From f4d3c01bd196400548f5712223171007563ab834 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 1 Feb 2023 20:35:23 +0100
Subject: Fix a possible NULL-byte truncation when outputting parameters in the
 logs

---
 src/sp_utils.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

(limited to 'src')

diff --git a/src/sp_utils.c b/src/sp_utils.c
index 0fae9ba..1bac1ae 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -1,5 +1,9 @@
 #include "php_snuffleupagus.h"
 
+#ifndef MIN
+#define MIN(a,b) (((a)<(b))?(a):(b))
+#endif
+
 static char const* const default_ipaddr = "0.0.0.0";
 const char* get_ipaddr() {
   const char* client_ip = getenv("REMOTE_ADDR");
@@ -230,15 +234,12 @@ static char* zend_string_to_char(const zend_string* zs) {
 
 static void sp_sanitize_charstring(char* c, size_t maxlen)
 {
-  for (size_t i = 0; *c; c++, i++) {
-    if (maxlen && i > maxlen - 1) {
-      *c = 0;
-      return;
-    }
-    if (*c < 32 || *c > 126) {
-      *c = '*';
+  for (size_t i = 0; i < maxlen - 1; i++) {
+    if (c[i] < 32 || c[i] > 126) {
+      c[i] = '*';
     }
   }
+  c[maxlen] = 0;
 }
 
 const zend_string* sp_zval_to_zend_string(const zval* zv) {
@@ -300,7 +301,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
     char* char_repr = NULL;
     if (arg_value) {
       char_repr = zend_string_to_char(arg_value);
-      sp_sanitize_charstring(char_repr, SPCFG(log_max_len));
+      sp_sanitize_charstring(char_repr, MIN(ZSTR_LEN(arg_value), (size_t)SPCFG(log_max_len)));
     }
     if (alias) {
       sp_log_auto(
@@ -341,7 +342,7 @@ void sp_log_disable_ret(const char* restrict path,
   }
   if (ret_value) {
     char_repr = zend_string_to_char(ret_value);
-    sp_sanitize_charstring(char_repr, SPCFG(log_max_len));
+    sp_sanitize_charstring(char_repr, MIN(ZSTR_LEN(ret_value), (size_t)SPCFG(log_max_len)));
   }
   if (alias) {
     sp_log_auto(
-- 
cgit v1.3