New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trying to fix sloppy comparison #186

Merged
merged 6 commits into from Jul 9, 2018

Conversation

3 participants
@jvoisin
Collaborator

jvoisin commented Jul 5, 2018

No description provided.

sle
Trying to fix sloppy comparison #10 by
modifying php's opcode

@jvoisin jvoisin self-assigned this Jul 5, 2018

@jvoisin jvoisin requested a review from kkadosh Jul 5, 2018

@kkadosh

kkadosh approved these changes Jul 5, 2018

Looks good to me :)

@jvoisin

For completion's sake, you might want to grep for usage of the ZEND_API int ZEND_FASTCALL compare_function(zval *result, zval *op1, zval *op2) function in php's source code, to fix them as well.

ZEND_API void (*default_zend_execute_ex)(zend_execute_data*) = NULL;
ZEND_API void legit_hook(zend_execute_data* ex) {

This comment has been minimized.

@jvoisin

jvoisin Jul 5, 2018

Collaborator

legit_hook :')

Please use a proper name instead :)

^^^^^^^^^^^^^^^^
sloppy_comparison, disabled by default, will prevent php type
juggling (``==``) , preventing any bypass of a comparison.

This comment has been minimized.

@jvoisin

jvoisin Jul 5, 2018

Collaborator

It might be nice to add a reference to the documentation

sloppy_comparison, disabled by default, will prevent php type
juggling (``==``) , preventing any bypass of a comparison.
It can either be ``enabled`` or ``disabled``.

This comment has been minimized.

@jvoisin

jvoisin Jul 5, 2018

Collaborator

Do we want to implement a simulation mode for this?

This comment has been minimized.

@xXx-caillou-xXx

xXx-caillou-xXx Jul 5, 2018

Collaborator

I'm not sure we really want to do this.

xXx-caillou-xXx added some commits Jul 5, 2018

@@ -123,6 +124,22 @@ static void sp_execute_ex(zend_execute_data *execute_data) {
return;
}
if ((SNUFFLEUPAGUS_G(config).config_sloppy->enable)) {
zend_op* orig_opline = (void*)execute_data->opline;

This comment has been minimized.

@jvoisin

jvoisin Jul 5, 2018

Collaborator

Why the cast in (void*) ?

This comment has been minimized.

@xXx-caillou-xXx

xXx-caillou-xXx Jul 5, 2018

Collaborator

I could cast to (zend_op*) but i need to discard the const qualifier.

This comment has been minimized.

@jvoisin

jvoisin Jul 5, 2018

Collaborator

Cast to (const zend_op*) ?

This comment has been minimized.

@xXx-caillou-xXx

xXx-caillou-xXx Jul 5, 2018

Collaborator

I modify orig_opline during the loop.

This comment has been minimized.

@jvoisin

jvoisin Jul 5, 2018

Collaborator

mh, indeed:

struct _zend_execute_data {
	const zend_op       *opline;           /* executed opline                */
	zend_execute_data   *call;             /* current call                   */
	zval                *return_value;
	zend_function       *func;             /* executed function              */
	zval                 This;             /* this + call_info + num_args    */
	zend_execute_data   *prev_execute_data;
	zend_array          *symbol_table;
#if ZEND_EX_USE_RUN_TIME_CACHE
	void               **run_time_cache;   /* cache op_array->run_time_cache */
#endif
};

I don't think that you're supposed to modify this member then :D

@xXx-caillou-xXx xXx-caillou-xXx merged commit 5da3a92 into master Jul 9, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@jvoisin jvoisin deleted the sloppy_comparison branch Jul 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment