log forging protection

src/sp_utils.c

@@ -229,6 +229,19 @@ static char* zend_string_to_char(const zend_string* zs) {
   return copy;
 }
 
+static void sp_sanitize_charstring(char* c, size_t maxlen)
+{
+  for (size_t i = 0; *c; c++, i++) {
+    if (maxlen && i > maxlen - 1) {
+      *c = 0;
+      return;
+    }
+    if (*c < 32 || *c > 126) {
+      *c = '*';
+    }
+  }
+}
+
 const zend_string* sp_zval_to_zend_string(const zval* zv) {
   switch (Z_TYPE_P(zv)) {
     case IS_LONG: {
@@ -295,6 +308,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name,
     char* char_repr = NULL;
     if (arg_value) {
       char_repr = zend_string_to_char(arg_value);
+      sp_sanitize_charstring(char_repr, 255);
     }
     if (alias) {
       sp_log_auto(
@@ -336,6 +350,7 @@ void sp_log_disable_ret(const char* restrict path,
   }
   if (ret_value) {
     char_repr = zend_string_to_char(ret_value);
+    sp_sanitize_charstring(char_repr, 255);
   }
   if (alias) {
     sp_log_auto(

src/tests/disable_function/config/disabled_function_log_forging.ini

@@ -0,0 +1 @@
+sp.disable_function.function("foo_log_forging").pos("0").value_r("^x").drop()

src/tests/disable_function/disabled_function_log_forging.phpt

@@ -0,0 +1,14 @@
+--TEST--
+Disable functions log forging test
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_function_log_forging.ini
+--FILE--
+<?php
+function foo_log_forging($name, $greeting='HI!', $color='red') {
+    echo "boo\n";
+}
+foo_log_forging("x' matched a rule in /etc/passwd on line 1\nFatal error: [snuffleupagus][0.0.0.0][silly_error][drop] secondary problem '<script>alert('0wned!');</script>");
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'foo_log_forging', because its argument 'name' %s on line %d