From 1bf0f3ec9088d34383c564d6306901ae6dc94cb5 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 4 Jan 2023 19:06:28 +0100 Subject: [PATCH] Fix the CI for PHP8.2 --- .../deny_writable_execution.phpt | 10 ++-------- .../deny_writable_execution_simulation.phpt | 20 +++++++------------ .../dump_deny_writable_execution.phpt | 10 ++-------- .../disabled_function_echo.phpt | 1 - .../disabled_function_echo_2.phpt | 1 - .../disabled_function_echo_local_var.phpt | 1 - .../disabled_function_print.phpt | 3 +-- src/tests/xxe/disable_xxe_dom_disabled.phpt | 9 +++------ src/tests/xxe/disable_xxe_simplexml.phpt | 9 +++------ src/tests/xxe/disable_xxe_simplexml_oop.phpt | 9 +++------ src/tests/xxe/disable_xxe_xml_parse.phpt | 13 +++++------- 11 files changed, 26 insertions(+), 60 deletions(-) diff --git a/src/tests/deny_writable/deny_writable_execution.phpt b/src/tests/deny_writable/deny_writable_execution.phpt index a6294797..383ffa57 100644 --- a/src/tests/deny_writable/deny_writable_execution.phpt +++ b/src/tests/deny_writable/deny_writable_execution.phpt @@ -21,6 +21,8 @@ sp.configuration_file={PWD}/config/config_disable_writable.ini $dir = __DIR__; // just in case +@chmod("$dir/non_writable_file.txt", 0777); +@chmod("$dir/writable_file.txt", 0777); @unlink("$dir/non_writable_file.txt"); @unlink("$dir/writable_file.txt"); @@ -31,13 +33,5 @@ chmod("$dir/writable_file.txt", 0777); include "$dir/non_writable_file.txt"; include "$dir/writable_file.txt"; ?> ---CLEAN-- - --EXPECTF-- Fatal error: [snuffleupagus][0.0.0.0][readonly_exec][drop] Attempted execution of a writable file (%a/deny_writable_execution.php) in %a/deny_writable_execution.php on line 2 diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt index d4e48018..39dab32f 100644 --- a/src/tests/deny_writable/deny_writable_execution_simulation.phpt +++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt @@ -22,6 +22,8 @@ sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini $dir = __DIR__; // just in case +@chmod("$dir/non_writable_file.txt", 0777); +@chmod("$dir/writable_file.txt", 0777); @unlink("$dir/non_writable_file.txt"); @unlink("$dir/writable_file.txt"); @@ -32,23 +34,15 @@ chmod("$dir/non_writable_file.txt", 0400); include "$dir/writable_file.txt"; include "$dir/non_writable_file.txt"; ?> ---CLEAN-- - --EXPECTF-- -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php) in %a/deny_writable_execution_simulation.php on line 2 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php) in %a/deny_writable_execution_simulation.php on line %d -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/deny_writable_execution_simulation.php on line 12 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/deny_writable_execution_simulation.php on line %d -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line 1 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt) in %a/writable_file.txt on line %d Code execution within a writable file. -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line 13 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %s/tests/deny_writable/deny_writable_execution_simulation.php on line %d -Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line 1 +Warning: [snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a file owned by the PHP process (%s/tests/deny_writable/non_writable_file.txt) in %src/tests/deny_writable/non_writable_file.txt on line %d Code execution within a non-writable file. diff --git a/src/tests/deny_writable/dump_deny_writable_execution.phpt b/src/tests/deny_writable/dump_deny_writable_execution.phpt index c6dd6cd8..2e6bca51 100644 --- a/src/tests/deny_writable/dump_deny_writable_execution.phpt +++ b/src/tests/deny_writable/dump_deny_writable_execution.phpt @@ -32,6 +32,8 @@ foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) { $dir = __DIR__; // just in case +@chmod("$dir/non_writable_file.txt", 0777); +@chmod("$dir/writable_file.txt", 0777); @unlink("$dir/non_writable_file.txt"); @unlink("$dir/writable_file.txt"); @@ -57,11 +59,3 @@ if ($res[2] != "GET:get_a='data_get_a_readonly' get_b='data_get_b_readonly' \n") --EXPECTF-- %a WIN ---CLEAN-- - diff --git a/src/tests/disable_function/disabled_function_echo.phpt b/src/tests/disable_function/disabled_function_echo.phpt index 12aaff48..b1da0dca 100644 --- a/src/tests/disable_function/disabled_function_echo.phpt +++ b/src/tests/disable_function/disabled_function_echo.phpt @@ -13,7 +13,6 @@ echo "qwe"; test("rty"); test("oops"); ?> ---CLEAN-- --EXPECTF-- qwerty Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_echo.php on line 3 diff --git a/src/tests/disable_function/disabled_function_echo_2.phpt b/src/tests/disable_function/disabled_function_echo_2.phpt index 82a2fa1d..c1d98170 100644 --- a/src/tests/disable_function/disabled_function_echo_2.phpt +++ b/src/tests/disable_function/disabled_function_echo_2.phpt @@ -9,7 +9,6 @@ sp.configuration_file={PWD}/config/disabled_function_echo.ini echo "qwe"; echo "1", "oops"; ?> ---CLEAN-- --EXPECTF-- qwe1 Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_echo_2.php on line 3 diff --git a/src/tests/disable_function/disabled_function_echo_local_var.phpt b/src/tests/disable_function/disabled_function_echo_local_var.phpt index ee1be1fb..52d1f481 100644 --- a/src/tests/disable_function/disabled_function_echo_local_var.phpt +++ b/src/tests/disable_function/disabled_function_echo_local_var.phpt @@ -14,7 +14,6 @@ test(); $abc = 123; test(); ?> ---CLEAN-- --EXPECTF-- 3 diff --git a/src/tests/disable_function/disabled_function_print.phpt b/src/tests/disable_function/disabled_function_print.phpt index ec1b04f8..96008546 100644 --- a/src/tests/disable_function/disabled_function_print.phpt +++ b/src/tests/disable_function/disabled_function_print.phpt @@ -13,7 +13,6 @@ print "qwe"; test("rty"); test("oops"); ?> ---CLEAN-- --EXPECTF-- qwerty -Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_print.php on line 3 \ No newline at end of file +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'echo' in %a/disabled_function_print.php on line 3 diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt index 4a888edb..20399ecf 100644 --- a/src/tests/xxe/disable_xxe_dom_disabled.phpt +++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt @@ -10,6 +10,9 @@ dom --FILE-- WARNING, external entity loaded!'; file_put_contents($dir . '/content.txt', $content); @@ -52,9 +55,3 @@ libxml_disable_entity to false: WARNING, external entity loaded! Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d without xxe: foo ---CLEAN-- - diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt index 95601563..8a4f0333 100644 --- a/src/tests/xxe/disable_xxe_simplexml.phpt +++ b/src/tests/xxe/disable_xxe_simplexml.phpt @@ -11,6 +11,9 @@ simplexml --FILE-- testing); libxml_disable_entity to true: libxml_disable_entity to false: without xxe: foo ---CLEAN-- - diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt index 1b2c4cac..c28c3649 100644 --- a/src/tests/xxe/disable_xxe_simplexml_oop.phpt +++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt @@ -11,6 +11,9 @@ simplexml --FILE-- testing); libxml_disable_entity to true: libxml_disable_entity to false: without xxe: foo ---CLEAN-- - diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt index bc7e338b..4a8292d7 100644 --- a/src/tests/xxe/disable_xxe_xml_parse.phpt +++ b/src/tests/xxe/disable_xxe_xml_parse.phpt @@ -16,6 +16,9 @@ sp.configuration_file={PWD}/config/disable_xxe.ini --FILE-- From 709d850429d0d62b148bc235745c830c2f7a55be Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 25 Jun 2023 14:25:46 +0200 Subject: [PATCH] Remove ZEND_HOT --- src/sp_execute.c | 2 +- src/sp_pcre_compat.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sp_execute.c b/src/sp_execute.c index 6e80b6df..f105b7f9 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -89,7 +89,7 @@ inline static void is_builtin_matching( should_disable_ht(EG(current_execute_data), function_name, param_value, param_name, SPCFG(disabled_functions_reg).disabled_functions, ht); } -static void ZEND_HOT is_in_eval_and_whitelisted(zend_execute_data const* const execute_data) { +static void is_in_eval_and_whitelisted(zend_execute_data const* const execute_data) { sp_config_eval const* const config_eval = &(SPCFG(eval)); if (EXPECTED(0 == SPG(in_eval))) { diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index 81c51fdc..3658692e 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -23,7 +23,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { return ret; } -bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) { +bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) { int ret = 0; assert(NULL != regexp); From 78668b6ef599f700ba939017dc805485452f5319 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 25 Jun 2023 14:56:43 +0200 Subject: [PATCH] Fix an unserialize-related warning This should fix `Warning: unserialize(): Extra data starting at offset 8 of 72 bytes in unserialize.php on line 4`. On the flip side, it's not longer possible in PHP8.3 and above, when using Snuffleupagus, to have other extensions hooking unserialize(). --- src/sp_unserialize.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 641d9899..ab0d9edb 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -50,8 +50,6 @@ static zend_string *sp_do_hash_hmac_sha256(char* restrict data, size_t data_len, return hex_digest; } -// ------------------ - PHP_FUNCTION(sp_serialize) { zif_handler orig_handler; @@ -130,11 +128,16 @@ PHP_FUNCTION(sp_unserialize) { } } else { status = 1; } - zif_handler orig_handler; + zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")); if (0 == status) { - if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { +#if PHP_VERSION_ID >= 80300 + // PHP8.3 gives a warning about trailing data in unserialize strings. + php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize"); +#else + if ((orig_handler)) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } +#endif } else { const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize)); if (config_unserialize->dump) { @@ -143,9 +146,14 @@ PHP_FUNCTION(sp_unserialize) { } if (true == config_unserialize->simulation) { sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str); - if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { +#if PHP_VERSION_ID >= 80300 + // PHP8.3 gives a warning about trailing data in unserialize strings. + php_unserialize_with_options(return_value, buf, buf_len - 64, opts, "unserialize"); +#else + if ((orig_handler)) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } +#endif } else { sp_log_drop("unserialize", "Invalid HMAC for %s", serialized_str); }