From ef1cb7661ed577039c7fa6caea7490330237f091 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 10 Oct 2017 14:47:56 +0200 Subject: Bump coverage, and fix a segfault on trace matching --- src/sp_config_keywords.c | 13 ++++++++----- src/sp_disabled_functions.c | 13 +++++++++++-- src/tests/broken_conf_no_cookie_name.phpt | 9 +++++++++ src/tests/config/config_disabled_functions_chain.ini | 2 ++ src/tests/config/config_encrypted_cookies_noname.ini | 3 +++ 5 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 src/tests/broken_conf_no_cookie_name.phpt create mode 100644 src/tests/config/config_encrypted_cookies_noname.ini (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 8fba868..e71463a 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -128,13 +128,16 @@ int parse_cookie_encryption(char *line) { "on line %zu without having set the `.encryption_key` option in" "`sp.global`: please set it first.", sp_line_no); return -1; + } else if (0 == strlen(name)) { + sp_log_err("config", "You must specify a cookie name to encrypt on line " + "%zu.", sp_line_no); + return -1; } - if (name) { - zend_hash_str_add_empty_element( - SNUFFLEUPAGUS_G(config).config_cookie_encryption->names, name, - strlen(name)); - } + zend_hash_str_add_empty_element( + SNUFFLEUPAGUS_G(config).config_cookie_encryption->names, name, + strlen(name)); + return SUCCESS; } diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index b465a30..e4ba19a 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -15,6 +15,11 @@ ZEND_COLD static zend_always_inline bool is_hash_matching( static zend_always_inline char* get_complete_function_path( zend_execute_data const* const execute_data) { + + if (!(execute_data->func->common.function_name)) { + return NULL; + } + char const* class_name; char const* const function_name = ZSTR_VAL(execute_data->func->common.function_name); @@ -38,12 +43,16 @@ static bool is_functions_list_matching(zend_execute_data *execute_data, sp_node_ while (current) { if (it == NULL) { // every function in the list matched, we've got a match! + EG(current_execute_data) = orig_execute_data; return true; } EG(current_execute_data) = current; char *complete_path_function = get_complete_function_path(current); + if (!complete_path_function) { + goto end; + } int match = strcmp(((char*)it->data), complete_path_function); efree(complete_path_function); @@ -51,11 +60,11 @@ static bool is_functions_list_matching(zend_execute_data *execute_data, sp_node_ it = it->next; current = current->prev_execute_data; } else { - EG(current_execute_data) = orig_execute_data; - return false; + goto end; } } +end: EG(current_execute_data) = orig_execute_data; return false; } diff --git a/src/tests/broken_conf_no_cookie_name.phpt b/src/tests/broken_conf_no_cookie_name.phpt new file mode 100644 index 0000000..feaf6ca --- /dev/null +++ b/src/tests/broken_conf_no_cookie_name.phpt @@ -0,0 +1,9 @@ +--TEST-- +Borken configuration - encrypted cookie with no name +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_encrypted_cookies_noname.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] You must specify a cookie name to encrypt on line 2. diff --git a/src/tests/config/config_disabled_functions_chain.ini b/src/tests/config/config_disabled_functions_chain.ini index f47af34..5eacbc3 100644 --- a/src/tests/config/config_disabled_functions_chain.ini +++ b/src/tests/config/config_disabled_functions_chain.ini @@ -1 +1,3 @@ +sp.disable_functions.function("outer>inner>other").drop(); +sp.disable_functions.function("other>outer>inner_").drop(); sp.disable_functions.function("outer>inner").drop(); diff --git a/src/tests/config/config_encrypted_cookies_noname.ini b/src/tests/config/config_encrypted_cookies_noname.ini new file mode 100644 index 0000000..27773e3 --- /dev/null +++ b/src/tests/config/config_encrypted_cookies_noname.ini @@ -0,0 +1,3 @@ +sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.cookie_encryption.cookie(""); +sp.auto_cookie_secure.enable(); -- cgit v1.3