_data, function_name, + NULL, NULL, + config_disabled_functions_reg, + config_disabled_functions))) { zend_bailout(); } } else if ((execute_data->prev_execute_data->opline->opcode == @@ -178,16 +182,17 @@ static void sp_execute_ex(zend_execute_data *execute_data) { ZEND_DO_UCALL || execute_data->prev_execute_data->opline->opcode == ZEND_DO_FCALL_BY_NAME)) { - if (UNEXPECTED(true == - should_disable_ht(execute_data, function_name, NULL, NULL, - config_disabled_functions_reg, - config_disabled_functions))) { + if (UNEXPECTED(true == should_disable_ht(execute_data, function_name, + NULL, NULL, + config_disabled_functions_reg, + config_disabled_functions))) { zend_bailout(); } } - // When a function's return value isn't used, php doesn't store it in the execute_data, - // so we need to use a local variable to be able to match on it later. + // When a function's return value isn't used, php doesn't store it in the + // execute_data, so we need to use a local variable to be able to match on + // it later. if (EX(return_value) == NULL) { memset(&ret_val, 0, sizeof(ret_val)); EX(return_value) = &ret_val; @@ -196,13 +201,13 @@ static void sp_execute_ex(zend_execute_data *execute_data) { orig_execute_ex(execute_data); if (UNEXPECTED( - true == - should_drop_on_ret_ht( - EX(return_value), function_name, - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, - execute_data))) { + true == + should_drop_on_ret_ht( + EX(return_value), function_name, + SNUFFLEUPAGUS_G(config) + .config_disabled_functions_reg_ret->disabled_functions, + SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, + execute_data))) { zend_bailout(); } efree(function_name); @@ -213,14 +218,14 @@ static void sp_execute_ex(zend_execute_data *execute_data) { } else { orig_execute_ex(execute_data); } - } static void sp_zend_execute_internal(INTERNAL_FUNCTION_PARAMETERS) { is_in_eval_and_whitelisted(execute_data); if (UNEXPECTED(NULL != orig_zend_execute_internal)) { - orig_zend_execute_internal(INTERNAL_FUNCTION_PARAM_PASSTHRU); + orig_zend_execute_internal( + INTERNAL_FUNCTION_PARAM_PASSTHRU); // LCOV_EXCL_LINE } else { EX(func)->internal_function.handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } @@ -235,7 +240,7 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) { } zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0); - const HashTable* disabled_functions_hooked = + const HashTable *disabled_functions_hooked = SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked; switch (data->opline->opcode) { @@ -247,32 +252,32 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) { case ZEND_INCLUDE: is_builtin_matching( zend_filename, "include", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, - "include", sizeof("include") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, "include", + sizeof("include") - 1), disabled_functions_hooked); break; case ZEND_REQUIRE: is_builtin_matching( zend_filename, "require", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, - "require", sizeof("require") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, "require", + sizeof("require") - 1), disabled_functions_hooked); break; case ZEND_REQUIRE_ONCE: is_builtin_matching( zend_filename, "require_once", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, - "require_once", sizeof("require_once") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, "require_once", + sizeof("require_once") - 1), disabled_functions_hooked); break; case ZEND_INCLUDE_ONCE: is_builtin_matching( zend_filename, "include_once", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, - "include_once", sizeof("include_once") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, "include_once", + sizeof("include_once") - 1), disabled_functions_hooked); break; - EMPTY_SWITCH_DEFAULT_CASE(); + EMPTY_SWITCH_DEFAULT_CASE(); // LCOV_EXCL_LINE } } efree(zend_filename); diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index d58d0c4..233ddc0 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -10,7 +10,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { PCRE2_SIZE erroroffset; ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &errornumber, &erroroffset, NULL); - pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)); + pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)); #else const char* pcre_error = NULL; int erroroffset; @@ -46,7 +46,9 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, #else if (ret != PCRE_ERROR_NOMATCH) { #endif + // LCOV_EXCL_START sp_log_err("regexp", "Something went wrong with a regexp (%d).", ret); + // LCOV_EXCL_STOP } return false; } diff --git a/src/sp_session.c b/src/sp_session.c index 0f1c0b8..73fda22 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -27,10 +27,11 @@ static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; static int sp_hook_s_read(PS_READ_ARGS) { int r = old_s_read(mod_data, key, val, maxlifetime); - const sp_config_session* config_session = SNUFFLEUPAGUS_G(config).config_session; + const sp_config_session *config_session = + SNUFFLEUPAGUS_G(config).config_session; - if (r == SUCCESS && config_session->encrypt && - val != NULL && *val != NULL && ZSTR_LEN(*val)) { + if (r == SUCCESS && config_session->encrypt && val != NULL && *val != NULL && + ZSTR_LEN(*val)) { zend_string *orig_val = *val; zval val_zval; ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val)); @@ -40,7 +41,7 @@ static int sp_hook_s_read(PS_READ_ARGS) { if (config_session->simulation) { return ret; } else { - sp_terminate(); + zend_bailout(); } } diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c index 695d2a3..d510181 100644 --- a/src/sp_sloppy.c +++ b/src/sp_sloppy.c @@ -36,7 +36,6 @@ ZEND_API zend_op_array* sp_compile_file(zend_file_handle* file_handle, return opline; } - static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name, size_t size, zif_handler orig_handler, const char* spec) { @@ -55,8 +54,8 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name, ZVAL_COPY(¶ms[1], array); ZVAL_BOOL(¶ms[2], 1); } else { - // if there is no array as parameter, don't set strict mode. - // check php's implementation for details. + // if there is no array as parameter, don't set strict mode. + // check php's implementation for details. ZVAL_BOOL(¶ms[2], 0); } diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 1b47416..fe738e6 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -6,9 +6,9 @@ PHP_FUNCTION(sp_serialize) { zif_handler orig_handler; /* Call the original `serialize` function. */ - orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_internal_functions_hook), "serialize", - sizeof("serialize") - 1); + orig_handler = + zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), + "serialize", sizeof("serialize") - 1); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); /* Compute the HMAC of the textual representation of the serialized data*/ @@ -26,9 +26,11 @@ PHP_FUNCTION(sp_serialize) { size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); if (len < Z_STRLEN_P(return_value)) { + // LCOV_EXCL_START sp_log_err("overflow_error", "Overflow tentative detected in sp_serialize."); zend_bailout(); + // LCOV_EXCL_STOP } zend_string *res = zend_string_alloc(len, 0); @@ -51,7 +53,7 @@ PHP_FUNCTION(sp_unserialize) { size_t buf_len = 0; zval *opts = NULL; - const sp_config_unserialize* config_unserialize = + const sp_config_unserialize *config_unserialize = SNUFFLEUPAGUS_G(config).config_unserialize; if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) == @@ -63,7 +65,6 @@ PHP_FUNCTION(sp_unserialize) { if (buf_len < 64) { sp_log_msg("unserialize", SP_LOG_DROP, "The serialized object is too small."); - RETURN_FALSE; } hmac = buf + buf_len - 64; @@ -94,6 +95,11 @@ PHP_FUNCTION(sp_unserialize) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } } else { + if (config_unserialize->dump) { + sp_log_request(config_unserialize->dump, + config_unserialize->textual_representation, + SP_TOKEN_UNSERIALIZE_HMAC); + } if (true == config_unserialize->simulation) { sp_log_msg("unserialize", SP_LOG_SIMULATION, "Invalid HMAC for %s", serialized_str); @@ -107,11 +113,6 @@ PHP_FUNCTION(sp_unserialize) { serialized_str); } } - if (config_unserialize->dump) { - sp_log_request(config_unserialize->dump, - config_unserialize->textual_representation, - SP_TOKEN_UNSERIALIZE_HMAC); - } efree(serialized_str); return; } diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index d04dce4..086723d 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -21,31 +21,31 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { if (event == MULTIPART_EVENT_END) { zend_string *file_key __attribute__((unused)) = NULL; - const sp_config_upload_validation* config_upload = + const sp_config_upload_validation *config_upload = SNUFFLEUPAGUS_G(config).config_upload_validation; zval *file; pid_t pid; - sp_log_debug("Got %d files", + sp_log_debug( + "Got %d files", zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]))); ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]), file_key, file) { // for each uploaded file - char *filename = - Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "name", sizeof("name") - 1)); - char *tmp_name = - Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "tmp_name", sizeof("tmp_name") - 1)); - size_t filesize = - Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "size", sizeof("size") - 1)); + char *filename = Z_STRVAL_P( + zend_hash_str_find(Z_ARRVAL_P(file), "name", sizeof("name") - 1)); + char *tmp_name = Z_STRVAL_P(zend_hash_str_find( + Z_ARRVAL_P(file), "tmp_name", sizeof("tmp_name") - 1)); + size_t filesize = Z_LVAL_P( + zend_hash_str_find(Z_ARRVAL_P(file), "size", sizeof("size") - 1)); char *cmd[3] = {0}; char *env[5] = {0}; - sp_log_debug( - "Filename: %s\nTmpname: %s\nSize: %d\nError: %d\nScript: %s", - filename, tmp_name, filesize, - Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "error", 5)), - ZSTR_VAL(config_upload->script)); + sp_log_debug("Filename: %s\nTmpname: %s\nSize: %d\nError: %d\nScript: %s", + filename, tmp_name, filesize, + Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "error", 5)), + ZSTR_VAL(config_upload->script)); cmd[0] = ZSTR_VAL(config_upload->script); cmd[1] = tmp_name; @@ -60,10 +60,8 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { if ((pid = fork()) == 0) { if (execve(ZSTR_VAL(config_upload->script), cmd, env) == -1) { - sp_log_warn( - "upload_validation", "Could not call '%s' : %s", - ZSTR_VAL(config_upload->script), - strerror(errno)); + sp_log_warn("upload_validation", "Could not call '%s' : %s", + ZSTR_VAL(config_upload->script), strerror(errno)); EFREE_3(env); exit(1); } diff --git a/src/sp_utils.c b/src/sp_utils.c index 3e542f7..6634a8e 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -9,8 +9,7 @@ ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) -bool sp_zend_string_equals(const zend_string* s1, - const zend_string* s2) { +bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) { // We can't use `zend_string_equals` here because it doesn't work on // `const` zend_string. return ZSTR_LEN(s1) == ZSTR_LEN(s2) && @@ -37,9 +36,11 @@ int compute_hash(const char* const filename, char* file_hash) { php_stream* stream = php_stream_open_wrapper(filename, "rb", REPORT_ERRORS, NULL); if (!stream) { + // LCOV_EXCL_START sp_log_err("hash_computation", "Can not open the file %s to compute its hash", filename); return FAILURE; + // LCOV_EXCL_STOP } PHP_SHA256Init(&context); @@ -133,9 +134,11 @@ static char* zend_string_to_char(const zend_string* zs) { // Remove all \0 in a zend_string and replace them with '0' instead. if (ZSTR_LEN(zs) + 1 < ZSTR_LEN(zs)) { + // LCOV_EXCL_START sp_log_err("overflow_error", "Overflow tentative detected in zend_string_to_char"); zend_bailout(); + // LCOV_EXCL_STOP } char* copy = ecalloc(ZSTR_LEN(zs) + 1, 1); @@ -180,8 +183,9 @@ const zend_string* sp_zval_to_zend_string(const zval* zv) { return zend_string_init("ARRAY", sizeof("ARRAY") - 1, 0); case IS_RESOURCE: return zend_string_init("RESOURCE", sizeof("RESOURCE") - 1, 0); + default: + return zend_string_init("", 0, 0); // LCOV_EXCL_LINE } - return zend_string_init("", 0, 0); } bool sp_match_value(const zend_string* value, const zend_string* to_match, @@ -216,12 +220,10 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, char_repr = zend_string_to_char(arg_value); } if (alias) { - sp_log_msg( - "disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP, - "Aborted execution on call of the function '%s', " - "because its argument '%s' content (%s) matched the rule '%s'", - path, arg_name, char_repr ? char_repr : "?", - ZSTR_VAL(alias)); + sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP, + "Aborted execution on call of the function '%s', " + "because its argument '%s' content (%s) matched the rule '%s'", + path, arg_name, char_repr ? char_repr : "?", ZSTR_VAL(alias)); } else { sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP, "Aborted execution on call of the function '%s', " @@ -237,8 +239,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, path, ZSTR_VAL(alias)); } else { sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP, - "Aborted execution on call of the function '%s'", - path); + "Aborted execution on call of the function '%s'", path); } } } @@ -263,8 +264,7 @@ void sp_log_disable_ret(const char* restrict path, "disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP, "Aborted execution on return of the function '%s', " "because the function returned '%s', which matched the rule '%s'", - path, char_repr ? char_repr : "?", - ZSTR_VAL(alias)); + path, char_repr ? char_repr : "?", ZSTR_VAL(alias)); } else { sp_log_msg("disabled_function", sim ? SP_LOG_SIMULATION : SP_LOG_DROP, "Aborted execution on return of the function '%s', " @@ -331,9 +331,11 @@ int hook_function(const char* original_name, HashTable* hook_table, if (func->handler != new_function) { if (zend_hash_str_add_new_ptr((hook_table), VAR_AND_LEN(original_name), func->handler) == NULL) { + // LCOV_EXCL_START sp_log_err("function_pointer_saving", "Could not save function pointer for %s", original_name); return FAILURE; + // LCOV_EXCL_STOP } func->handler = new_function; ret = SUCCESS; diff --git a/src/sp_utils.h b/src/sp_utils.h index d835905..200e82c 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -59,6 +59,6 @@ int hook_regexp(const sp_pcre *, HashTable *, zif_handler); bool check_is_in_eval_whitelist(const zend_string *const function_name); int sp_log_request(const zend_string *folder, const zend_string *text_repr, char *from); -bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2); +bool sp_zend_string_equals(const zend_string *s1, const zend_string *s2); #endif /* SP_UTILS_H */ diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c index b57386e..72cbc12 100644 --- a/src/sp_var_parser.c +++ b/src/sp_var_parser.c @@ -31,7 +31,7 @@ static bool is_var_name_valid(const char *name) { regexp_const = sp_pcre_compile(REGEXP_CONST); } if (NULL == regexp_var || NULL == regexp_const) { - return false; + return false; // LCOV_EXCL_LINE } if ((false == sp_is_regexp_matching(regexp_var, name)) && (false == sp_is_regexp_matching(regexp_const, name))) { @@ -64,8 +64,10 @@ static int create_var(sp_tree *tree, const char *restrict value, var_node->type = VAR; } if (!(var_node->value = pestrndup(value, value_len, 1))) { + // LCOV_EXCL_START sp_log_err("config", "Can't allocate a strndup"); return -1; + // LCOV_EXCL_STOP } if (var_node->type != INTERPRETED_STRING && !is_var_name_valid(var_node->value)) { diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c index e336a87..fd47dd6 100644 --- a/src/sp_wrapper.c +++ b/src/sp_wrapper.c @@ -7,11 +7,11 @@ static bool wrapper_is_whitelisted(const zend_string *zs) { const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist; if (!zs) { - return false; + return false; // LCOV_EXCL_LINE } while (list) { - if (zend_string_equals_ci(zs, (const zend_string*)list->data)) { + if (zend_string_equals_ci(zs, (const zend_string *)list->data)) { return true; } list = list->next; @@ -41,23 +41,24 @@ void sp_disable_wrapper() { zend_hash_destroy(orig_complete); pefree(orig_complete, 1); - SNUFFLEUPAGUS_G(config).config_wrapper->num_wrapper = zend_hash_num_elements(orig); + SNUFFLEUPAGUS_G(config).config_wrapper->num_wrapper = + zend_hash_num_elements(orig); } PHP_FUNCTION(sp_stream_wrapper_register) { zif_handler orig_handler; zend_string *protocol_name = NULL; - // LCOV_EXCL_BR_START + // LCOV_EXCL_BR_START ZEND_PARSE_PARAMETERS_START_EX(ZEND_PARSE_PARAMS_QUIET, 2, EX_NUM_ARGS()); Z_PARAM_STR(protocol_name); ZEND_PARSE_PARAMETERS_END_EX((void)0); - // LCOV_EXCL_BR_END + // LCOV_EXCL_BR_END if (wrapper_is_whitelisted(protocol_name)) { orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_internal_functions_hook), - "stream_wrapper_register", sizeof("stream_wrapper_register") - 1); + SNUFFLEUPAGUS_G(sp_internal_functions_hook), "stream_wrapper_register", + sizeof("stream_wrapper_register") - 1); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } } diff --git a/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt new file mode 100644 index 0000000..d0b7c0d --- /dev/null +++ b/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt @@ -0,0 +1,14 @@ +--TEST-- +Borken configuration - encrypted cookie without encryption key +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_conf_cookie_encryption_without_env_var.phpt new file mode 100644 index 0000000..af5d471 --- /dev/null +++ b/src/tests/broken_conf_cookie_encryption_without_env_var.phpt @@ -0,0 +1,14 @@ +--TEST-- +Borken configuration - encrypted cookie with without cookie env var +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_conf_mutually_exclusive11.phpt new file mode 100644 index 0000000..507d7fa --- /dev/null +++ b/src/tests/broken_conf_mutually_exclusive11.phpt @@ -0,0 +1,14 @@ +--TEST-- +Broken configuration - ret and var are mutually exclusives +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_conf_mutually_exclusive12.phpt new file mode 100644 index 0000000..d823de9 --- /dev/null +++ b/src/tests/broken_conf_mutually_exclusive12.phpt @@ -0,0 +1,14 @@ +--TEST-- +Broken configuration - ret and value are mutually exclusive +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_conf_wrapper_whitelist.phpt new file mode 100644 index 0000000..ea147ac --- /dev/null +++ b/src/tests/broken_conf_wrapper_whitelist.phpt @@ -0,0 +1,18 @@ +--TEST-- +Broken configuration with invalid token for wrapper whitelist +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_wrapper_whitelist.ini +sp.allow_broken_configuration=Off +--FILE-- + +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini b/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini new file mode 100644 index 0000000..a100bd8 --- /dev/null +++ b/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini @@ -0,0 +1,2 @@ +sp.global.cookie_env_var("MY_SUPER_ENV_VAR_YAY"); +sp.cookie.name("my_cookie_name").encrypt(); diff --git a/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini b/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini new file mode 100644 index 0000000..54cb101 --- /dev/null +++ b/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini @@ -0,0 +1,2 @@ +sp.global.secret_key("super secret encryption key"); +sp.cookie.name("my_cookie_name").encrypt(); diff --git a/src/tests/config/broken_conf_mutually_exclusive11.ini b/src/tests/config/broken_conf_mutually_exclusive11.ini new file mode 100644 index 0000000..cab163f --- /dev/null +++ b/src/tests/config/broken_conf_mutually_exclusive11.ini @@ -0,0 +1 @@ +sp.disable_function.function("strcmp").drop().ret("hip").var("hop"); diff --git a/src/tests/config/broken_conf_mutually_exclusive12.ini b/src/tests/config/broken_conf_mutually_exclusive12.ini new file mode 100644 index 0000000..fe140db --- /dev/null +++ b/src/tests/config/broken_conf_mutually_exclusive12.ini @@ -0,0 +1 @@ +sp.disable_function.function("strcmp").drop().ret("hip").value("hop"); diff --git a/src/tests/config/broken_conf_wrapper_whitelist.ini b/src/tests/config/broken_conf_wrapper_whitelist.ini new file mode 100644 index 0000000..b8e08a8 --- /dev/null +++ b/src/tests/config/broken_conf_wrapper_whitelist.ini @@ -0,0 +1 @@ +sp.wrappers_whitelist.invalid_param(); diff --git a/src/tests/crypt_session_invalid.phpt b/src/tests/crypt_session_invalid.phpt index cc6e80e..4b0f4d2 100644 --- a/src/tests/crypt_session_invalid.phpt +++ b/src/tests/crypt_session_invalid.phpt @@ -21,4 +21,4 @@ session_start(); // Re start the session, It will read and decrypt the non em var_dump($_SESSION); // Dump the session ?> --EXPECTF-- -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of the session in %s/tests/crypt_session_invalid.php on line %d +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of the session in %s/tests/crypt_session_invalid.php on line %d diff --git a/src/tests/encrypt_cookies4.phpt b/src/tests/encrypt_cookies4.phpt index 14d737a..04d4076 100644 --- a/src/tests/encrypt_cookies4.phpt +++ b/src/tests/encrypt_cookies4.phpt @@ -16,8 +16,13 @@ EOF; setcookie("super_cookie", "super_value"); setcookie("awful_cookie", "awful_value"); setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true); +$ret = setcookie("", "Cookie with no name", 1, "1", "1", true, true); +if ($ret == TRUE) { + echo "fail :/"; +} var_dump($_COOKIE); ?> ---EXPECT-- +--EXPECTF-- +Warning: Cookie names must not be empty in %a/tests/encrypt_cookies4.php on line %d array(0) { } diff --git a/src/tests/encrypt_cookies_empty_env.phpt b/src/tests/encrypt_cookies_empty_env.phpt index 252f831..23f1759 100644 --- a/src/tests/encrypt_cookies_empty_env.phpt +++ b/src/tests/encrypt_cookies_empty_env.phpt @@ -14,4 +14,5 @@ super_cookie=cGFkZGluZ3BhZGRpbmdwYWRkaW5ncGFkZGluZ3BhZGRpbmdwYWRkaW5ncGFkZGluZ3B --EXPECT-- Warning: [snuffleupagus][cookie_encryption] The environment variable 'SUPER_ENV_VAR' is empty, cookies are weakly encrypted in Unknown on line 0 -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +1 diff --git a/src/tests/encrypt_cookies_invalid_decryption.phpt b/src/tests/encrypt_cookies_invalid_decryption.phpt index c64675d..d4a0b0f 100644 --- a/src/tests/encrypt_cookies_invalid_decryption.phpt +++ b/src/tests/encrypt_cookies_invalid_decryption.phpt @@ -1,5 +1,5 @@ --TEST-- -Cookie encryption +Cookie encryption - invalid decryption --SKIPIF-- --INI-- @@ -8,12 +8,19 @@ display_errors=1 display_startup_errors=1 error_reporting=E_ALL --COOKIE-- -super_cookie=jWjORGsgZyqzk3WA63XZBmUoSknXWnXDfAAAAAAAAAAAAAAAAAAAAAA7LiMDfkpP94jDnMVH%2Fm41GeL0Y00q3mbOFYz%2FS9mQGySu;awful_cookie=awful_cookie_value; +super_cookie=Wk9NR1RISVNJU05PVEVOQ1JZUFRFREFUQUxMV0hBVFRIRUhFTExJU0hIRUxMQVJFWU9VRE9JTkdaT01Hb2htYXliZXRoaXNpc2Fub2xkc2Vzc2lvbmNvb2tpZQo=;awfulcookie=awfulcookievalue; --ENV-- return << + --EXPECT-- -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 \ No newline at end of file +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +1337 +array(1) { + ["awfulcookie"]=> + string(16) "awfulcookievalue" +} diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt index 0c02806..d2f9e3c 100644 --- a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt +++ b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt @@ -16,4 +16,8 @@ EOF; --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 \ No newline at end of file +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +array(1) { + ["awful_cookie"]=> + string(18) "awful_cookie_value" +} -- cgit v1.3