From fd41ca8114bca2de53cf88c96d0b09e131eebe4b Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 3 Jun 2020 10:51:08 +0200 Subject: [PATCH 1/3] Fix #79668: get_defined_functions(true) may miss functions The mere matching of a substring of disable_functions is insufficient; we also have to make sure that it is a complete function name. --- Zend/tests/bug79668.phpt | 16 ++++++++++++++++ Zend/zend_builtin_functions.c | 16 +++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 Zend/tests/bug79668.phpt diff --git a/Zend/tests/bug79668.phpt b/Zend/tests/bug79668.phpt new file mode 100644 index 0000000000000..5e73a7469b6ff --- /dev/null +++ b/Zend/tests/bug79668.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #79668 (get_defined_functions(true) may miss functions) +--INI-- +disable_functions=sha1_file,password_hash +--FILE-- + +--EXPECT-- +bool(true) +bool(false) +bool(true) +bool(false) diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 69fbeec1e1c70..62d24253068f5 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1836,6 +1836,20 @@ ZEND_FUNCTION(get_declared_interfaces) } /* }}} */ +static inline zend_bool is_name_in_list(zend_string *name, const char *list) +{ + char *p = list; + size_t len = ZSTR_LEN(name); + + while ((p = strstr(p, ZSTR_VAL(name))) != NULL + && ((p != list && *(p-1) != ' ' && *(p-1) != ',') + || (*(p+len) != '\0' && *(p+len) != ' ' && *(p+len) != ',')) + ) { + p++; + } + return p != NULL; +} + static int copy_function_name(zval *zv, int num_args, va_list args, zend_hash_key *hash_key) /* {{{ */ { zend_function *func = Z_PTR_P(zv); @@ -1851,7 +1865,7 @@ static int copy_function_name(zval *zv, int num_args, va_list args, zend_hash_ke char *disable_functions = INI_STR("disable_functions"); if ((*exclude_disabled == 1) && (disable_functions != NULL)) { - if (strstr(disable_functions, func->common.function_name->val) == NULL) { + if (!is_name_in_list(func->common.function_name, disable_functions)) { add_next_index_str(internal_ar, zend_string_copy(hash_key->key)); } } else { From 6026c2bb0aa75c4f17a9ad0ed4152ce1352407c6 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 3 Jun 2020 11:36:02 +0200 Subject: [PATCH 2/3] Just check for ZEND_FN(display_disabled_function) --- Zend/zend_builtin_functions.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 62d24253068f5..88376810b47d4 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1836,20 +1836,6 @@ ZEND_FUNCTION(get_declared_interfaces) } /* }}} */ -static inline zend_bool is_name_in_list(zend_string *name, const char *list) -{ - char *p = list; - size_t len = ZSTR_LEN(name); - - while ((p = strstr(p, ZSTR_VAL(name))) != NULL - && ((p != list && *(p-1) != ' ' && *(p-1) != ',') - || (*(p+len) != '\0' && *(p+len) != ' ' && *(p+len) != ',')) - ) { - p++; - } - return p != NULL; -} - static int copy_function_name(zval *zv, int num_args, va_list args, zend_hash_key *hash_key) /* {{{ */ { zend_function *func = Z_PTR_P(zv); @@ -1865,7 +1851,7 @@ static int copy_function_name(zval *zv, int num_args, va_list args, zend_hash_ke char *disable_functions = INI_STR("disable_functions"); if ((*exclude_disabled == 1) && (disable_functions != NULL)) { - if (!is_name_in_list(func->common.function_name, disable_functions)) { + if (func->internal_function.handler != ZEND_FN(display_disabled_function)) { add_next_index_str(internal_ar, zend_string_copy(hash_key->key)); } } else { From 34b0c908c6d96d9d2ec5bd1e550caf48b3ad8b0c Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 3 Jun 2020 12:05:00 +0200 Subject: [PATCH 3/3] Simplify further --- Zend/zend_builtin_functions.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index 88376810b47d4..bc3649a622292 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -1847,16 +1847,9 @@ static int copy_function_name(zval *zv, int num_args, va_list args, zend_hash_ke return 0; } - if (func->type == ZEND_INTERNAL_FUNCTION) { - char *disable_functions = INI_STR("disable_functions"); - - if ((*exclude_disabled == 1) && (disable_functions != NULL)) { - if (func->internal_function.handler != ZEND_FN(display_disabled_function)) { - add_next_index_str(internal_ar, zend_string_copy(hash_key->key)); - } - } else { - add_next_index_str(internal_ar, zend_string_copy(hash_key->key)); - } + if (func->type == ZEND_INTERNAL_FUNCTION + && (!*exclude_disabled || func->internal_function.handler != ZEND_FN(display_disabled_function))) { + add_next_index_str(internal_ar, zend_string_copy(hash_key->key)); } else if (func->type == ZEND_USER_FUNCTION) { add_next_index_str(user_ar, zend_string_copy(hash_key->key)); }