first commit

author: jvoisin 2018-09-11 10:30:39 +0200
committer: jvoisin 2018-09-11 10:30:39 +0200
commit: 5321e0fcf6ab6e6cc5d95b4cbd9bc0f7e44e01fe (patch)
tree: 25ce8c8ffe0880fe8c7aedde6df1c6d0a80c6d37 /hardening-patch-4.4.2-0.4.15.patch
1 files changed, 9419 insertions, 0 deletions
diff --git a/hardening-patch-4.4.2-0.4.15.patch b/hardening-patch-4.4.2-0.4.15.patch
new file mode 100644
index 0000000..206dcfa
--- /dev/null
+++ b/hardening-patch-4.4.2-0.4.15.patch
@@ -0,0 +1,9419 @@
+diff -Nura php-4.4.2/Changelog.hphp hardening-patch-4.4.2-0.4.15/Changelog.hphp
+--- php-4.4.2/Changelog.hphp    1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Changelog.hphp 2006-09-07 19:33:12.000000000 +0200
+@@ -0,0 +1,61 @@
+Changelog of the Hardening-Patch
+--------------------------------
+
+0.4.15 - 07. September 2006
+
+       PHP4:
+               [+] Fix for potential DOS in handling of include blacklists
+               
+       PHP4+5:
+               [+] Backported a fix for open_basedir problems with insanse PHP scripts
+               [+] Added a fix for ini_restore() PHP security vulnerability
+
+0.4.14 - 11. August 2006
+
+    PHP4:
+        [+] Remove unecessary call to AC_BROKEN_REALPATH
+
+    PHP5:
+        [+] Fix Remote URL Include Protection - Thanks to: Bart Vanbrabant
+       
+    PHP4+5:
+        [+] Added a few PHP security fixes / see changelog.secfix for details
+       [+] Fixed the memory_limit protection for systems with different perdir memory_limits
+       [+] Fixed a possible memory corruption when foreach() is used with wrong arguments
+
+0.4.13 - 07. August 2006
+
+    PHP4+5:
+        [+] Added a fix for a compile problem on solaris due to missing strcasestr()
+
+0.4.12 - 19. July 2006
+
+    PHP4:
+        [+] Added fixes from sf4 security patch / see changelog.secfix for details
+
+    PHP5:
+        [+] Added fixes from sf5 security patch / see changelog.secfix for details
+       
+    PHP4+5:
+       [+] Added anti mail spam feature
+       [+] Speedup of zend_hash canary (clear/destroy)
+       [+] Added a fix for a DOS in the handling of URL blacklists
+
+0.4.11 - 13. May 2006
+
+    PHP5:
+        [+] tsrm_virtual_cwd.c: close open_basedir, safe_mode hole introduced by realpath() cache
+       [+] install-pear-nozlib.phar: bundle in full package download of 5.1.4
+       
+    PHP4+5:
+       [+] tsrm_virtual_cwd.c: realpath() hotfix to solve problems with non existing directories
+
+
+0.4.10 - 11. May 2006
+       
+    PHP4:
+       [+] info.c: backport from 5.1.4 contained TSRMLS macro that had to be removed
+       
+    PHP4+5:
+       [+] fopen_wrappers.c: fix for a trailing slash problem with open_basedir
+       
+diff -Nura php-4.4.2/Changelog.secfix hardening-patch-4.4.2-0.4.15/Changelog.secfix
+--- php-4.4.2/Changelog.secfix  1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Changelog.secfix       2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,38 @@
+Changelog of PHP 4.4.2 Security Fixes
+
+Release 5 - 11. August 2006
+
+    [+] Added IMAP open_basedir/safe_mode check
+    [+] Added a upstream fix for previous ext/session fixes
+    [+] Added upstream fix to ext/socket
+    [+] Added sscanf() security fix
+    [+] Added fixes for handling of corrupt .gif files to gdlib
+
+Release 4 - 13. July 2006
+
+    [+] Added recursive array printing fix to phpinfo() XSS fix
+
+Release 3 - 08. July 2006
+
+    [+] Added a fix for an overflow in the bundled libmysql on win32 systems    
+    [+] Added a fix for overlong tempfilename
+    [+] Added multiple fixes for new safe_mode/open_basedir problems in ext/curl
+    [+] Added a fix for an integer overflow in str_repeat()
+    [+] Added a variable initialisation in stream factory code
+    [+] Added a fix for crashbugs in http_fopen_wrapper
+    [+] Added a fix for the error_log() safe_mode/open_basedir vulnerability
+    [+] Added a *working* wordwrap() fix
+    [+] Added code to make memory_limit work on 64bit systems
+    [+] Added bufferoverflow and high character fix to ext/wddx
+    
+Release 2 - 10. May 2006
+
+    [+] Added a fix for the serious zend_hash_del() vulnerability
+    [+] Added a fix for another ext/curl open_basedir/safe_mode bypass vulnerability
+    [+] Added a wordwrap() bufferoverflow fix
+    [+] Added a phpinfo() XSS fix
+    [+] Added html_entity_decode() binary safety fix
+    [+] Added safe_mode/open_basedir fixes to tempnam() and copy()
+    [+] Added check for invalid characters in session identifiers to ext/session
+    [+] Added a fix for a double file unlink in ext/session
+
+diff -Nura php-4.4.2/configure hardening-patch-4.4.2-0.4.15/configure
+--- php-4.4.2/configure 2006-01-12 19:24:23.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/configure      2006-09-05 20:30:33.000000000 +0200
+@@ -402,6 +402,16 @@
+ ac_default_prefix=/usr/local
+ # Any additions from configure.in:
+ ac_help="$ac_help
+  --disable-hardening-patch-mm-protect    Disable the Memory Manager protection."
+ac_help="$ac_help
+  --disable-hardening-patch-ll-protect    Disable the Linked List protection."
+ac_help="$ac_help
+  --disable-hardening-patch-inc-protect   Disable include/require protection."
+ac_help="$ac_help
+  --disable-hardening-patch-fmt-protect   Disable format string protection."
+ac_help="$ac_help
+  --disable-hardening-patch-hash-protect  Disable Zend HashTable DTOR protection."
+ac_help="$ac_help
+ 
+ SAPI modules:
+ "
+@@ -854,6 +864,8 @@
+ ac_help="$ac_help
+   --disable-tokenizer     Disable tokenizer support"
+ ac_help="$ac_help
+  --disable-varfilter     Disable Hardening-Patch's variable filter"
+ac_help="$ac_help
+   --enable-wddx           Enable WDDX support."
+ ac_help="$ac_help
+   --disable-xml           Disable XML support using bundled expat lib"
+@@ -2942,6 +2954,157 @@
+ 
+ 
+ 
+# Check whether --enable-hardening-patch-mm-protect or --disable-hardening-patch-mm-protect was given.
+if test "${enable_hardening_patch_mm_protect+set}" = set; then
+  enableval="$enable_hardening_patch_mm_protect"
+  
+  DO_HARDENING_PATCH_MM_PROTECT=$enableval
+
+else
+  
+  DO_HARDENING_PATCH_MM_PROTECT=yes
+
+fi
+
+
+# Check whether --enable-hardening-patch-ll-protect or --disable-hardening-patch-ll-protect was given.
+if test "${enable_hardening_patch_ll_protect+set}" = set; then
+  enableval="$enable_hardening_patch_ll_protect"
+  
+  DO_HARDENING_PATCH_LL_PROTECT=$enableval
+
+else
+  
+  DO_HARDENING_PATCH_LL_PROTECT=yes
+
+fi
+
+
+# Check whether --enable-hardening-patch-inc-protect or --disable-hardening-patch-inc-protect was given.
+if test "${enable_hardening_patch_inc_protect+set}" = set; then
+  enableval="$enable_hardening_patch_inc_protect"
+  
+  DO_HARDENING_PATCH_INC_PROTECT=$enableval
+
+else
+  
+  DO_HARDENING_PATCH_INC_PROTECT=yes
+
+fi
+
+
+# Check whether --enable-hardening-patch-fmt-protect or --disable-hardening-patch-fmt-protect was given.
+if test "${enable_hardening_patch_fmt_protect+set}" = set; then
+  enableval="$enable_hardening_patch_fmt_protect"
+  
+  DO_HARDENING_PATCH_FMT_PROTECT=$enableval
+
+else
+  
+  DO_HARDENING_PATCH_FMT_PROTECT=yes
+
+fi
+
+
+# Check whether --enable-hardening-patch-hash-protect or --disable-hardening-patch-hash-protect was given.
+if test "${enable_hardening_patch_hash_protect+set}" = set; then
+  enableval="$enable_hardening_patch_hash_protect"
+  
+  DO_HARDENING_PATCH_HASH_PROTECT=$enableval
+
+else
+  
+  DO_HARDENING_PATCH_HASH_PROTECT=yes
+
+fi
+
+
+echo $ac_n "checking whether to protect the Zend Memory Manager""... $ac_c" 1>&6
+echo "configure:2725: checking whether to protect the Zend Memory Manager" >&5
+echo "$ac_t""$DO_HARDENING_PATCH_MM_PROTECT" 1>&6
+
+echo $ac_n "checking whether to protect the Zend Linked Lists""... $ac_c" 1>&6
+echo "configure:2729: checking whether to protect the Zend Linked Lists" >&5
+echo "$ac_t""$DO_HARDENING_PATCH_LL_PROTECT" 1>&6
+
+echo $ac_n "checking whether to protect include/require statements""... $ac_c" 1>&6
+echo "configure:2733: checking whether to protect include/require statements" >&5
+echo "$ac_t""$DO_HARDENING_PATCH_INC_PROTECT" 1>&6
+
+echo $ac_n "checking whether to protect PHP Format String functions""... $ac_c" 1>&6
+echo "configure:2737: checking whether to protect PHP Format String functions" >&5
+echo "$ac_t""$DO_HARDENING_PATCH_FMT_PROTECT" 1>&6
+
+echo $ac_n "checking whether to protect the Zend HashTable Destructors""... $ac_c" 1>&6
+echo "configure:2737: checking whether to protect the Zend HashTable Destructors" >&5
+echo "$ac_t""$DO_HARDENING_PATCH_HASH_PROTECT" 1>&6
+
+
+cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH 1
+EOF
+
+
+
+if test "$DO_HARDENING_PATCH_MM_PROTECT" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_MM_PROTECT 1
+EOF
+
+else
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_MM_PROTECT 0
+EOF
+
+fi
+
+if test "$DO_HARDENING_PATCH_LL_PROTECT" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_LL_PROTECT 1
+EOF
+
+else
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_LL_PROTECT 0
+EOF
+
+fi
+
+if test "$DO_HARDENING_PATCH_INC_PROTECT" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_INC_PROTECT 1
+EOF
+
+else
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_INC_PROTECT 0
+EOF
+
+fi
+
+if test "$DO_HARDENING_PATCH_FMT_PROTECT" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_FMT_PROTECT 1
+EOF
+
+else
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_FMT_PROTECT 0
+EOF
+
+fi
+
+if test "$DO_HARDENING_PATCH_HASH_PROTECT" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_HASH_PROTECT 1
+EOF
+
+else
+  cat >> confdefs.h <<\EOF
+#define HARDENING_PATCH_HASH_PROTECT 0
+EOF
+
+fi
+ 
+ 
+ 
+@@ -16017,6 +16180,62 @@
+ fi
+ 
+ 
+  echo $ac_n "checking whether realpath is broken""... $ac_c" 1>&6
+echo "configure:14928: checking whether realpath is broken" >&5
+if eval "test \"`echo '$''{'ac_cv_broken_realpath'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    if test "$cross_compiling" = yes; then
+  
+      ac_cv_broken_realpath=no
+    
+else
+  cat > conftest.$ac_ext <<EOF
+#line 14939 "configure"
+#include "confdefs.h"
+
+main() {
+       char buf[4096+1];
+       buf[0] = 0;
+       realpath("/etc/hosts/../passwd", buf);
+       exit(strcmp(buf, "/etc/passwd")==0); 
+}
+    
+EOF
+if { (eval echo configure:14958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  
+      ac_cv_broken_realpath=no
+    
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  
+      ac_cv_broken_realpath=yes
+    
+fi
+rm -fr conftest*
+fi
+
+  
+fi
+
+echo "$ac_t""$ac_cv_broken_realpath" 1>&6
+  if test "$ac_cv_broken_realpath" = "yes"; then
+    cat >> confdefs.h <<\EOF
+#define PHP_BROKEN_REALPATH 1
+EOF
+
+  else
+    cat >> confdefs.h <<\EOF
+#define PHP_BROKEN_REALPATH 0
+EOF
+
+  fi
+
+
+   echo $ac_n "checking for declared timezone""... $ac_c" 1>&6
+ echo "configure:16022: checking for declared timezone" >&5
+ if eval "test \"`echo '$''{'ac_cv_declared_timezone'+set}'`\" = set"; then
+@@ -86718,7 +86937,7 @@
+   if test "$ac_cv_crypt_blowfish" = "yes"; then
+     ac_result=1
+   else
+-    ac_result=0
+    ac_result=1
+   fi
+   cat >> confdefs.h <<EOF
+ #define PHP_BLOWFISH_CRYPT $ac_result
+@@ -87420,7 +87639,7 @@
+                             url_scanner.c var.c versioning.c assert.c strnatcmp.c levenshtein.c \
+                             incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
+                             http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
+-                            var_unserializer.c ftok.c aggregation.c sha1.c ; do
+                            var_unserializer.c ftok.c aggregation.c sha1.c sha256.c crypt_blowfish.c ; do
+   
+       IFS=.
+       set $ac_src
+@@ -87475,7 +87694,7 @@
+                             url_scanner.c var.c versioning.c assert.c strnatcmp.c levenshtein.c \
+                             incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
+                             http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
+-                            var_unserializer.c ftok.c aggregation.c sha1.c ; do
+                            var_unserializer.c ftok.c aggregation.c sha1.c sha256.c crypt_blowfish.c ; do
+   
+       IFS=.
+       set $ac_src
+@@ -87601,7 +87820,7 @@
+                             url_scanner.c var.c versioning.c assert.c strnatcmp.c levenshtein.c \
+                             incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
+                             http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
+-                            var_unserializer.c ftok.c aggregation.c sha1.c ; do
+                            var_unserializer.c ftok.c aggregation.c sha1.c sha256.c crypt_blowfish.c ; do
+   
+       IFS=.
+       set $ac_src
+@@ -87653,7 +87872,7 @@
+                             url_scanner.c var.c versioning.c assert.c strnatcmp.c levenshtein.c \
+                             incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
+                             http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
+-                            var_unserializer.c ftok.c aggregation.c sha1.c ; do
+                            var_unserializer.c ftok.c aggregation.c sha1.c sha256.c crypt_blowfish.c ; do
+   
+       IFS=.
+       set $ac_src
+@@ -91124,6 +91343,265 @@
+ fi
+ 
+ 
+echo $ac_n "checking whether to enable Hardening-Patch's variable filter""... $ac_c" 1>&6
+echo "configure:82041: checking whether to enable Hardening-Patch's variable filter" >&5
+# Check whether --enable-varfilter or --disable-varfilter was given.
+if test "${enable_varfilter+set}" = set; then
+  enableval="$enable_varfilter"
+  PHP_VARFILTER=$enableval
+else
+  
+  PHP_VARFILTER=yes
+
+  if test "$PHP_ENABLE_ALL" && test "yes" = "yes"; then
+    PHP_VARFILTER=$PHP_ENABLE_ALL
+  fi
+
+fi
+
+
+
+ext_output="yes, shared"
+ext_shared=yes
+case $PHP_VARFILTER in
+shared,*)
+  PHP_VARFILTER=`echo "$PHP_VARFILTER"|sed 's/^shared,//'`
+  ;;
+shared)
+  PHP_VARFILTER=yes
+  ;;
+no)
+  ext_output=no
+  ext_shared=no
+  ;;
+*)
+  ext_output=yes
+  ext_shared=no
+  ;;
+esac
+
+
+
+echo "$ac_t""$ext_output" 1>&6
+
+
+
+
+if test "$PHP_VARFILTER" != "no"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_VARFILTER 1
+EOF
+
+  
+  ext_builddir=ext/varfilter
+  ext_srcdir=$abs_srcdir/ext/varfilter
+
+  ac_extra=
+
+  if test "$ext_shared" != "shared" && test "$ext_shared" != "yes" && test "" != "cli"; then
+
+    
+  
+  case ext/varfilter in
+  "") ac_srcdir="$abs_srcdir/"; unset ac_bdir; ac_inc="-I. -I$abs_srcdir" ;;
+  /*) ac_srcdir=`echo "ext/varfilter"|cut -c 2-`"/"; ac_bdir=$ac_srcdir; ac_inc="-I$ac_bdir -I$abs_srcdir/$ac_bdir" ;;
+  *) ac_srcdir="$abs_srcdir/ext/varfilter/"; ac_bdir="ext/varfilter/"; ac_inc="-I$ac_bdir -I$ac_srcdir" ;;
+  esac
+  
+  
+
+  b_c_pre=$php_c_pre
+  b_cxx_pre=$php_cxx_pre
+  b_c_meta=$php_c_meta
+  b_cxx_meta=$php_cxx_meta
+  b_c_post=$php_c_post
+  b_cxx_post=$php_cxx_post
+  b_lo=$php_lo
+
+
+  old_IFS=$IFS
+  for ac_src in varfilter.c; do
+  
+      IFS=.
+      set $ac_src
+      ac_obj=$1
+      IFS=$old_IFS
+      
+      PHP_GLOBAL_OBJS="$PHP_GLOBAL_OBJS $ac_bdir$ac_obj.lo"
+
+      case $ac_src in
+         *.c) ac_comp="$b_c_pre $ac_extra $ac_inc $b_c_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_c_post" ;;
+         *.cpp) ac_comp="$b_cxx_pre $ac_extra $ac_inc $b_cxx_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_cxx_post" ;;
+      esac
+
+         cat >>Makefile.objects<<EOF
+$ac_bdir$ac_obj.lo: $ac_srcdir$ac_src
+       $ac_comp
+EOF
+  done
+
+
+    EXT_STATIC="$EXT_STATIC varfilter"
+    if test "$ext_shared" != "nocli"; then
+      EXT_CLI_STATIC="$EXT_CLI_STATIC varfilter"
+    fi
+  else
+    if test "$ext_shared" = "shared" || test "$ext_shared" = "yes"; then
+      
+  case ext/varfilter in
+  "") ac_srcdir="$abs_srcdir/"; unset ac_bdir; ac_inc="-I. -I$abs_srcdir" ;;
+  /*) ac_srcdir=`echo "ext/varfilter"|cut -c 2-`"/"; ac_bdir=$ac_srcdir; ac_inc="-I$ac_bdir -I$abs_srcdir/$ac_bdir" ;;
+  *) ac_srcdir="$abs_srcdir/ext/varfilter/"; ac_bdir="ext/varfilter/"; ac_inc="-I$ac_bdir -I$ac_srcdir" ;;
+  esac
+  
+  
+
+  b_c_pre=$shared_c_pre
+  b_cxx_pre=$shared_cxx_pre
+  b_c_meta=$shared_c_meta
+  b_cxx_meta=$shared_cxx_meta
+  b_c_post=$shared_c_post
+  b_cxx_post=$shared_cxx_post
+  b_lo=$shared_lo
+
+
+  old_IFS=$IFS
+  for ac_src in varfilter.c; do
+  
+      IFS=.
+      set $ac_src
+      ac_obj=$1
+      IFS=$old_IFS
+      
+      shared_objects_varfilter="$shared_objects_varfilter $ac_bdir$ac_obj.lo"
+
+      case $ac_src in
+         *.c) ac_comp="$b_c_pre $ac_extra $ac_inc $b_c_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_c_post" ;;
+         *.cpp) ac_comp="$b_cxx_pre $ac_extra $ac_inc $b_cxx_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_cxx_post" ;;
+      esac
+
+         cat >>Makefile.objects<<EOF
+$ac_bdir$ac_obj.lo: $ac_srcdir$ac_src
+       $ac_comp
+EOF
+  done
+
+      
+  install_modules="install-modules"
+  PHP_MODULES="$PHP_MODULES \$(phplibdir)/varfilter.la"
+  
+  PHP_VAR_SUBST="$PHP_VAR_SUBST shared_objects_varfilter"
+
+  cat >>Makefile.objects<<EOF
+\$(phplibdir)/varfilter.la: $ext_builddir/varfilter.la
+       \$(LIBTOOL) --mode=install cp $ext_builddir/varfilter.la \$(phplibdir)
+
+$ext_builddir/varfilter.la: \$(shared_objects_varfilter) \$(VARFILTER_SHARED_DEPENDENCIES)
+       \$(LIBTOOL) --mode=link \$(CC) \$(COMMON_FLAGS) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(LDFLAGS) -o \$@ -export-dynamic -avoid-version -prefer-pic -module -rpath \$(phplibdir) \$(EXTRA_LDFLAGS) \$(shared_objects_varfilter) \$(VARFILTER_SHARED_LIBADD)
+
+EOF
+
+      cat >> confdefs.h <<EOF
+#define COMPILE_DL_VARFILTER 1
+EOF
+
+    fi
+  fi
+
+  if test "$ext_shared" != "shared" && test "$ext_shared" != "yes" && test "" = "cli"; then
+    if test "$PHP_SAPI" = "cgi"; then
+      
+  
+  case ext/varfilter in
+  "") ac_srcdir="$abs_srcdir/"; unset ac_bdir; ac_inc="-I. -I$abs_srcdir" ;;
+  /*) ac_srcdir=`echo "ext/varfilter"|cut -c 2-`"/"; ac_bdir=$ac_srcdir; ac_inc="-I$ac_bdir -I$abs_srcdir/$ac_bdir" ;;
+  *) ac_srcdir="$abs_srcdir/ext/varfilter/"; ac_bdir="ext/varfilter/"; ac_inc="-I$ac_bdir -I$ac_srcdir" ;;
+  esac
+  
+  
+
+  b_c_pre=$php_c_pre
+  b_cxx_pre=$php_cxx_pre
+  b_c_meta=$php_c_meta
+  b_cxx_meta=$php_cxx_meta
+  b_c_post=$php_c_post
+  b_cxx_post=$php_cxx_post
+  b_lo=$php_lo
+
+
+  old_IFS=$IFS
+  for ac_src in varfilter.c; do
+  
+      IFS=.
+      set $ac_src
+      ac_obj=$1
+      IFS=$old_IFS
+      
+      PHP_GLOBAL_OBJS="$PHP_GLOBAL_OBJS $ac_bdir$ac_obj.lo"
+
+      case $ac_src in
+         *.c) ac_comp="$b_c_pre $ac_extra $ac_inc $b_c_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_c_post" ;;
+         *.cpp) ac_comp="$b_cxx_pre $ac_extra $ac_inc $b_cxx_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_cxx_post" ;;
+      esac
+
+         cat >>Makefile.objects<<EOF
+$ac_bdir$ac_obj.lo: $ac_srcdir$ac_src
+       $ac_comp
+EOF
+  done
+
+
+      EXT_STATIC="$EXT_STATIC varfilter"
+    else
+      
+  
+  case ext/varfilter in
+  "") ac_srcdir="$abs_srcdir/"; unset ac_bdir; ac_inc="-I. -I$abs_srcdir" ;;
+  /*) ac_srcdir=`echo "ext/varfilter"|cut -c 2-`"/"; ac_bdir=$ac_srcdir; ac_inc="-I$ac_bdir -I$abs_srcdir/$ac_bdir" ;;
+  *) ac_srcdir="$abs_srcdir/ext/varfilter/"; ac_bdir="ext/varfilter/"; ac_inc="-I$ac_bdir -I$ac_srcdir" ;;
+  esac
+  
+  
+
+  b_c_pre=$php_c_pre
+  b_cxx_pre=$php_cxx_pre
+  b_c_meta=$php_c_meta
+  b_cxx_meta=$php_cxx_meta
+  b_c_post=$php_c_post
+  b_cxx_post=$php_cxx_post
+  b_lo=$php_lo
+
+
+  old_IFS=$IFS
+  for ac_src in varfilter.c; do
+  
+      IFS=.
+      set $ac_src
+      ac_obj=$1
+      IFS=$old_IFS
+      
+      PHP_CLI_OBJS="$PHP_CLI_OBJS $ac_bdir$ac_obj.lo"
+
+      case $ac_src in
+         *.c) ac_comp="$b_c_pre $ac_extra $ac_inc $b_c_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_c_post" ;;
+         *.cpp) ac_comp="$b_cxx_pre $ac_extra $ac_inc $b_cxx_meta -c $ac_srcdir$ac_src -o $ac_bdir$ac_obj.$b_lo $b_cxx_post" ;;
+      esac
+
+         cat >>Makefile.objects<<EOF
+$ac_bdir$ac_obj.lo: $ac_srcdir$ac_src
+       $ac_comp
+EOF
+  done
+
+
+    fi
+    EXT_CLI_STATIC="$EXT_CLI_STATIC varfilter"
+  fi
+  
+  BUILD_DIR="$BUILD_DIR $ext_builddir"
+
+
+fi
+ 
+ 
+ echo $ac_n "checking whether to enable WDDX support""... $ac_c" 1>&6
+@@ -104088,7 +104566,7 @@
+        php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+        strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
+        streams.c network.c php_open_temporary_file.c php_logos.c \
+-       output.c memory_streams.c user_streams.c; do
+       output.c memory_streams.c user_streams.c hardening_patch.c; do
+   
+       IFS=.
+       set $ac_src
+@@ -104273,7 +104751,7 @@
+     zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \
+     zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
+     zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
+-    zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c; do
+    zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c zend_canary.c; do
+   
+       IFS=.
+       set $ac_src
+diff -Nura php-4.4.2/configure.in hardening-patch-4.4.2-0.4.15/configure.in
+--- php-4.4.2/configure.in      2006-01-12 18:52:29.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/configure.in   2006-09-05 20:30:33.000000000 +0200
+@@ -247,7 +247,7 @@
+ sinclude(Zend/acinclude.m4)
+ sinclude(Zend/Zend.m4)
+ sinclude(TSRM/tsrm.m4)
+-
+sinclude(main/hardening_patch.m4)
+ 
+ 
+ divert(2)
+@@ -621,6 +621,7 @@
+ AC_FUNC_ALLOCA
+ dnl PHP_AC_BROKEN_SPRINTF
+ dnl PHP_AC_BROKEN_SNPRINTF
+dnl PHP_AC_BROKEN_REALPATH
+ PHP_DECLARED_TIMEZONE
+ PHP_TIME_R_TYPE
+ PHP_READDIR_R_TYPE
+@@ -1260,7 +1261,7 @@
+        php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+        strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
+        streams.c network.c php_open_temporary_file.c php_logos.c \
+-       output.c memory_streams.c user_streams.c)
+       output.c memory_streams.c user_streams.c hardening_patch.c)
+ PHP_ADD_SOURCES(/main, internal_functions.c,, sapi)
+ case $host_alias in
+ *netware*)
+@@ -1281,7 +1282,7 @@
+     zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \
+     zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
+     zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
+-    zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c)
+    zend_ini.c zend_qsort.c zend_multibyte.c zend_strtod.c zend_canary.c )
+ 
+ if test -r "$abs_srcdir/Zend/zend_objects.c"; then
+   PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_mm.c)
+diff -Nura php-4.4.2/ext/curl/curl.c hardening-patch-4.4.2-0.4.15/ext/curl/curl.c
+--- php-4.4.2/ext/curl/curl.c   2006-01-05 19:03:18.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/curl/curl.c        2006-09-05 20:30:33.000000000 +0200
+@@ -87,6 +87,7 @@
+ #define SMART_STR_PREALLOC 4096
+ 
+ #include "ext/standard/php_smart_str.h"
+#include "ext/standard/php_string.h"
+ #include "ext/standard/info.h"
+ #include "ext/standard/file.h"
+ #include "ext/standard/url.h"
+@@ -111,7 +112,7 @@
+ 
+ #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)                                                                                                  \
+        if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&                                                \
+-           strncasecmp(str, "file://", sizeof("file://") - 1) == 0)                                                            \
+           strncasecmp(str, "file:", sizeof("file:") - 1) == 0)                                                                \
+        {                                                                                                                                                                                       \
+                php_url *tmp_url;                                                                                                                                               \
+                                                                                                                                                                                                \
+@@ -119,6 +120,11 @@
+                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid url '%s'", str);                           \
+                        RETURN_FALSE;                                                                                                                                           \
+                }                                                                                                                                                                               \
+                                                                                                                       \
+               if (php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {                                \
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Url '%s' contains unencoded control characters.", str);    \
+                       RETURN_FALSE;                                                                                   \
+               }                                                                                                       \
+                                                                                                                                                                                                \
+                if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) ||                                                                   \
+                        (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM))       \
+@@ -839,7 +845,6 @@
+                case CURLOPT_FTPLISTONLY:
+                case CURLOPT_FTPAPPEND:
+                case CURLOPT_NETRC:
+-               case CURLOPT_FOLLOWLOCATION:
+                case CURLOPT_PUT:
+ #if CURLOPT_MUTE != 0
+                 case CURLOPT_MUTE:
+@@ -876,6 +881,16 @@
+                        convert_to_long_ex(zvalue);
+                        error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue));
+                        break;
+               case CURLOPT_FOLLOWLOCATION:
+                       convert_to_long_ex(zvalue);
+                       if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+                               if (Z_LVAL_PP(zvalue) != 0) {
+                                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set");
+                                       RETURN_FALSE;
+                               }
+                       }
+                       error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue));
+                       break;
+                case CURLOPT_URL:
+                case CURLOPT_PROXY:
+                case CURLOPT_USERPWD:
+diff -Nura php-4.4.2/ext/curl/curlstreams.c hardening-patch-4.4.2-0.4.15/ext/curl/curlstreams.c
+--- php-4.4.2/ext/curl/curlstreams.c    2006-01-01 14:46:50.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/curl/curlstreams.c 2006-09-05 20:30:33.000000000 +0200
+@@ -297,7 +297,11 @@
+        curl_easy_setopt(curlstream->curl, CURLOPT_WRITEHEADER, stream);
+ 
+        /* currently buggy (bug is in curl) */
+-       curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
+       if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) {
+               curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 0);
+       } else {
+               curl_easy_setopt(curlstream->curl, CURLOPT_FOLLOWLOCATION, 1);
+       }
+        
+        curl_easy_setopt(curlstream->curl, CURLOPT_ERRORBUFFER, curlstream->errstr);
+        curl_easy_setopt(curlstream->curl, CURLOPT_VERBOSE, 0);
+diff -Nura php-4.4.2/ext/fbsql/php_fbsql.c hardening-patch-4.4.2-0.4.15/ext/fbsql/php_fbsql.c
+--- php-4.4.2/ext/fbsql/php_fbsql.c     2006-01-01 14:46:52.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/fbsql/php_fbsql.c  2006-09-05 20:30:33.000000000 +0200
+@@ -1797,8 +1797,24 @@
+        }
+        else if (fbcmdErrorsFound(md))
+        {
+#if HARDENING_PATCH
+               char*   query_copy;
+               int i;
+#endif
+                FBCErrorMetaData* emd = fbcdcErrorMetaData(c, md);
+                char*             emg = fbcemdAllErrorMessages(emd);
+#if HARDENING_PATCH
+               query_copy=estrdup(query_copy);
+               for (i=0; query_copy[i]; i++) if (query_copy[i]<32) query_copy[i]='.';
+               php_security_log(S_SQL, "fbsql error: %s - query: %s", emg, query_copy);
+               efree(query_copy);
+               if (HG(hphp_sql_bailout_on_error)) {
+                       free(emg);
+                       fbcemdRelease(emd);
+                       result = 0;
+                       zend_bailout();
+               }
+#endif
+                if (FB_SQL_G(generateWarnings))
+                {
+                        if (emg)
+diff -Nura php-4.4.2/ext/gd/libgd/gd_gif_in.c hardening-patch-4.4.2-0.4.15/ext/gd/libgd/gd_gif_in.c
+--- php-4.4.2/ext/gd/libgd/gd_gif_in.c  2005-09-25 14:13:49.000000000 +0200
+++ hardening-patch-4.4.2-0.4.15/ext/gd/libgd/gd_gif_in.c       2006-09-05 20:30:33.000000000 +0200
+@@ -212,6 +212,12 @@
+        if (!im) {
+                return 0;
+        }
+
+               if (!im->colorsTotal) {
+                       gdImageDestroy(im);
+                       return 0;
+               }
+
+        /* Check for open colors at the end, so
+           we can reduce colorsTotal and ultimately
+           BitsPerPixel */
+@@ -502,6 +508,19 @@
+        int             v;
+        int             xpos = 0, ypos = 0, pass = 0;
+        int i;
+
+          /*
+               **  Initialize the Compression routines
+               */
+          if (! ReadOK(fd,&c,1)) {
+                  return;
+          }
+
+          if (c > MAX_LWZ_BITS) {
+                  return;      
+          }
+
+
+        /* Stash the color map into the image */
+        for (i=0; (i<gdMaxColors); i++) {
+                im->red[i] = cmap[CM_RED][i];   
+@@ -511,12 +530,7 @@
+        }
+        /* Many (perhaps most) of these colors will remain marked open. */
+        im->colorsTotal = gdMaxColors;
+-       /*
+-       **  Initialize the Compression routines
+-       */
+-       if (! ReadOK(fd,&c,1)) {
+-               return; 
+-       }
+
+        if (LWZReadByte(fd, TRUE, c) < 0) {
+                return;
+        }
+diff -Nura php-4.4.2/ext/gd/tests/bug38112.gif hardening-patch-4.4.2-0.4.15/ext/gd/tests/bug38112.gif
+--- php-4.4.2/ext/gd/tests/bug38112.gif 1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/gd/tests/bug38112.gif      2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,140 @@
+GIF89a�
+CEcKMk���SUm������hiu���"A3}�����;<E���  &RF!(Z17bCF[JMc���KM]4!&F����xz����]i����_f�BEU���RUeVW\���$,L;Ce6=\17R=C[8=S{~�FGK���69Fs '@$+EMUtW`FLc���ov�)MTkEK^.r=,4K=CTU]sw��]am139�����踻����4'5Y,3ELSdEKZ'K $86B^3;M&*3U\l?Mh\dt���]_c:X�)ESl��߷�����
+%3KEKU<CMLS]hp|=K^%3E-;L7GZ3ARpx�ESbN[jT\e���������fhj������MZf>KV6=C%=O*>N.BR,:EKbp6JVq��~��������(�����#%%@CC������������������vzv���������XVHtsm���nmi���bR.��ڕ�f����yd<4,��y������{zy2'sfZ�����ʮ��XTQc]Z}mg&{vu���������utt���������������!�NETSCAPE2.0
+CEcKMk���SUm������hiu���"A3}�����;<E���  &RF!(Z17bCF[JMc���KM]4!&F����xz����]i����_f�BEU���RUeVW\���$,L;Ce6=\17R=C[8=S{~�FGK���69Fs '@$+EMUtW`FLc���ov�)MTkEK^.r=,4K=CTU]sw��]am139�����踻����4'5Y,3ELSdEKZ'K $86B^3;M&*3U\l?Mh\dt���]_c:X�)ESl��߷�����
+%3KEKU<CMLS]hp|=K^%3E-;L7GZ3ARpx�ESbN[jT\e���������fhj������MZf>KV6=C%=O*>N.BR,:EKbp6JVq��~��������(�����#%%@CC������������������vzv���������XVHtsm���nmi���bR.��ڕ�f����yd<4,��y������{zy2'sfZ�����ʮ��XTQc]Z}mg&{vu���������utt������������������������q�]��s���H6U��~�������F7����J����ػ�|�[��r������E�wЫ�*4;���W(�ƺj�
+����Ȗ֨�_���x�֚hyvVy�xc-%Ba���k�(�X����F�(������y�v������� a��ϑ@��H����Zk��hڊ'�M���        ��)Z�k[����0�K��������\�G�%��y,l
+[6%F���2�>Ǿ��UI�?6N�����>M�h�غ�C��J��
+�J�mڶiI�eʑ%~�!T�"2�ZU
+禅^�@��-�BAY�V�Y��0��KT�F�X�Ls���)r�R+0l-�B�V%��Ur�Ü
+Jmy@���-QY��Ŧ�m����1%ΤO�jvr3hm!1`0W�D���J�j�%��T��o4��Q�ə%)0
+*�Ƌ%L��Tt9s�WK�ș#���D�(Q�ѧ��_�NG����PHx#{
+1�He{���"˥Z\�U��+M�f���#HP�B�
+��B�}�1wV�$��.�[zs��J'��
+@p�&�$� ��x�  ����d��\ݵ@H�y��D5���C���*sY�����:���
+� a�u�c%l�!F!�Z������r�9B����<L0
+$od��X��F!|A%tt��<�H���
+!���E����G}A��pk�)�l���ĞzZ�Y�n,A~��*��nY��(   ׌�ƨ�*��1�&r���\g����b�*�T�S%�~Z�P���}�D�Ðh��k�;`����B���A�kF.g-��G!�X�����`�
+D���D+��8P�A\���0
+";_���B��eI�-�ൂ��Z8A6 ��Mgv
+e��!�0/J���l�!@��t�u�A���Cj<
+��
+�`G�*
+�p"T�Uf�
+�%���o,�
+�:>=#^db����"V��xq?e�+ﶓNC�H�K؁
+��l"��?�a
+�@A���OK*�G:���K!�Ǝ�Ɗ'�8H�B�]���)�ƞD�?
+.h�$"y>�9E����.cM���[F/�W�b׮WƤm�3�3�5 �P�s�sP�(�� TH�;��c����yQr�
+Đ'`1dS(m({f���r�KMe���� �D���
+<�b�|l�]�
+xOz�s���UHm�������~��0K�t�
+-pwn��I4�U�u##f�l@���
+K�oa�oͲ�����G��W��0�qHG�H`w�^����Dc�5�
+hF_Ec2w�K"R�����g��\o�� y��}MV��
+t@� D���2�h`H��o�l_b܀��
+�}@�b10��0�`��H
+|^]�CZ�`�S���
+��     �%      �P,��l�
+� 8 
+����
+�@
+qG
+�@|0#]}P������|s[\��f�a�!p���TA���T@�PZ��W���f{�G�`��
+��
+�
+���>�:� ��� s�%��x   ��0���'        �3�cSy�p�'��
+�vY��a�o�78���y�d��0�L��z���B-I q�z=C�
+)0��3��f\����@���@�阽�    ���"o9з      l臙
+)
+�'��:�I�
+�`TNyS�x��
+W)<b����<�ET�0P��X$_|������1⩑��I2g> e
+�=ß5
+��"�8kC����fʨ1�f9,�z�NZ!�jB�XD��UQZ&��ڤnx1o0^j'�jp��
+�@��P�.`�jF`�+`���z=s��Z�J�|��|�v�
+��*p��z�к;�;0
+�����=��
+��!ǐ !�9�7�0E@,P[+��J40�&0�&��+
+�_���& �I��p��r�x 
+�3��zP @�0o�о�;���w�d� � !`�*0���:�{��Z���F���Q�z��L��
+.� 4`���E
+8\��E�� �o�?��B��������S
+ �E��
+w��x�  �p�
+��
+�@���8<9��zp�<�
+��@�n<
+�
+3� �&�cP�
+�Pȴ���Ȍ ˝ 
+���
+Q�     ~�      ���
+32#��%��
+cࡤ
+���\0�-
+½�� ߡ]�=���P��
+�)��^������ƶ=�-.���.���  ]x�
+�P�p�������(�@�Pu
+����0��l� �x�@��@
+X
+�m�
+^���qP鸪Ep�k
+�Ќ���g�)�
+:
+Mc��5�a�΀ l0x�
+�>�
+?�� �OVG��       c<^�>�N`��-@�`_�R
+U�i�D�b��b�
+���Њ�������/�\m�b����T��]0#U�(a�0
+��
+��$RD �"��H�;���l�骳���8×
+<���-dC!���s������Q3.�?Ȝ!��Zq.3�0�F�r��H��A�f���   ��"�5�j���@�>>Ȩ��N�B�!s�7��Q@��,~�G o�c�C\p�C����'�   �/��%_"��RLD�vDB�K7
+7ފ��S�m#�H����OI��C�]y���3���Rcor�KXO�$՚kD��        +zk#��ˀ�.�ɂ�"� 7�]�{tL)�[�G-��w-8E�^�ۂ�t@!�0�#ő�d�ȉ#a"!"�$��C7�������5�Bf����N�u�&P~�4      ex|�%���+փNE�[�"W�[(����hAL�v��9T0���������Pa�G#,�?��~�
+r&�,Ra$\2љ�
+�zs-S�q��b!�Ѕ��I��,?��[:�C��.�`�n���`��@b@Ϙ���6JiJy�38�����7X�͐�t� \�K��S ⴆ+�ЇK�A�PE�p�P,s{��
+=�eO|^�����"�i�;�B�J#A9��}TchX�1�q�x��D$��J�no{��D��K\�I2BQ��
+?�Bf�-,6?�VS��@/B�5�=V@�or
+���u�m�D��0    %^�vs���;D�R�j�a
+k����F/v��S�>ܓ/�X��5?M+
+�H#l�pH�
+Hh�wu3;X+
+,%+
+�R���#�� |Ļ�RRK-,��.@8�Ks7HPp h��L�/C
+;�|S�,�� �\�J��@��^�0� =QC�&�5/1V�vD@
+���=�0�=���G���~�����"J�d�[
+ĥ'L�O~:唑e�Bi�A,Ε�?�aK��a
+�=4�XY6�1�������y�&,�
+oHT�
+��ծ.p��?�y�g��c�,n
+@Lb�P�+�����2a�U<�@Λ�l���x�:�A
+@
+Y�L-�0m��sr�&�
+b���g?�(��;���0�     ��n$�R�z6�rz�"1\�A&ЃL׼    |
+����Gd���P8Ý�
+�v��2�e�Ɛ%� ~�u��+se����|Xa�
+W
+0ΧA��we|w�<D��\��
+���r���?���+pW�dN?V��8yX|�Sp�TI�*P��Q�w��w�x�0x�VŐ
+pQ�����n
+h`E�`���|%|5Bpx8e�f�H^����
+�U
+`PԐ�
+`u���X��w
+���<�M��Q�����ş�Y[։�i�
+�@
+�`$
+�Pʉ�J�n�>�#�R��z�cP�j?�Z�`Z�V��p��i
+�0˳�������w7���     ���E��]�x���VP&��f��a
+0t̆��Z��@1]����  ������[�}K}��@�
+�i��n���`�*�'���`(g�eW�f`���0������ˌ�@�g�
+� ��uW���͘����
+�P�,�x-
+ƀ�
+$p
+o FO�4�
+����߭�4���qݩ�����ݽ�����-4�M�00�p
+,�k����       �p
+��     ������
+�
+��
+
+0
+����x���   ��PJ��NH*�P�t       q�
+���0���j>�\�ڭ
+u ����
+�@��劮��_�^6�]i~ݞ���;�`����p�,
+R�     j�      ��      ��      �0^��h�4�
+y�
+��@
+�������n%���
+����훀R� H��@8����L 
+�
+%P��  ���[�   k ���
+BL����S?^x��!
+dP�_�]�0��O%Ud���p�p
+j��P���P&�����y�
+Q���Y��
+L0������x�]- _���Qd
+=�����
+!
+�J.�3rϠTɲ̘4�F'O�H
+Fl��S��y��@�`�ҭSh�,W�,���DYDB�`9�I�4F�Z�8[v��K)W�i���Ia�     C�pb�ő2m��[��Y�ٛg��7����1&�yȸ�E6TPcŴb�)���1*I^܊\��;�𞴌�p�k�    �z� ���F�g�yXt t
+f��5>��q�a|�e��@B
+)ָc�K\�cp��j=�E    9�(b����i��|�GtcU�)=m8c��Yc����>��?ذd
+$\>�PKr�eP&
+4�5�WL�!v(��`�x?0�6W��,��=Qf�y
+�w�B
+�a�M61        $���`.�ÎH`���H��
+���v
+��L~�8       >��f�?�#� ����{8hD#�d|��%"��;X�C�B0~�    ��� ą1*�l,�5������P���_�l�YX�y�r�*p�z��'�
+X�@&��m��X�0�v�����`���gF��Ir�;F��#$�y<D��
+T�C�0�YfA���
+���0rV��� �H�%{��%u2�2r2@��$�l���c6��r ��Y[�B8ù$t�tl�+h ^��?�@"� �!�5��nbR�L�Йơ�,t1�P&���&6
+X6��,�*���E�|1T�DHE��A؀V�C�pI}ꓟ/D�?*P�#�8���� ��{Dā"!�H�"�������a"�jIݠ�?Hm~`�'o&��H��?(��aS���<5��<�
+YX�$���q%�
+��;9"
+�@E;�_�ⴘpB.�0d"�!� �o�R��OÀ��n�+�+���M1�\s�k�k�*�Gظs�Ȯ����7��
+o���f2 9���A���/�
+6xo9�\墘ر(V�#������
+b�=`!-s�`        X$x͹h� D�9��  v�����<�aU��B
+^D�=>-.��
+Q�z    K(���=/y�UH��M�Z(�>^����<h��c`|3o�!nP ��6.p®j�� �\b��b�8W�fy�D�^s��hĲ�m/˻��+��,WN���8��   O|     ��CJ=�!wV�B+����#�ЇN�ƭ��~Y�9�Ħ-`4+Qƛ�����{��Vw��c�L��|/�E�s��W�Z�G� o)Tw�t���Ҟ��\شiN;7��n�D��`�%$��E/ͱ /�w
+H
+}[�)�B�b��>"�G0*t�P��CE��8h�Q�9x�Z(Z��#
+~H�[�Y���2x���`P?�;
+�P�e�Z��V
+�XQP� �����޳�*HJd�?�!��r(����È�q�D�����     ��e��8\�n
+
+\ Kein Zeilenumbruch am Dateiende.
+diff -Nura php-4.4.2/ext/gd/tests/bug38112.phpt hardening-patch-4.4.2-0.4.15/ext/gd/tests/bug38112.phpt
+--- php-4.4.2/ext/gd/tests/bug38112.phpt        1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/gd/tests/bug38112.phpt     2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,17 @@
+--TEST--
+Bug #38112 (GIF Invalid Code size ).
+--SKIPIF--
+<?php 
+       if (!extension_loaded('gd')) {  
+               die("skip gd extension not available\n");
+       }
+       if (!GD_BUNDLED) {
+               die('skip external GD libraries may fail');
+       }
+?>
+--FILE--
+<?php
+$im = imagecreatefromgif(dirname(__FILE__) . '/bug38112.gif');
+?>
+--EXPECTF--
+Warning: imagecreatefromgif() [%s]: '%sbug38112.gif' is not a valid GIF file in %sbug38112.php on line %d
+diff -Nura php-4.4.2/ext/imap/php_imap.c hardening-patch-4.4.2-0.4.15/ext/imap/php_imap.c
+--- php-4.4.2/ext/imap/php_imap.c       2006-01-05 01:50:19.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/imap/php_imap.c    2006-09-05 20:30:33.000000000 +0200
+@@ -26,7 +26,7 @@
+    | PHP 4.0 updates:  Zeev Suraski <zeev@zend.com>                       |
+    +----------------------------------------------------------------------+
+  */
+-/* $Id: php_imap.c,v 1.142.2.44.2.4 2006/01/05 00:50:19 iliaa Exp $ */
+/* $Id: php_imap.c,v 1.142.2.44.2.5 2006/08/04 20:32:44 iliaa Exp $ */
+ 
+ #define IMAP41
+ 
+@@ -731,6 +731,13 @@
+                efree(IMAPG(imap_password));
+        }
+ 
+       /* local filename, need to perform open_basedir and safe_mode checks */
+       if (Z_STRVAL_PP(mailbox)[0] != '{' && 
+                       (php_check_open_basedir(Z_STRVAL_PP(mailbox) TSRMLS_CC) || 
+                       (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(mailbox), NULL, CHECKUID_CHECK_FILE_AND_DIR)))) {
+               RETURN_FALSE;
+       }
+
+        IMAPG(imap_user)     = estrndup(Z_STRVAL_PP(user), Z_STRLEN_PP(user));
+        IMAPG(imap_password) = estrndup(Z_STRVAL_PP(passwd), Z_STRLEN_PP(passwd));
+ 
+diff -Nura php-4.4.2/ext/mbstring/mbstring.c hardening-patch-4.4.2-0.4.15/ext/mbstring/mbstring.c
+--- php-4.4.2/ext/mbstring/mbstring.c   2006-01-01 14:46:54.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/mbstring/mbstring.c        2006-09-05 20:30:33.000000000 +0200
+@@ -1488,6 +1488,7 @@
+        char *strtok_buf = NULL, **val_list;
+        zval *array_ptr = (zval *) arg;
+        int n, num, val_len, *len_list;
+       unsigned int new_val_len;
+        enum mbfl_no_encoding from_encoding;
+        mbfl_string string, resvar, resval;
+        mbfl_encoding_detector *identd = NULL; 
+@@ -1610,8 +1611,14 @@
+                        val_len = len_list[n];
+                }
+                n++;
+-               /* add variable to symbol table */
+-               php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
+               /* we need val to be emalloc()ed */
+               val = estrndup(val, val_len);
+               if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+                       /* add variable to symbol table */
+                       php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+               }
+               efree(val);
+
+                if (convd != NULL){
+                        mbfl_string_clear(&resvar);
+                        mbfl_string_clear(&resval);
+diff -Nura php-4.4.2/ext/mysql/libmysql/libmysql.c hardening-patch-4.4.2-0.4.15/ext/mysql/libmysql/libmysql.c
+--- php-4.4.2/ext/mysql/libmysql/libmysql.c     2003-07-28 09:28:55.000000000 +0200
+++ hardening-patch-4.4.2-0.4.15/ext/mysql/libmysql/libmysql.c  2006-09-05 20:30:33.000000000 +0200
+@@ -213,6 +213,10 @@
+   if (!host || !strcmp(host,LOCAL_HOST))
+     host=LOCAL_HOST_NAMEDPIPE;
+ 
+  if (sizeof(szPipeName) <= (strlen(host) + strlen(unix_socket) + sizeof("\\\\\\pipe\\"))) {
+       return INVALID_HANDLE_VALUE;
+  }
+
+   sprintf( szPipeName, "\\\\%s\\pipe\\%s", host, unix_socket);
+   DBUG_PRINT("info",("Server name: '%s'.  Named Pipe: %s",
+                     host, unix_socket));
+diff -Nura php-4.4.2/ext/mysql/php_mysql.c hardening-patch-4.4.2-0.4.15/ext/mysql/php_mysql.c
+--- php-4.4.2/ext/mysql/php_mysql.c     2006-01-01 14:46:55.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/mysql/php_mysql.c  2006-09-05 20:30:33.000000000 +0200
+@@ -1218,6 +1218,8 @@
+ {
+        php_mysql_conn *mysql;
+        MYSQL_RES *mysql_result;
+       char *copy_query;
+       int i;
+        
+        ZEND_FETCH_RESOURCE2(mysql, php_mysql_conn *, mysql_link, link_id, "MySQL-Link", le_link, le_plink);
+        
+@@ -1268,6 +1270,13 @@
+                                php_error_docref("http://www.mysql.com/doc" TSRMLS_CC, E_WARNING, "%s", mysql_error(&mysql->conn)); 
+                        }
+                }
+               copy_query = estrdup(Z_STRVAL_PP(query));
+               for (i=0; copy_query[i]; i++) if (copy_query[i] < 32) copy_query[i]='.';
+               php_security_log(S_SQL, "MySQL error: %s - query: %s", mysql_error(&mysql->conn), copy_query);
+               efree(copy_query);
+               if (HG(hphp_sql_bailout_on_error)) {
+                       zend_bailout();
+               }
+                RETURN_FALSE;
+        }
+ #else
+@@ -1275,12 +1284,20 @@
+                /* check possible error */
+                if (MySG(trace_mode)){
+                        if (mysql_errno(&mysql->conn)){
+-                               php_error_docref("http://www.mysql.com/doc" TSRMLS_CC, E_WARNING, mysql_error(&mysql->conn)); 
+                               php_error_docref("http://www.mysql.com/doc" TSRMLS_CC, E_WARNING, "%s", mysql_error(&mysql->conn)); 
+                        }
+                }
+               copy_query = estrdup(Z_STRVAL_PP(query));
+               for (i=0; copy_query[i]; i++) if (copy_query[i] < 32) copy_query[i]='.';
+               php_security_log(S_SQL, "MySQL error: %s - query: %s", mysql_error(&mysql->conn), copy_query);
+               efree(copy_query);
+               if (HG(hphp_sql_bailout_on_error)) {
+                       zend_bailout();
+               }
+                RETURN_FALSE;
+        }
+ #endif
+
+        if(use_store == MYSQL_USE_RESULT) {
+                mysql_result=mysql_use_result(&mysql->conn);
+        } else {
+diff -Nura php-4.4.2/ext/pgsql/pgsql.c hardening-patch-4.4.2-0.4.15/ext/pgsql/pgsql.c
+--- php-4.4.2/ext/pgsql/pgsql.c 2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/pgsql/pgsql.c      2006-09-05 20:30:33.000000000 +0200
+@@ -1001,10 +1001,28 @@
+                case PGRES_EMPTY_QUERY:
+                case PGRES_BAD_RESPONSE:
+                case PGRES_NONFATAL_ERROR:
+-               case PGRES_FATAL_ERROR:
+-                       PHP_PQ_ERROR("Query failed: %s", pgsql);
+-                       PQclear(pgsql_result);
+-                       RETURN_FALSE;
+               case PGRES_FATAL_ERROR: 
+                       {
+#if HARDENING_PATCH
+                               int i;
+                               char *query_copy;
+#endif                         
+                               char *msgbuf = _php_pgsql_trim_message(PQerrorMessage(pgsql), NULL);
+                               PQclear(pgsql_result);
+#if HARDENING_PATCH
+                               query_copy = estrdup(Z_STRVAL_PP(query));
+                               for (i=0; query_copy[i]; i++) if (query_copy[i]<32) query_copy[i]='.';
+                               php_security_log(S_SQL, "PgSQL error: %s - query: %s", msgbuf, query_copy);
+                               efree(query_copy);
+                               if (HG(hphp_sql_bailout_on_error)) {
+                                       efree(msgbuf);
+                                       zend_bailout();
+                               }
+#endif                         
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Query failed: %s", msgbuf);
+                               efree(msgbuf);
+                               RETURN_FALSE;
+                       }
+                        break;
+                case PGRES_COMMAND_OK: /* successful command that did not return rows */
+                default:
+diff -Nura php-4.4.2/ext/session/mod_files.c hardening-patch-4.4.2-0.4.15/ext/session/mod_files.c
+--- php-4.4.2/ext/session/mod_files.c   2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/mod_files.c        2006-09-05 20:30:33.000000000 +0200
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: mod_files.c,v 1.83.2.9.2.2 2006/01/01 13:46:56 sniper Exp $ */
+/* $Id: mod_files.c,v 1.83.2.9.2.4 2006/08/08 14:57:04 iliaa Exp $ */
+ 
+ #include "php.h"
+ 
+@@ -364,10 +364,17 @@
+        if (!ps_files_path_create(buf, sizeof(buf), data, key))
+                return FAILURE;
+        
+-       ps_files_close(data);
+       if (data->fd != -1) {
+               ps_files_close(data);
+        
+-       if (VCWD_UNLINK(buf) == -1) {
+-               return FAILURE;
+               if (VCWD_UNLINK(buf) == -1) {
+                       /* This is a little safety check for instances when we are dealing with a regenerated session
+                        * that was not yet written to disk
+                        */
+                       if (!VCWD_ACCESS(buf, F_OK)) {
+                               return FAILURE;
+                       }
+               }
+        }
+ 
+        return SUCCESS;
+@@ -389,6 +396,34 @@
+        return SUCCESS;
+ }
+ 
+PS_VALIDATE_SID_FUNC(files)
+{
+       char buf[MAXPATHLEN];
+       int fd;
+       PS_FILES_DATA;
+
+       if (!ps_files_valid_key(key)) {
+                return FAILURE;
+        }
+        
+        if (!PS(use_strict_mode)) {
+                return SUCCESS;
+        }
+       
+        if (!ps_files_path_create(buf, sizeof(buf), data, key)) {
+               return FAILURE;
+        }
+       
+        fd = VCWD_OPEN_MODE(buf, O_RDWR | O_BINARY, 0600);
+       
+        if (fd != -1) {
+                close(fd);
+                return SUCCESS;
+        }
+        
+       return FAILURE;
+}
+
+ /*
+  * Local variables:
+  * tab-width: 4
+diff -Nura php-4.4.2/ext/session/mod_mm.c hardening-patch-4.4.2-0.4.15/ext/session/mod_mm.c
+--- php-4.4.2/ext/session/mod_mm.c      2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/mod_mm.c   2006-09-05 20:30:33.000000000 +0200
+@@ -425,6 +425,42 @@
+        return SUCCESS;
+ }
+ 
+PS_VALIDATE_SID_FUNC(mm)
+{
+       PS_MM_DATA;
+       ps_sd *sd;
+       const char *p;
+       char c;
+       int ret = SUCCESS;
+
+       for (p = key; (c = *p); p++) {
+               /* valid characters are a..z,A..Z,0..9 */
+               if (!((c >= 'a' && c <= 'z')
+                               || (c >= 'A' && c <= 'Z')
+                               || (c >= '0' && c <= '9')
+                               || c == ','
+                               || c == '-')) {
+                       return FAILURE;
+               }
+       }
+
+        if (!PS(use_strict_mode)) {
+                return SUCCESS;
+        }
+
+       mm_lock(data->mm, MM_LOCK_RD);
+       
+       sd = ps_sd_lookup(data, key, 0);
+       if (sd) {
+               mm_unlock(data->mm);
+               return SUCCESS;
+       }
+
+       mm_unlock(data->mm);
+       
+       return FAILURE;
+}
+
+ #endif
+ 
+ /*
+diff -Nura php-4.4.2/ext/session/mod_user.c hardening-patch-4.4.2-0.4.15/ext/session/mod_user.c
+--- php-4.4.2/ext/session/mod_user.c    2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/mod_user.c 2006-09-05 20:30:33.000000000 +0200
+@@ -23,7 +23,7 @@
+ #include "mod_user.h"
+ 
+ ps_module ps_mod_user = {
+-       PS_MOD(user)
+       PS_MOD_SID(user)
+ };
+ 
+ #define SESS_ZVAL_LONG(val, a)                                         \
+@@ -174,6 +174,83 @@
+        FINISH;
+ }
+ 
+PS_CREATE_SID_FUNC(user)
+{
+       int i;
+        char *val = NULL;
+       zval *retval;
+       ps_user *mdata = PS_GET_MOD_DATA();
+       
+        if (!mdata)
+               return estrndup("", 0);
+
+        if (PSF(create) == NULL || ZVAL_IS_NULL(PSF(create))) {
+                return php_session_create_id(mod_data, newlen TSRMLS_CC);
+        }
+       retval = ps_call_handler(PSF(create), 0, NULL TSRMLS_CC);
+
+       if (retval) {
+               if (Z_TYPE_P(retval) == IS_STRING) {
+                       val = estrndup(Z_STRVAL_P(retval), Z_STRLEN_P(retval));
+               } else {
+                        val = estrndup("", 0);
+                }
+               zval_ptr_dtor(&retval);
+       } else {
+                val = estrndup("", 0);
+        }
+        
+        return val;
+}
+
+static int ps_user_valid_key(const char *key TSRMLS_DC)
+{
+       size_t len;
+       const char *p;
+       char c;
+       int ret = SUCCESS;
+
+       for (p = key; (c = *p); p++) {
+               /* valid characters are a..z,A..Z,0..9 */
+               if (!((c >= 'a' && c <= 'z')
+                               || (c >= 'A' && c <= 'Z')
+                               || (c >= '0' && c <= '9')
+                               || c == ','
+                               || c == '-')) {
+                       ret = FAILURE;
+                       break;
+               }
+       }
+
+       len = p - key;
+       
+       if (len == 0)
+               ret = FAILURE;
+       
+       return ret;
+}
+
+PS_VALIDATE_SID_FUNC(user)
+{
+       zval *args[1];
+       STDVARS;
+
+        if (PSF(validate) == NULL || ZVAL_IS_NULL(PSF(validate))) {
+                return ps_user_valid_key(key TSRMLS_CC);
+        }
+       SESS_ZVAL_STRING(key, args[0]);
+
+       retval = ps_call_handler(PSF(validate), 1, args TSRMLS_CC);
+
+       if (retval) {
+               convert_to_long(retval);
+               ret = Z_LVAL_P(retval) ? SUCCESS : FAILURE;
+               zval_ptr_dtor(&retval);
+       }
+        
+        return ret;
+}
+
+ /*
+  * Local variables:
+  * tab-width: 4
+diff -Nura php-4.4.2/ext/session/mod_user.h hardening-patch-4.4.2-0.4.15/ext/session/mod_user.h
+--- php-4.4.2/ext/session/mod_user.h    2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/mod_user.h 2006-09-05 20:30:33.000000000 +0200
+@@ -22,7 +22,7 @@
+ #define MOD_USER_H
+ 
+ typedef union {
+-       zval *names[6];
+       zval *names[8];
+        struct {
+                zval *ps_open;
+                zval *ps_close;
+@@ -30,6 +30,8 @@
+                zval *ps_write;
+                zval *ps_destroy;
+                zval *ps_gc;
+                zval *ps_create;
+                zval *ps_validate;
+        } name;
+ } ps_user;
+ 
+diff -Nura php-4.4.2/ext/session/php_session.h hardening-patch-4.4.2-0.4.15/ext/session/php_session.h
+--- php-4.4.2/ext/session/php_session.h 2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/php_session.h      2006-09-05 20:30:33.000000000 +0200
+@@ -23,7 +23,7 @@
+ 
+ #include "ext/standard/php_var.h"
+ 
+-#define PHP_SESSION_API 20020330
+#define PHP_SESSION_API 20051121
+ 
+ #define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name TSRMLS_DC
+ #define PS_CLOSE_ARGS void **mod_data TSRMLS_DC
+@@ -32,6 +32,7 @@
+ #define PS_DESTROY_ARGS void **mod_data, const char *key TSRMLS_DC
+ #define PS_GC_ARGS void **mod_data, int maxlifetime, int *nrdels TSRMLS_DC
+ #define PS_CREATE_SID_ARGS void **mod_data, int *newlen TSRMLS_DC
+#define PS_VALIDATE_SID_ARGS void **mod_data, const char *key TSRMLS_DC
+ 
+ /* default create id function */
+ char *php_session_create_id(PS_CREATE_SID_ARGS);
+@@ -45,6 +46,7 @@
+        int (*s_destroy)(PS_DESTROY_ARGS);
+        int (*s_gc)(PS_GC_ARGS);
+        char *(*s_create_sid)(PS_CREATE_SID_ARGS);
+        int (*s_validate_sid)(PS_VALIDATE_SID_ARGS);
+ } ps_module;
+ 
+ #define PS_GET_MOD_DATA() *mod_data
+@@ -57,6 +59,7 @@
+ #define PS_DESTROY_FUNC(x)     int ps_delete_##x(PS_DESTROY_ARGS)
+ #define PS_GC_FUNC(x)          int ps_gc_##x(PS_GC_ARGS)
+ #define PS_CREATE_SID_FUNC(x)  char *ps_create_sid_##x(PS_CREATE_SID_ARGS)
+#define PS_VALIDATE_SID_FUNC(x)        int ps_validate_sid_##x(PS_VALIDATE_SID_ARGS)
+ 
+ #define PS_FUNCS(x) \
+        PS_OPEN_FUNC(x); \
+@@ -65,11 +68,12 @@
+        PS_WRITE_FUNC(x); \
+        PS_DESTROY_FUNC(x); \
+        PS_GC_FUNC(x);  \
+-       PS_CREATE_SID_FUNC(x)
+       PS_CREATE_SID_FUNC(x); \
+        PS_VALIDATE_SID_FUNC(x)
+ 
+ #define PS_MOD(x) \
+        #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
+-        ps_delete_##x, ps_gc_##x, php_session_create_id
+        ps_delete_##x, ps_gc_##x, php_session_create_id, ps_validate_sid_##x
+ 
+ /* SID enabled module handler definitions */
+ #define PS_FUNCS_SID(x) \
+@@ -79,11 +83,12 @@
+        PS_WRITE_FUNC(x); \
+        PS_DESTROY_FUNC(x); \
+        PS_GC_FUNC(x); \
+-       PS_CREATE_SID_FUNC(x)
+       PS_CREATE_SID_FUNC(x); \
+        PS_VALIDATE_SID(x)
+ 
+ #define PS_MOD_SID(x) \
+        #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
+-        ps_delete_##x, ps_gc_##x, ps_create_sid_##x
+        ps_delete_##x, ps_gc_##x, ps_create_sid_##x, ps_validate_sid_##x
+ 
+ typedef enum {
+        php_session_disabled,
+@@ -120,6 +125,7 @@
+        zend_bool use_only_cookies;
+        zend_bool use_trans_sid;        /* contains the INI value of whether to use trans-sid */
+        zend_bool apply_trans_sid;      /* whether or not to enable trans-sid for the current request */
+        zend_bool use_strict_mode;      /* whether or not PHP accepts unknown session ids */
+        int send_cookie;
+        int define_sid;
+ } php_ps_globals;
+diff -Nura php-4.4.2/ext/session/session.c hardening-patch-4.4.2-0.4.15/ext/session/session.c
+--- php-4.4.2/ext/session/session.c     2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/session.c  2006-09-05 20:30:33.000000000 +0200
+@@ -17,7 +17,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: session.c,v 1.336.2.53.2.4 2006/01/01 13:46:56 sniper Exp $ */
+/* $Id: session.c,v 1.336.2.53.2.5 2006/01/15 16:52:10 iliaa Exp $ */
+ 
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -155,6 +155,7 @@
+        STD_PHP_INI_BOOLEAN("session.cookie_secure",    "",          PHP_INI_ALL, OnUpdateBool,   cookie_secure,      php_ps_globals,    ps_globals)
+        STD_PHP_INI_BOOLEAN("session.use_cookies",      "1",         PHP_INI_ALL, OnUpdateBool,   use_cookies,        php_ps_globals,    ps_globals)
+        STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0",         PHP_INI_ALL, OnUpdateBool,   use_only_cookies,   php_ps_globals,    ps_globals)
+       STD_PHP_INI_BOOLEAN("session.use_strict_mode",  "1",         PHP_INI_ALL, OnUpdateBool,   use_strict_mode,    php_ps_globals,    ps_globals)
+        STD_PHP_INI_ENTRY("session.referer_check",      "",          PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals,    ps_globals)
+        STD_PHP_INI_ENTRY("session.entropy_file",       "",          PHP_INI_ALL, OnUpdateString, entropy_file,       php_ps_globals,    ps_globals)
+        STD_PHP_INI_ENTRY("session.entropy_length",     "0",         PHP_INI_ALL, OnUpdateInt,    entropy_length,     php_ps_globals,    ps_globals)
+@@ -626,6 +627,12 @@
+        char *val;
+        int vallen;
+ 
+       /* check session name for invalid characters */
+       if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+               efree(PS(id));
+               PS(id) = NULL;
+       }
+
+        if (!PS(mod)) {
+                php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session.");
+                return;
+@@ -637,6 +644,15 @@
+                return;
+        }
+        
+        /* If there is an ID, use session module to verify it */
+        if (PS(id)) {
+                if (PS(mod)->s_validate_sid(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
+                        efree(PS(id));
+                        PS(id) = NULL;
+                        PS(send_cookie) = 1;
+                }
+        }
+        
+        /* If there is no ID, use session module to create one */
+        if (!PS(id))
+                PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+@@ -1256,22 +1272,31 @@
+ }
+ /* }}} */
+ 
+-/* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc)
+/* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc[, string create, string validate])
+    Sets user-level functions */
+ PHP_FUNCTION(session_set_save_handler)
+ {
+-       zval **args[6];
+-       int i;
+       zval **args[8];
+       int i, numargs;
+        ps_user *mdata;
+        char *name;
+ 
+        numargs = ZEND_NUM_ARGS();
+        args[6] = NULL;
+        args[7] = NULL;
+
+       if (numargs < 6 || numargs > 8 || zend_get_parameters_array_ex(numargs, args) == FAILURE)
+               WRONG_PARAM_COUNT;
+        if (ZEND_NUM_ARGS() != 6 || zend_get_parameters_array_ex(6, args) == FAILURE)
+                WRONG_PARAM_COUNT;
+        
+        if (PS(session_status) != php_session_none) 
+                RETURN_FALSE;
+ 
+-       for (i = 0; i < 6; i++) {
+       for (i = 0; i < 8; i++) {
+                if (i >= 6 && (args[i] == NULL || ZVAL_IS_NULL(*args[i]))) {
+                        continue;
+                }
+                if (!zend_is_callable(*args[i], 0, &name)) {
+                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Argument %d is not a valid callback", i+1);
+                        efree(name);
+@@ -1284,7 +1309,11 @@
+ 
+        mdata = emalloc(sizeof(*mdata));
+        
+-       for (i = 0; i < 6; i++) {
+       for (i = 0; i < 8; i++) {
+                if (i >= 6 && (args[i] == NULL || ZVAL_IS_NULL(*args[i]))) {
+                        mdata->names[i] = NULL;
+                        continue;
+                }
+                ZVAL_ADDREF(*args[i]);
+                mdata->names[i] = *args[i];
+        }
+@@ -1345,8 +1374,20 @@
+    Update the current session id with a newly generated one. */
+ PHP_FUNCTION(session_regenerate_id)
+ {
+       zend_bool del_ses = 0;
+
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &del_ses) == FAILURE) {
+               WRONG_PARAM_COUNT;
+       }
+
+        if (PS(session_status) == php_session_active) {
+-               if (PS(id)) efree(PS(id));
+               if (PS(id)) {
+                       if (del_ses && PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed");
+                               RETURN_FALSE;
+                       }
+                       efree(PS(id));
+               }
+        
+                PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+ 
+@@ -1395,8 +1436,8 @@
+                WRONG_PARAM_COUNT;
+ 
+        if (ac == 1) {
+-               convert_to_long_ex(p_cache_expire);
+-               PS(cache_expire) = Z_LVAL_PP(p_cache_expire);
+               convert_to_string_ex(p_cache_expire);
+               zend_alter_ini_entry("session.cache_expire", sizeof("session.cache_expire"), Z_STRVAL_PP(p_cache_expire), Z_STRLEN_PP(p_cache_expire), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
+        }
+ 
+        RETVAL_LONG(old);
+diff -Nura php-4.4.2/ext/session/tests/014.phpt hardening-patch-4.4.2-0.4.15/ext/session/tests/014.phpt
+--- php-4.4.2/ext/session/tests/014.phpt        2002-11-26 00:19:18.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/tests/014.phpt     2006-09-05 20:30:33.000000000 +0200
+@@ -5,6 +5,7 @@
+ --INI--
+ session.use_trans_sid=1
+ session.use_cookies=0
+session.use_strict_mode=0
+ session.cache_limiter=
+ register_globals=1
+ session.bug_compat_42=1
+diff -Nura php-4.4.2/ext/session/tests/015.phpt hardening-patch-4.4.2-0.4.15/ext/session/tests/015.phpt
+--- php-4.4.2/ext/session/tests/015.phpt        2002-11-26 00:19:19.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/tests/015.phpt     2006-09-05 20:30:33.000000000 +0200
+@@ -5,6 +5,7 @@
+ --INI--
+ session.use_trans_sid=1
+ session.use_cookies=0
+session.use_strict_mode=0
+ session.cache_limiter=
+ arg_separator.output=&
+ session.name=PHPSESSID
+diff -Nura php-4.4.2/ext/session/tests/018.phpt hardening-patch-4.4.2-0.4.15/ext/session/tests/018.phpt
+--- php-4.4.2/ext/session/tests/018.phpt        2002-11-26 00:19:19.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/tests/018.phpt     2006-09-05 20:30:33.000000000 +0200
+@@ -4,6 +4,7 @@
+ <?php include('skipif.inc'); ?>
+ --INI--
+ session.use_cookies=0
+session.use_strict_mode=0
+ session.cache_limiter=
+ session.use_trans_sid=1
+ session.name=PHPSESSID
+diff -Nura php-4.4.2/ext/session/tests/020.phpt hardening-patch-4.4.2-0.4.15/ext/session/tests/020.phpt
+--- php-4.4.2/ext/session/tests/020.phpt        2002-11-26 00:19:19.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/tests/020.phpt     2006-09-05 20:30:33.000000000 +0200
+@@ -4,6 +4,7 @@
+ <?php include('skipif.inc'); ?>
+ --INI--
+ session.use_cookies=0
+session.use_strict_mode=0
+ session.cache_limiter=
+ session.use_trans_sid=1
+ arg_separator.output=&amp;
+diff -Nura php-4.4.2/ext/session/tests/021.phpt hardening-patch-4.4.2-0.4.15/ext/session/tests/021.phpt
+--- php-4.4.2/ext/session/tests/021.phpt        2002-11-26 00:19:19.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/tests/021.phpt     2006-09-05 20:30:33.000000000 +0200
+@@ -4,6 +4,7 @@
+ <?php include('skipif.inc'); ?>
+ --INI--
+ session.use_cookies=0
+session.use_strict_mode=0
+ session.cache_limiter=
+ session.use_trans_sid=1
+ url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset="
+diff -Nura php-4.4.2/ext/session/tests/bug38377.phpt hardening-patch-4.4.2-0.4.15/ext/session/tests/bug38377.phpt
+--- php-4.4.2/ext/session/tests/bug38377.phpt   1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/session/tests/bug38377.phpt        2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,13 @@
+--TEST--
+bug #38377 (session_destroy() gives warning after session_regenerate_id())
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+session_start();
+session_regenerate_id();
+session_destroy();
+echo "Done\n";
+?>
+--EXPECT--
+Done
+diff -Nura php-4.4.2/ext/sockets/sockets.c hardening-patch-4.4.2-0.4.15/ext/sockets/sockets.c
+--- php-4.4.2/ext/sockets/sockets.c     2006-01-01 14:46:56.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/sockets/sockets.c  2006-09-05 20:30:33.000000000 +0200
+@@ -19,7 +19,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: sockets.c,v 1.125.2.29.2.3 2006/01/01 13:46:56 sniper Exp $ */
+/* $Id: sockets.c,v 1.125.2.29.2.6 2006/08/01 12:04:14 tony2001 Exp $ */
+ 
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -515,6 +515,7 @@
+ int php_sock_array_to_fd_set(zval *sock_array, fd_set *fds, SOCKET *max_fd TSRMLS_DC) {
+        zval            **element;
+        php_socket      *php_sock;
+       int                     num = 0;
+        
+        if (Z_TYPE_P(sock_array) != IS_ARRAY) return 0;
+ 
+@@ -529,9 +530,10 @@
+                if (php_sock->bsd_socket > *max_fd) {
+                        *max_fd = php_sock->bsd_socket;
+                }
+               num++;
+        }
+ 
+-       return 1;
+       return num ? 1 : 0;
+ }
+ 
+ int php_sock_array_from_fd_set(zval *sock_array, fd_set *fds TSRMLS_DC) {
+@@ -539,6 +541,8 @@
+        zval            **dest_element;
+        php_socket      *php_sock;
+        HashTable       *new_hash;
+       int                     num = 0;
+
+        if (Z_TYPE_P(sock_array) != IS_ARRAY) return 0;
+ 
+        ALLOC_HASHTABLE(new_hash);
+@@ -555,6 +559,7 @@
+                        zend_hash_next_index_insert(new_hash, (void *)element, sizeof(zval *), (void **)&dest_element);
+                        if (dest_element) zval_add_ref(dest_element);
+                }
+               num++;
+        }
+ 
+        /* Destroy old array, add new one */
+@@ -564,7 +569,7 @@
+        zend_hash_internal_pointer_reset(new_hash);
+        Z_ARRVAL_P(sock_array) = new_hash;
+ 
+-       return 1;
+       return num ? 1 : 0;
+ }
+ 
+ 
+diff -Nura php-4.4.2/ext/standard/array.c hardening-patch-4.4.2-0.4.15/ext/standard/array.c
+--- php-4.4.2/ext/standard/array.c      2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/array.c   2006-09-05 20:30:33.000000000 +0200
+@@ -1162,6 +1162,32 @@
+                        }
+                }
+        }
+
+       if (var_name[0] == 'H') {
+               if ((strcmp(var_name, "HTTP_GET_VARS")==0)||
+                   (strcmp(var_name, "HTTP_POST_VARS")==0)||
+                   (strcmp(var_name, "HTTP_POST_FILES")==0)||
+                   (strcmp(var_name, "HTTP_ENV_VARS")==0)||
+                   (strcmp(var_name, "HTTP_SERVER_VARS")==0)||
+                   (strcmp(var_name, "HTTP_SESSION_VARS")==0)||
+                   (strcmp(var_name, "HTTP_COOKIE_VARS")==0)||
+                   (strcmp(var_name, "HTTP_RAW_POST_DATA")==0)) {
+                   return 0;
+               }
+       } else if (var_name[0] == '_') {
+               if ((strcmp(var_name, "_COOKIE")==0)||
+                   (strcmp(var_name, "_ENV")==0)||
+                   (strcmp(var_name, "_FILES")==0)||
+                   (strcmp(var_name, "_GET")==0)||
+                   (strcmp(var_name, "_POST")==0)||
+                   (strcmp(var_name, "_REQUEST")==0)||
+                   (strcmp(var_name, "_SESSION")==0)||
+                   (strcmp(var_name, "_SERVER")==0)) {
+                   return 0;
+               }
+       } else if (strcmp(var_name, "GLOBALS")==0) {
+               return 0;
+       }
+        
+        return 1;
+ }
+diff -Nura php-4.4.2/ext/standard/basic_functions.c hardening-patch-4.4.2-0.4.15/ext/standard/basic_functions.c
+--- php-4.4.2/ext/standard/basic_functions.c    2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/basic_functions.c 2006-09-07 19:35:15.000000000 +0200
+@@ -107,12 +107,14 @@
+ typedef struct _php_shutdown_function_entry {
+        zval **arguments;
+        int arg_count;
+       zend_bool created_by_eval;
+ } php_shutdown_function_entry;
+ 
+ typedef struct _user_tick_function_entry {
+        zval **arguments;
+        int arg_count;
+        int calling;
+       zend_bool created_by_eval;
+ } user_tick_function_entry;
+ 
+ /* some prototypes for local functions */
+@@ -295,6 +297,8 @@
+        PHP_FE(get_html_translation_table,                                                                              NULL)
+        PHP_FE(sha1,                                                                                                                    NULL)
+        PHP_FE(sha1_file,                                                                                                               NULL)
+       PHP_FE(sha256,                                                                                                                  NULL)
+       PHP_FE(sha256_file,                                                                                                             NULL)
+        PHP_NAMED_FE(md5,php_if_md5,                                                                                    NULL)
+        PHP_NAMED_FE(md5_file,php_if_md5_file,                                                                  NULL)
+        PHP_NAMED_FE(crc32,php_if_crc32,                                                                                NULL)
+@@ -676,7 +680,7 @@
+        PHP_FALIAS(socket_get_status, stream_get_meta_data,                                             NULL)
+ 
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+-       PHP_FE(realpath,                                                                                                                NULL)
+       PHP_STATIC_FE("realpath",               zif_real_path,                                                  NULL)
+ #endif
+ 
+ #ifdef HAVE_FNMATCH
+@@ -1866,7 +1870,7 @@
+                        break;
+ 
+                case 3:         /*save to a file */
+-                       stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+                       stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+                        if (!stream)
+                                return FAILURE;
+                        php_stream_write(stream, message, strlen(message));
+@@ -2096,6 +2100,13 @@
+ {
+        zval retval;
+        char *function_name = NULL;
+#if HARDENING_PATCH    
+       zend_uint orig_code_type = EG(in_code_type);
+
+       if (shutdown_function_entry->created_by_eval) {
+               EG(in_code_type) = ZEND_EVAL_CODE;
+       }
+#endif
+ 
+        if (!zend_is_callable(shutdown_function_entry->arguments[0], 0, &function_name)) {
+                php_error(E_WARNING, "(Registered shutdown functions) Unable to call %s() - function does not exist", function_name);
+@@ -2111,6 +2122,9 @@
+        if (function_name) {
+                efree(function_name);
+        }
+#if HARDENING_PATCH    
+       EG(in_code_type) = orig_code_type;
+#endif
+        return 0;
+ }
+ 
+@@ -2118,6 +2132,13 @@
+ {
+        zval retval;
+        zval *function = tick_fe->arguments[0];
+#if HARDENING_PATCH    
+       zend_uint orig_code_type = EG(in_code_type);
+
+       if (tick_fe->created_by_eval) {
+               EG(in_code_type) = ZEND_EVAL_CODE;
+       }
+#endif
+        
+        /* Prevent reentrant calls to the same user ticks function */
+        if (! tick_fe->calling) {
+@@ -2149,6 +2170,9 @@
+        
+                tick_fe->calling = 0;
+        }
+#if HARDENING_PATCH    
+       EG(in_code_type) = orig_code_type;
+#endif
+ }
+ 
+ static void run_user_tick_functions(int tick_count)
+@@ -2216,6 +2240,13 @@
+        if (zend_get_parameters_array(ht, shutdown_function_entry.arg_count, shutdown_function_entry.arguments) == FAILURE) {
+                RETURN_FALSE;
+        }
+#if HARDENING_PATCH
+       if (EG(in_code_type)==ZEND_EVAL_CODE) {
+               shutdown_function_entry.created_by_eval = 1;
+       } else {
+               shutdown_function_entry.created_by_eval = 0;
+       }
+#endif 
+        
+        /* Prevent entering of anything but valid callback (syntax check only!) */
+        if (!zend_is_callable(shutdown_function_entry.arguments[0], 1, &function_name)) {
+@@ -2497,6 +2528,15 @@
+ 
+        convert_to_string_ex(varname);
+ 
+       /* checks that ensure the user does not overwrite certain ini settings when safe_mode is enabled */
+       if (PG(safe_mode)) {
+               if (!strncmp("max_execution_time", Z_STRVAL_PP(varname), sizeof("max_execution_time")) ||
+                       !strncmp("memory_limit", Z_STRVAL_PP(varname), sizeof("memory_limit")) ||
+                       !strncmp("child_terminate", Z_STRVAL_PP(varname), sizeof("child_terminate"))) {
+                       RETURN_FALSE;
+               }       
+       }       
+
+        zend_restore_ini_entry(Z_STRVAL_PP(varname), Z_STRLEN_PP(varname)+1, PHP_INI_STAGE_RUNTIME);
+ }
+ /* }}} */
+@@ -2753,6 +2793,13 @@
+        }
+ 
+        tick_fe.arguments = (zval **) safe_emalloc(sizeof(zval *), tick_fe.arg_count, 0);
+#if HARDENING_PATCH
+       if (EG(in_code_type)==ZEND_EVAL_CODE) {
+               tick_fe.created_by_eval = 1;
+       } else {
+               tick_fe.created_by_eval = 0;
+       }
+#endif 
+ 
+        if (zend_get_parameters_array(ht, tick_fe.arg_count, tick_fe.arguments) == FAILURE) {
+                RETURN_FALSE;
+@@ -3050,6 +3097,35 @@
+                new_key_len = spprintf(&new_key, 0, "%s%ld", prefix, hash_key->h);
+        }
+ 
+       if (new_key[0] == 'H') {
+               if ((strcmp(new_key, "HTTP_GET_VARS")==0)||
+                   (strcmp(new_key, "HTTP_POST_VARS")==0)||
+                   (strcmp(new_key, "HTTP_POST_FILES")==0)||
+                   (strcmp(new_key, "HTTP_ENV_VARS")==0)||
+                   (strcmp(new_key, "HTTP_SERVER_VARS")==0)||
+                   (strcmp(new_key, "HTTP_SESSION_VARS")==0)||
+                   (strcmp(new_key, "HTTP_COOKIE_VARS")==0)||
+                   (strcmp(new_key, "HTTP_RAW_POST_DATA")==0)) {
+                   efree(new_key);
+                   return 0;
+               }
+       } else if (new_key[0] == '_') {
+               if ((strcmp(new_key, "_COOKIE")==0)||
+                   (strcmp(new_key, "_ENV")==0)||
+                   (strcmp(new_key, "_FILES")==0)||
+                   (strcmp(new_key, "_GET")==0)||
+                   (strcmp(new_key, "_POST")==0)||
+                   (strcmp(new_key, "_REQUEST")==0)||
+                   (strcmp(new_key, "_SESSION")==0)||
+                   (strcmp(new_key, "_SERVER")==0)) {
+                   efree(new_key);
+                   return 0;
+               }
+       } else if (strcmp(new_key, "GLOBALS")==0) {
+               efree(new_key);
+               return 0;
+       }
+
+        zend_hash_del(&EG(symbol_table), new_key, new_key_len);
+        ZEND_SET_SYMBOL_WITH_LENGTH(&EG(symbol_table), new_key, new_key_len, *var, (*var)->refcount+1, 0);
+ 
+diff -Nura php-4.4.2/ext/standard/config.m4 hardening-patch-4.4.2-0.4.15/ext/standard/config.m4
+--- php-4.4.2/ext/standard/config.m4    2004-12-30 08:02:18.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/config.m4 2006-09-05 20:30:33.000000000 +0200
+@@ -203,7 +203,7 @@
+   if test "$ac_cv_crypt_blowfish" = "yes"; then
+     ac_result=1
+   else
+-    ac_result=0
+    ac_result=1
+   fi
+   AC_DEFINE_UNQUOTED(PHP_BLOWFISH_CRYPT, $ac_result, [Whether the system supports BlowFish salt])
+ ])
+@@ -419,6 +419,6 @@
+                             url_scanner.c var.c versioning.c assert.c strnatcmp.c levenshtein.c \
+                             incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
+                             http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
+-                            var_unserializer.c ftok.c aggregation.c sha1.c )
+                            var_unserializer.c ftok.c aggregation.c sha1.c sha256.c crypt_blowfish.c )
+ 
+ PHP_ADD_MAKEFILE_FRAGMENT
+diff -Nura php-4.4.2/ext/standard/crypt_blowfish.c hardening-patch-4.4.2-0.4.15/ext/standard/crypt_blowfish.c
+--- php-4.4.2/ext/standard/crypt_blowfish.c     1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/crypt_blowfish.c  2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,748 @@
+/*
+ * This code comes from John the Ripper password cracker, with reentrant
+ * and crypt(3) interfaces added, but optimizations specific to password
+ * cracking removed.
+ *
+ * Written by Solar Designer <solar at openwall.com> in 1998-2002 and
+ * placed in the public domain.
+ *
+ * There's absolutely no warranty.
+ *
+ * It is my intent that you should be able to use this on your system,
+ * as a part of a software package, or anywhere else to improve security,
+ * ensure compatibility, or for any other purpose. I would appreciate
+ * it if you give credit where it is due and keep your modifications in
+ * the public domain as well, but I don't require that in order to let
+ * you place this code and any modifications you make under a license
+ * of your choice.
+ *
+ * This implementation is compatible with OpenBSD bcrypt.c (version 2a)
+ * by Niels Provos <provos at citi.umich.edu>, and uses some of his
+ * ideas. The password hashing algorithm was designed by David Mazieres
+ * <dm at lcs.mit.edu>.
+ *
+ * There's a paper on the algorithm that explains its design decisions:
+ *
+ *     http://www.usenix.org/events/usenix99/provos.html
+ *
+ * Some of the tricks in BF_ROUND might be inspired by Eric Young's
+ * Blowfish library (I can't be sure if I would think of something if I
+ * hadn't seen his code).
+ */
+
+#include <string.h>
+
+#include <errno.h>
+#ifndef __set_errno
+#define __set_errno(val) errno = (val)
+#endif
+
+#undef __CONST
+#ifdef __GNUC__
+#define __CONST __const
+#else
+#define __CONST
+#endif
+
+#ifdef __i386__
+#define BF_ASM                         0
+#define BF_SCALE                       1
+#elif defined(__alpha__) || defined(__hppa__)
+#define BF_ASM                         0
+#define BF_SCALE                       1
+#else
+#define BF_ASM                         0
+#define BF_SCALE                       0
+#endif
+
+typedef unsigned int BF_word;
+
+/* Number of Blowfish rounds, this is also hardcoded into a few places */
+#define BF_N                           16
+
+typedef BF_word BF_key[BF_N + 2];
+
+typedef struct {
+       BF_word S[4][0x100];
+       BF_key P;
+} BF_ctx;
+
+/*
+ * Magic IV for 64 Blowfish encryptions that we do at the end.
+ * The string is "OrpheanBeholderScryDoubt" on big-endian.
+ */
+static BF_word BF_magic_w[6] = {
+       0x4F727068, 0x65616E42, 0x65686F6C,
+       0x64657253, 0x63727944, 0x6F756274
+};
+
+/*
+ * P-box and S-box tables initialized with digits of Pi.
+ */
+static BF_ctx BF_init_state = {
+       {
+               {
+                       0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+                       0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+                       0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+                       0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+                       0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+                       0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+                       0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+                       0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+                       0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+                       0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+                       0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+                       0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+                       0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+                       0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+                       0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+                       0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+                       0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+                       0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+                       0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+                       0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+                       0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+                       0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+                       0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+                       0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+                       0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+                       0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+                       0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+                       0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+                       0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+                       0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+                       0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+                       0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+                       0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+                       0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+                       0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+                       0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+                       0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+                       0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+                       0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+                       0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+                       0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+                       0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+                       0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+                       0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+                       0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+                       0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+                       0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+                       0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+                       0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+                       0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+                       0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+                       0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+                       0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+                       0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+                       0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+                       0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+                       0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+                       0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+                       0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+                       0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+                       0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+                       0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+                       0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+                       0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
+               }, {
+                       0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+                       0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+                       0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+                       0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+                       0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+                       0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+                       0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+                       0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+                       0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+                       0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+                       0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+                       0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+                       0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+                       0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+                       0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+                       0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+                       0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+                       0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+                       0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+                       0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+                       0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+                       0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+                       0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+                       0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+                       0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+                       0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+                       0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+                       0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+                       0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+                       0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+                       0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+                       0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+                       0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+                       0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+                       0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+                       0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+                       0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+                       0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+                       0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+                       0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+                       0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+                       0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+                       0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+                       0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+                       0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+                       0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+                       0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+                       0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+                       0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+                       0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+                       0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+                       0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+                       0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+                       0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+                       0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+                       0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+                       0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+                       0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+                       0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+                       0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+                       0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+                       0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+                       0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+                       0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
+               }, {
+                       0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+                       0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+                       0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+                       0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+                       0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+                       0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+                       0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+                       0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+                       0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+                       0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+                       0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+                       0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+                       0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+                       0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+                       0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+                       0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+                       0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+                       0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+                       0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+                       0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+                       0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+                       0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+                       0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+                       0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+                       0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+                       0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+                       0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+                       0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+                       0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+                       0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+                       0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+                       0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+                       0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+                       0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+                       0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+                       0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+                       0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+                       0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+                       0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+                       0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+                       0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+                       0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+                       0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+                       0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+                       0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+                       0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+                       0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+                       0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+                       0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+                       0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+                       0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+                       0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+                       0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+                       0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+                       0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+                       0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+                       0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+                       0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+                       0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+                       0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+                       0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+                       0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+                       0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+                       0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
+               }, {
+                       0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+                       0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+                       0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+                       0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+                       0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+                       0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+                       0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+                       0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+                       0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+                       0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+                       0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+                       0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+                       0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+                       0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+                       0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+                       0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+                       0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+                       0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+                       0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+                       0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+                       0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+                       0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+                       0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+                       0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+                       0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+                       0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+                       0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+                       0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+                       0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+                       0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+                       0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+                       0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+                       0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+                       0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+                       0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+                       0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+                       0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+                       0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+                       0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+                       0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+                       0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+                       0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+                       0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+                       0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+                       0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+                       0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+                       0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+                       0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+                       0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+                       0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+                       0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+                       0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+                       0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+                       0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+                       0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+                       0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+                       0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+                       0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+                       0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+                       0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+                       0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+                       0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+                       0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+                       0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
+               }
+       }, {
+               0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+               0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+               0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+               0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+               0x9216d5d9, 0x8979fb1b
+       }
+};
+
+static unsigned char BF_itoa64[64 + 1] =
+       "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+static unsigned char BF_atoi64[0x60] = {
+       64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1,
+       54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64,
+       64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+       17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64,
+       64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
+       43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64
+};
+
+/*
+ * This may be optimized out if built with function inlining and no BF_ASM.
+ */
+static void clean(void *data, int size)
+{
+#if BF_ASM
+       extern void _BF_clean(void *data);
+#endif
+       memset(data, 0, size);
+#if BF_ASM
+       _BF_clean(data);
+#endif
+}
+
+#define BF_safe_atoi64(dst, src) \
+{ \
+       tmp = (unsigned char)(src); \
+       if (tmp == '$') break; \
+       if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
+       tmp = BF_atoi64[tmp]; \
+       if (tmp > 63) return -1; \
+       (dst) = tmp; \
+}
+
+static int BF_decode(BF_word *dst, __CONST char *src, int size)
+{
+       unsigned char *dptr = (unsigned char *)dst;
+       unsigned char *end = dptr + size;
+       unsigned char *sptr = (unsigned char *)src;
+       unsigned int tmp, c1, c2, c3, c4;
+
+       do {
+               BF_safe_atoi64(c1, *sptr++);
+               BF_safe_atoi64(c2, *sptr++);
+               *dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4);
+               if (dptr >= end) break;
+
+               BF_safe_atoi64(c3, *sptr++);
+               *dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2);
+               if (dptr >= end) break;
+
+               BF_safe_atoi64(c4, *sptr++);
+               *dptr++ = ((c3 & 0x03) << 6) | c4;
+       } while (dptr < end);
+
+       while (dptr < end)
+               *dptr++ = 0;
+
+       return 0;
+}
+
+static void BF_encode(char *dst, __CONST BF_word *src, int size)
+{
+       unsigned char *sptr = (unsigned char *)src;
+       unsigned char *end = sptr + size;
+       unsigned char *dptr = (unsigned char *)dst;
+       unsigned int c1, c2;
+
+       do {
+               c1 = *sptr++;
+               *dptr++ = BF_itoa64[c1 >> 2];
+               c1 = (c1 & 0x03) << 4;
+               if (sptr >= end) {
+                       *dptr++ = BF_itoa64[c1];
+                       break;
+               }
+
+               c2 = *sptr++;
+               c1 |= c2 >> 4;
+               *dptr++ = BF_itoa64[c1];
+               c1 = (c2 & 0x0f) << 2;
+               if (sptr >= end) {
+                       *dptr++ = BF_itoa64[c1];
+                       break;
+               }
+
+               c2 = *sptr++;
+               c1 |= c2 >> 6;
+               *dptr++ = BF_itoa64[c1];
+               *dptr++ = BF_itoa64[c2 & 0x3f];
+       } while (sptr < end);
+}
+
+static void BF_swap(BF_word *x, int count)
+{
+       static int endianness_check = 1;
+       char *is_little_endian = (char *)&endianness_check;
+       BF_word tmp;
+
+       if (*is_little_endian)
+       do {
+               tmp = *x;
+               tmp = (tmp << 16) | (tmp >> 16);
+               *x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF);
+       } while (--count);
+}
+
+#if BF_SCALE
+/* Architectures which can shift addresses left by 2 bits with no extra cost */
+#define BF_ROUND(L, R, N) \
+       tmp1 = L & 0xFF; \
+       tmp2 = L >> 8; \
+       tmp2 &= 0xFF; \
+       tmp3 = L >> 16; \
+       tmp3 &= 0xFF; \
+       tmp4 = L >> 24; \
+       tmp1 = data.ctx.S[3][tmp1]; \
+       tmp2 = data.ctx.S[2][tmp2]; \
+       tmp3 = data.ctx.S[1][tmp3]; \
+       tmp3 += data.ctx.S[0][tmp4]; \
+       tmp3 ^= tmp2; \
+       R ^= data.ctx.P[N + 1]; \
+       tmp3 += tmp1; \
+       R ^= tmp3;
+#else
+/* Architectures with no complicated addressing modes supported */
+#define BF_INDEX(S, i) \
+       (*((BF_word *)(((unsigned char *)S) + (i))))
+#define BF_ROUND(L, R, N) \
+       tmp1 = L & 0xFF; \
+       tmp1 <<= 2; \
+       tmp2 = L >> 6; \
+       tmp2 &= 0x3FC; \
+       tmp3 = L >> 14; \
+       tmp3 &= 0x3FC; \
+       tmp4 = L >> 22; \
+       tmp4 &= 0x3FC; \
+       tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \
+       tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \
+       tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \
+       tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \
+       tmp3 ^= tmp2; \
+       R ^= data.ctx.P[N + 1]; \
+       tmp3 += tmp1; \
+       R ^= tmp3;
+#endif
+
+/*
+ * Encrypt one block, BF_N is hardcoded here.
+ */
+#define BF_ENCRYPT \
+       L ^= data.ctx.P[0]; \
+       BF_ROUND(L, R, 0); \
+       BF_ROUND(R, L, 1); \
+       BF_ROUND(L, R, 2); \
+       BF_ROUND(R, L, 3); \
+       BF_ROUND(L, R, 4); \
+       BF_ROUND(R, L, 5); \
+       BF_ROUND(L, R, 6); \
+       BF_ROUND(R, L, 7); \
+       BF_ROUND(L, R, 8); \
+       BF_ROUND(R, L, 9); \
+       BF_ROUND(L, R, 10); \
+       BF_ROUND(R, L, 11); \
+       BF_ROUND(L, R, 12); \
+       BF_ROUND(R, L, 13); \
+       BF_ROUND(L, R, 14); \
+       BF_ROUND(R, L, 15); \
+       tmp4 = R; \
+       R = L; \
+       L = tmp4 ^ data.ctx.P[BF_N + 1];
+
+#if BF_ASM
+#define BF_body() \
+       _BF_body_r(&data.ctx);
+#else
+#define BF_body() \
+       L = R = 0; \
+       ptr = data.ctx.P; \
+       do { \
+               ptr += 2; \
+               BF_ENCRYPT; \
+               *(ptr - 2) = L; \
+               *(ptr - 1) = R; \
+       } while (ptr < &data.ctx.P[BF_N + 2]); \
+\
+       ptr = data.ctx.S[0]; \
+       do { \
+               ptr += 2; \
+               BF_ENCRYPT; \
+               *(ptr - 2) = L; \
+               *(ptr - 1) = R; \
+       } while (ptr < &data.ctx.S[3][0xFF]);
+#endif
+
+static void BF_set_key(__CONST char *key, BF_key expanded, BF_key initial)
+{
+       __CONST char *ptr = key;
+       int i, j;
+       BF_word tmp;
+
+       for (i = 0; i < BF_N + 2; i++) {
+               tmp = 0;
+               for (j = 0; j < 4; j++) {
+                       tmp <<= 8;
+                       tmp |= *ptr;
+
+                       if (!*ptr) ptr = key; else ptr++;
+               }
+
+               expanded[i] = tmp;
+               initial[i] = BF_init_state.P[i] ^ tmp;
+       }
+}
+
+char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
+       char *output, int size)
+{
+#if BF_ASM
+       extern void _BF_body_r(BF_ctx *ctx);
+#endif
+       struct {
+               BF_ctx ctx;
+               BF_key expanded_key;
+               union {
+                       BF_word salt[4];
+                       BF_word output[6];
+               } binary;
+       } data;
+       BF_word L, R;
+       BF_word tmp1, tmp2, tmp3, tmp4;
+       BF_word *ptr;
+       BF_word count;
+       int i;
+
+       if (size < 7 + 22 + 31 + 1) {
+               __set_errno(ERANGE);
+               return NULL;
+       }
+
+       if (setting[0] != '$' ||
+           setting[1] != '2' ||
+           setting[2] != 'a' ||
+           setting[3] != '$' ||
+           setting[4] < '0' || setting[4] > '3' ||
+           setting[5] < '0' || setting[5] > '9' ||
+           setting[6] != '$') {
+               __set_errno(EINVAL);
+               return NULL;
+       }
+
+       count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
+       if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16)) {
+               clean(data.binary.salt, sizeof(data.binary.salt));
+               __set_errno(EINVAL);
+               return NULL;
+       }
+
+       BF_swap(data.binary.salt, 4);
+
+       BF_set_key(key, data.expanded_key, data.ctx.P);
+
+       memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
+
+       L = R = 0;
+       for (i = 0; i < BF_N + 2; i += 2) {
+               L ^= data.binary.salt[i & 2];
+               R ^= data.binary.salt[(i & 2) + 1];
+               BF_ENCRYPT;
+               data.ctx.P[i] = L;
+               data.ctx.P[i + 1] = R;
+       }
+
+       ptr = data.ctx.S[0];
+       do {
+               ptr += 4;
+               L ^= data.binary.salt[(BF_N + 2) & 3];
+               R ^= data.binary.salt[(BF_N + 3) & 3];
+               BF_ENCRYPT;
+               *(ptr - 4) = L;
+               *(ptr - 3) = R;
+
+               L ^= data.binary.salt[(BF_N + 4) & 3];
+               R ^= data.binary.salt[(BF_N + 5) & 3];
+               BF_ENCRYPT;
+               *(ptr - 2) = L;
+               *(ptr - 1) = R;
+       } while (ptr < &data.ctx.S[3][0xFF]);
+
+       do {
+               data.ctx.P[0] ^= data.expanded_key[0];
+               data.ctx.P[1] ^= data.expanded_key[1];
+               data.ctx.P[2] ^= data.expanded_key[2];
+               data.ctx.P[3] ^= data.expanded_key[3];
+               data.ctx.P[4] ^= data.expanded_key[4];
+               data.ctx.P[5] ^= data.expanded_key[5];
+               data.ctx.P[6] ^= data.expanded_key[6];
+               data.ctx.P[7] ^= data.expanded_key[7];
+               data.ctx.P[8] ^= data.expanded_key[8];
+               data.ctx.P[9] ^= data.expanded_key[9];
+               data.ctx.P[10] ^= data.expanded_key[10];
+               data.ctx.P[11] ^= data.expanded_key[11];
+               data.ctx.P[12] ^= data.expanded_key[12];
+               data.ctx.P[13] ^= data.expanded_key[13];
+               data.ctx.P[14] ^= data.expanded_key[14];
+               data.ctx.P[15] ^= data.expanded_key[15];
+               data.ctx.P[16] ^= data.expanded_key[16];
+               data.ctx.P[17] ^= data.expanded_key[17];
+
+               BF_body();
+
+               tmp1 = data.binary.salt[0];
+               tmp2 = data.binary.salt[1];
+               tmp3 = data.binary.salt[2];
+               tmp4 = data.binary.salt[3];
+               data.ctx.P[0] ^= tmp1;
+               data.ctx.P[1] ^= tmp2;
+               data.ctx.P[2] ^= tmp3;
+               data.ctx.P[3] ^= tmp4;
+               data.ctx.P[4] ^= tmp1;
+               data.ctx.P[5] ^= tmp2;
+               data.ctx.P[6] ^= tmp3;
+               data.ctx.P[7] ^= tmp4;
+               data.ctx.P[8] ^= tmp1;
+               data.ctx.P[9] ^= tmp2;
+               data.ctx.P[10] ^= tmp3;
+               data.ctx.P[11] ^= tmp4;
+               data.ctx.P[12] ^= tmp1;
+               data.ctx.P[13] ^= tmp2;
+               data.ctx.P[14] ^= tmp3;
+               data.ctx.P[15] ^= tmp4;
+               data.ctx.P[16] ^= tmp1;
+               data.ctx.P[17] ^= tmp2;
+
+               BF_body();
+       } while (--count);
+
+       for (i = 0; i < 6; i += 2) {
+               L = BF_magic_w[i];
+               R = BF_magic_w[i + 1];
+
+               count = 64;
+               do {
+                       BF_ENCRYPT;
+               } while (--count);
+
+               data.binary.output[i] = L;
+               data.binary.output[i + 1] = R;
+       }
+
+       memcpy(output, setting, 7 + 22 - 1);
+       output[7 + 22 - 1] = BF_itoa64[(int)
+               BF_atoi64[(int)setting[7 + 22 - 1] - 0x20] & 0x30];
+
+/* This has to be bug-compatible with the original implementation, so
+ * only encode 23 of the 24 bytes. :-) */
+       BF_swap(data.binary.output, 6);
+       BF_encode(&output[7 + 22], data.binary.output, 23);
+       output[7 + 22 + 31] = '\0';
+
+/* Overwrite the most obvious sensitive data we have on the stack. Note
+ * that this does not guarantee there's no sensitive data left on the
+ * stack and/or in registers; I'm not aware of portable code that does. */
+       clean(&data, sizeof(data));
+
+       return output;
+}
+
+char *_crypt_gensalt_blowfish_rn(unsigned long count,
+       __CONST char *input, int size, char *output, int output_size)
+{
+       if (size < 16 || output_size < 7 + 22 + 1 ||
+           (count && (count < 4 || count > 31))) {
+               if (output_size > 0) output[0] = '\0';
+               __set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
+               return NULL;
+       }
+
+       if (!count) count = 5;
+
+       output[0] = '$';
+       output[1] = '2';
+       output[2] = 'a';
+       output[3] = '$';
+       output[4] = '0' + count / 10;
+       output[5] = '0' + count % 10;
+       output[6] = '$';
+
+       BF_encode(&output[7], (BF_word *)input, 16);
+       output[7 + 22] = '\0';
+
+       return output;
+}
+diff -Nura php-4.4.2/ext/standard/crypt.c hardening-patch-4.4.2-0.4.15/ext/standard/crypt.c
+--- php-4.4.2/ext/standard/crypt.c      2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/crypt.c   2006-09-05 20:30:33.000000000 +0200
+@@ -100,6 +100,8 @@
+        return SUCCESS;
+ }
+ 
+char *_crypt_blowfish_rn(char *key, char *setting, char *output, int size);
+char *_crypt_gensalt_blowfish_rn(unsigned long count, char *input, int size, char *output, int output_size);
+ 
+ static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ 
+@@ -135,7 +137,14 @@
+ 
+        /* The automatic salt generation only covers standard DES and md5-crypt */
+        if(!*salt) {
+-#if PHP_MD5_CRYPT
+#if PHP_BLOWFISH_CRYPT
+               char randat[16];
+               int i;
+               
+               for (i=0; i<16; i++) randat[i] = PHP_CRYPT_RAND;
+               
+               _crypt_gensalt_blowfish_rn(5, randat, sizeof(randat), salt, sizeof(salt));
+#elif PHP_MD5_CRYPT
+                strcpy(salt, "$1$");
+                php_to64(&salt[3], PHP_CRYPT_RAND, 4);
+                php_to64(&salt[7], PHP_CRYPT_RAND, 4);
+@@ -145,8 +154,24 @@
+                salt[2] = '\0';
+ #endif
+        }
+-
+-       RETVAL_STRING(crypt(str, salt), 1);
+       
+       if (salt[0] == '$' &&
+           salt[1] == '2' &&
+           salt[2] == 'a' &&
+           salt[3] == '$' &&
+           salt[4] >= '0' && salt[4] <= '3' &&
+           salt[5] >= '0' && salt[5] <= '9' &&
+           salt[6] == '$') {
+           
+               char output[PHP_MAX_SALT_LEN+1];
+           
+               output[0] = 0;
+               _crypt_blowfish_rn(str, salt, output, sizeof(output));
+               RETVAL_STRING(output, 1);
+           
+       } else {
+               RETVAL_STRING(crypt(str, salt), 1);
+       }
+ }
+ /* }}} */
+ #endif
+diff -Nura php-4.4.2/ext/standard/dl.c hardening-patch-4.4.2-0.4.15/ext/standard/dl.c
+--- php-4.4.2/ext/standard/dl.c 2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/dl.c      2006-09-05 20:30:33.000000000 +0200
+@@ -160,8 +160,35 @@
+                RETURN_FALSE;
+        }
+        module_entry = get_module();
+
+       /* check if Hardening-Patch is installed */
+       if (module_entry->zend_api < 1000000000) {
+               php_error_docref(NULL TSRMLS_CC, error_type,
+                                 "%s: Unable to initialize module\n"
+                                 "Module compiled without Hardening-Patch, module API=%d, debug=%d, thread-safety=%d\n"
+                                 "PHP    compiled with Hardening-Patch=%d, module API=%d, debug=%d, thread-safety=%d\n"
+                                 "These options need to match\n",
+                                 module_entry->name, module_entry->zend_api, module_entry->zend_debug, module_entry->zts,
+                                 HARDENING_PATCH_ZEND_MODULE_API_NO, ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS);
+               DL_UNLOAD(handle);
+               RETURN_FALSE;
+       }
+
+       /* check if correct Hardening-Patch is installed */
+       if (module_entry->zend_api != HARDENING_PATCH_ZEND_MODULE_API_NO) {
+               php_error_docref(NULL TSRMLS_CC, error_type,
+                                 "%s: Unable to initialize module\n"
+                                 "Module compiled with Hardening-Patch=%d, module API=%d, debug=%d, thread-safety=%d\n"
+                                 "PHP    compiled with Hardening-Patch=%d, module API=%d, debug=%d, thread-safety=%d\n"
+                                 "These options need to match\n",
+                                 module_entry->name, module_entry->zend_api, module_entry->real_zend_api, module_entry->zend_debug, module_entry->zts,
+                                 HARDENING_PATCH_ZEND_MODULE_API_NO, ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS);
+               DL_UNLOAD(handle);
+               RETURN_FALSE;
+       }
+
+        if ((module_entry->zend_debug != ZEND_DEBUG) || (module_entry->zts != USING_ZTS)
+-               || (module_entry->zend_api != ZEND_MODULE_API_NO)) {
+               || (module_entry->real_zend_api != ZEND_MODULE_API_NO)) {
+                /* Check for pre-4.1.0 module which has a slightly different module_entry structure :( */
+                        struct pre_4_1_0_module_entry {
+                                  char *name;
+@@ -195,7 +222,7 @@
+                                zts        = ((struct pre_4_1_0_module_entry *)module_entry)->zts; 
+                        } else {                        
+                                name       = module_entry->name;
+-                               zend_api   = module_entry->zend_api;
+                               zend_api   = module_entry->real_zend_api;
+                                zend_debug = module_entry->zend_debug;
+                                zts        = module_entry->zts; 
+                        }
+diff -Nura php-4.4.2/ext/standard/file.c hardening-patch-4.4.2-0.4.15/ext/standard/file.c
+--- php-4.4.2/ext/standard/file.c       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/file.c    2006-09-05 20:30:33.000000000 +0200
+@@ -21,7 +21,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: file.c,v 1.279.2.70.2.3 2006/01/01 13:46:57 sniper Exp $ */
+/* $Id: file.c,v 1.279.2.70.2.7 2006/04/14 17:46:59 pollita Exp $ */
+ 
+ /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */
+ 
+@@ -552,7 +552,7 @@
+        pval **arg1, **arg2;
+        char *d;
+        char *opened_path;
+-       char p[64];
+       char *p;
+        FILE *fp;
+ 
+        if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) {
+@@ -566,7 +566,11 @@
+        }
+ 
+        d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1));
+-       strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p));
+
+       p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0);
+       if (strlen(p) > 64) {
+               p[63] = '\0';
+       }
+ 
+        if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) {
+                fclose(fp);
+@@ -574,6 +578,7 @@
+        } else {
+                RETVAL_FALSE;
+        }
+       efree(p);
+        efree(d);
+ }
+ /* }}} */
+@@ -819,7 +824,7 @@
+ 
+        /* If seconds is not set to null, build the timeval, else we wait indefinitely */
+        if (sec != NULL) {
+-               convert_to_long_ex(&sec);
+               convert_to_long(sec);
+ 
+                if (usec > 999999) {
+                        tv.tv_sec = Z_LVAL_P(sec) + (usec / 1000000);
+@@ -2196,7 +2201,7 @@
+ safe_to_copy:
+ 
+        srcstream = php_stream_open_wrapper(src, "rb",
+-                               STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS,
+                               ENFORCE_SAFE_MODE | REPORT_ERRORS,
+                                NULL);
+ 
+        if (!srcstream)
+@@ -2522,7 +2527,7 @@
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+ /* {{{ proto string realpath(string path)
+    Return the resolved path */
+-PHP_FUNCTION(realpath)
+PHP_FUNCTION(real_path)
+ {
+        zval **path;
+        char resolved_path_buff[MAXPATHLEN];
+diff -Nura php-4.4.2/ext/standard/file.h hardening-patch-4.4.2-0.4.15/ext/standard/file.h
+--- php-4.4.2/ext/standard/file.h       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/file.h    2006-09-05 20:30:33.000000000 +0200
+@@ -64,7 +64,7 @@
+ PHP_FUNCTION(fd_set);
+ PHP_FUNCTION(fd_isset);
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+-PHP_FUNCTION(realpath);
+PHP_FUNCTION(real_path);
+ #endif
+ #ifdef HAVE_FNMATCH
+ PHP_FUNCTION(fnmatch);
+diff -Nura php-4.4.2/ext/standard/head.c hardening-patch-4.4.2-0.4.15/ext/standard/head.c
+--- php-4.4.2/ext/standard/head.c       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/head.c    2006-09-05 20:30:33.000000000 +0200
+@@ -44,7 +44,7 @@
+        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|bl", &ctr.line,
+                                &ctr.line_len, &rep, &ctr.response_code) == FAILURE)
+                return;
+-       
+
+        sapi_header_op(rep ? SAPI_HEADER_REPLACE:SAPI_HEADER_ADD, &ctr TSRMLS_CC);
+ }
+ /* }}} */
+diff -Nura php-4.4.2/ext/standard/html.c hardening-patch-4.4.2-0.4.15/ext/standard/html.c
+--- php-4.4.2/ext/standard/html.c       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/html.c    2006-09-05 20:30:33.000000000 +0200
+@@ -18,7 +18,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: html.c,v 1.63.2.23.2.1 2006/01/01 13:46:57 sniper Exp $ */
+/* $Id: html.c,v 1.63.2.23.2.2 2006/02/25 21:33:06 rasmus Exp $ */
+ 
+ /*
+  * HTML entity resources:
+@@ -793,7 +793,7 @@
+        enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
+        unsigned char replacement[15];
+        
+-       ret = estrdup(old);
+       ret = estrndup(old, oldlen);
+        retlen = oldlen;
+        if (!retlen) {
+                goto empty_source;
+diff -Nura php-4.4.2/ext/standard/http_fopen_wrapper.c hardening-patch-4.4.2-0.4.15/ext/standard/http_fopen_wrapper.c
+--- php-4.4.2/ext/standard/http_fopen_wrapper.c 2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/http_fopen_wrapper.c      2006-09-05 20:30:33.000000000 +0200
+@@ -18,7 +18,7 @@
+    |          Wez Furlong <wez@thebrainroom.com>                          |
+    +----------------------------------------------------------------------+
+  */
+-/* $Id: http_fopen_wrapper.c,v 1.53.2.20.2.5 2006/01/01 13:46:57 sniper Exp $ */ 
+/* $Id: http_fopen_wrapper.c,v 1.53.2.20.2.9 2006/04/16 17:45:55 iliaa Exp $ */ 
+ 
+ #include "php.h"
+ #include "php_globals.h"
+@@ -339,7 +339,7 @@
+                size_t tmp_line_len;
+                /* get response header */
+ 
+-               if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len TSRMLS_CC) != NULL) {
+               if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
+                        zval *http_response;
+                        int response_code;
+ 
+@@ -353,6 +353,7 @@
+                        }
+                        switch(response_code) {
+                                case 200:
+                               case 206: /* partial content */
+                                case 302:
+                                case 301:
+                                        reqok = 1;
+@@ -394,7 +395,7 @@
+ 
+        while (!body && !php_stream_eof(stream)) {
+                size_t http_header_line_length;
+-               if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length TSRMLS_CC) && *http_header_line != '\n' && *http_header_line != '\r') {
+               if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
+                        char *e = http_header_line + http_header_line_length - 1;
+                        while (*e == '\n' || *e == '\r') {
+                                e--;
+@@ -502,9 +503,11 @@
+        }       \
+ }      \
+                        /* check for control characters in login, password & path */
+-                       CHECK_FOR_CNTRL_CHARS(resource->user)
+-                       CHECK_FOR_CNTRL_CHARS(resource->pass)
+-                       CHECK_FOR_CNTRL_CHARS(resource->path)
+                       if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) {
+                               CHECK_FOR_CNTRL_CHARS(resource->user)
+                               CHECK_FOR_CNTRL_CHARS(resource->pass)
+                               CHECK_FOR_CNTRL_CHARS(resource->path)
+                       }
+ 
+                        stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
+                        if (stream && stream->wrapperdata)      {
+diff -Nura php-4.4.2/ext/standard/info.c hardening-patch-4.4.2-0.4.15/ext/standard/info.c
+--- php-4.4.2/ext/standard/info.c       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/info.c    2006-09-05 20:30:33.000000000 +0200
+@@ -18,7 +18,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: info.c,v 1.218.2.18.2.6 2006/01/01 13:46:57 sniper Exp $ */
+/* $Id: info.c,v 1.218.2.18.2.7 2006/06/28 13:12:09 derick Exp $ */
+ 
+ #include "php.h"
+ #include "php_ini.h"
+@@ -58,6 +58,23 @@
+ 
+ PHPAPI extern char *php_ini_opened_path;
+ PHPAPI extern char *php_ini_scanned_files;
+       
+static int php_info_write_wrapper(const char *str, uint str_length)
+{
+       int new_len, written;
+       char *elem_esc;
+
+       TSRMLS_FETCH();
+
+       elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
+
+       written = php_body_write(elem_esc, new_len TSRMLS_CC);
+
+       efree(elem_esc);
+
+       return written;
+}
+
+ 
+ /* {{{ _display_module_info
+  */
+@@ -133,23 +150,12 @@
+                                PUTS(" => ");
+                        }
+                        if (Z_TYPE_PP(tmp) == IS_ARRAY) {
+-                               zval *tmp3;
+-                               MAKE_STD_ZVAL(tmp3);
+                                if (!sapi_module.phpinfo_as_text) {
+                                        PUTS("<pre>");
+-                               }
+-                               php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+-                               zend_print_zval_r(*tmp, 0);
+-                               php_ob_get_buffer(tmp3 TSRMLS_CC);
+-                               php_end_ob_buffer(0, 0 TSRMLS_CC);
+-                               
+-                               elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+-                               PUTS(elem_esc);
+-                               efree(elem_esc);
+-                               zval_ptr_dtor(&tmp3);
+-
+-                               if (!sapi_module.phpinfo_as_text) {
+                                       zend_print_zval_r_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
+                                        PUTS("</pre>");
+                               } else {
+                                       zend_print_zval_r(*tmp, 0);                             
+                                }
+                        } else if (Z_TYPE_PP(tmp) != IS_STRING) {
+                                tmp2 = **tmp;
+@@ -408,7 +414,7 @@
+ 
+        if (flag & PHP_INFO_GENERAL) {
+                char *zend_version = get_zend_version();
+-               char temp_api[9];
+               char temp_api[11];
+ 
+                php_uname = php_get_uname('a');
+ 
+@@ -430,11 +436,22 @@
+                        }
+                }
+ 
+#if HARDENING_PATCH
+               if (!sapi_module.phpinfo_as_text) {
+                       php_printf("<h1 class=\"p\">PHP Version %s with <a href=\"http://www.hardened-php.net\">Hardening-Patch</a> %s</h1>\n", PHP_VERSION, HARDENING_PATCH_VERSION);
+               } else {
+                       char temp_ver[40];      
+               
+                       snprintf(temp_ver, sizeof(temp_ver), "%s/%s", PHP_VERSION, HARDENING_PATCH_VERSION);
+                       php_info_print_table_row(2, "PHP/Hardening-Patch Version", temp_ver);
+               }
+#else
+                if (!sapi_module.phpinfo_as_text) {
+                        php_printf("<h1 class=\"p\">PHP Version %s</h1>\n", PHP_VERSION);
+                } else {
+                        php_info_print_table_row(2, "PHP Version", PHP_VERSION);
+                }
+#endif
+                php_info_print_box_end();
+                php_info_print_table_start();
+                php_info_print_table_row(2, "System", php_uname );
+diff -Nura php-4.4.2/ext/standard/mail.c hardening-patch-4.4.2-0.4.15/ext/standard/mail.c
+--- php-4.4.2/ext/standard/mail.c       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/mail.c    2006-09-05 20:30:33.000000000 +0200
+@@ -78,6 +78,25 @@
+ }
+ /* }}} */
+ 
+/* {{{ hphp_strcasestr */
+char *hphp_strcasestr(char *haystack, char *needle)
+{
+       unsigned char *t, *h, *n;
+
+       h = (unsigned char *) haystack;
+conts:
+       while (*h) {
+               n = (unsigned char *) needle;
+               for (t=h++; *n && *h; t++, n++) {
+                       if (toupper(*t) != toupper(*n)) goto conts;
+               }
+               return ((char*)h-1);
+       }
+
+       return (NULL);
+}
+/* }}} */
+
+ /* {{{ proto int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]])
+    Send an email message */
+ PHP_FUNCTION(mail)
+@@ -103,6 +122,44 @@
+                return;
+        }
+ 
+       if (HG(hphp_mailprotect) > 0) {
+               if (headers_len > 0 && headers && (strstr(headers,"\n\n") || strstr(headers,"\r\n\r\n")) ) {
+                       php_security_log(S_MAIL, "mail() - double newline in headers, possible injection, mail dropped");
+                       RETURN_FALSE;
+               }
+
+               /* check for spam attempts with buggy webforms */
+               if (to_len > 0 && to && (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL)) {
+                       php_security_log(S_MAIL, "mail() - newline in to header, possible injection, mail dropped");
+                       RETURN_FALSE;
+               }
+
+               if (subject_len > 0 && subject && (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL)) {
+                       php_security_log(S_MAIL, "mail() - newline subject header, possible injection, mail dropped");
+                       RETURN_FALSE;
+               }
+               
+               if (HG(hphp_mailprotect) > 1) {
+                       /* search for to, cc or bcc headers */
+                       if (headers_len > 0 && headers != NULL) {
+                               if (strncasecmp(headers, "to:", sizeof("to:") - 1) == 0 || hphp_strcasestr(headers, "\nto:")) {
+                                       php_security_log(S_MAIL, "mail() - To: headers aren't allowed in the headers parameter.");
+                                       RETURN_FALSE;
+                               }
+
+                               if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || hphp_strcasestr(headers, "\ncc:")) {
+                                       php_security_log(S_MAIL, "mail() - CC: headers aren't allowed in the headers parameter.");
+                                       RETURN_FALSE;
+                               }
+
+                               if (strncasecmp(headers, "bcc:", sizeof("bcc:") - 1) == 0 || hphp_strcasestr(headers, "\nbcc:")) {
+                                       php_security_log(S_MAIL, "mail() - BCC: headers aren't allowed in the headers parameter.");
+                                       RETURN_FALSE;
+                               }
+                       }
+               }
+       }
+
+        if (to_len > 0) {
+                to_r = estrndup(to, to_len);
+                for (; to_len; to_len--) {
+diff -Nura php-4.4.2/ext/standard/pack.c hardening-patch-4.4.2-0.4.15/ext/standard/pack.c
+--- php-4.4.2/ext/standard/pack.c       2006-01-01 14:46:57.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/pack.c    2006-09-05 20:30:33.000000000 +0200
+@@ -15,7 +15,7 @@
+    | Author: Chris Schneider <cschneid@relog.ch>                          |
+    +----------------------------------------------------------------------+
+  */
+-/* $Id: pack.c,v 1.40.2.7.2.4 2006/01/01 13:46:57 sniper Exp $ */
+/* $Id: pack.c,v 1.40.2.7.2.5 2006/01/26 15:47:31 iliaa Exp $ */
+ 
+ #include "php.h"
+ 
+@@ -693,7 +693,9 @@
+                                                        len = size * 2;
+                                                } 
+ 
+-                                               len -= argb % 2;
+                                               if (argb > 0) { 
+                                                       len -= argb % 2;
+                                               }
+ 
+                                                buf = emalloc(len + 1);
+ 
+diff -Nura php-4.4.2/ext/standard/php_standard.h hardening-patch-4.4.2-0.4.15/ext/standard/php_standard.h
+--- php-4.4.2/ext/standard/php_standard.h       2006-01-01 14:46:58.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/php_standard.h    2006-09-05 20:30:33.000000000 +0200
+@@ -28,6 +28,7 @@
+ #include "php_mail.h"
+ #include "md5.h"
+ #include "sha1.h"
+#include "sha256.h"
+ #include "html.h"
+ #include "exec.h"
+ #include "file.h"
+diff -Nura php-4.4.2/ext/standard/scanf.c hardening-patch-4.4.2-0.4.15/ext/standard/scanf.c
+--- php-4.4.2/ext/standard/scanf.c      2006-01-01 14:46:58.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/scanf.c   2006-09-05 20:30:33.000000000 +0200
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: scanf.c,v 1.16.4.9.2.1 2006/01/01 13:46:58 sniper Exp $ */
+/* $Id: scanf.c,v 1.16.4.9.2.2 2006/08/04 11:59:50 tony2001 Exp $ */
+ 
+ /*
+    scanf.c --
+@@ -732,7 +732,7 @@
+                 if (*end == '$') {
+                     format = end+1;
+                     ch = format++;
+-                    objIndex = varStart + value;
+                    objIndex = varStart + value - 1;
+                 }
+          }
+ 
+@@ -762,8 +762,10 @@
+         switch (*ch) {
+             case 'n':
+                 if (!(flags & SCAN_SUPPRESS)) {
+-                    if (numVars) {
+-                                               current = args[objIndex++];
+                    if (numVars && objIndex >= argCount) {
+                        break;
+                    } else if (numVars) {
+                        current = args[objIndex++];
+                         zval_dtor( *current );
+                         ZVAL_LONG( *current, (long)(string - baseString) );
+                     } else {
+@@ -883,8 +885,10 @@
+                 }
+             }
+             if (!(flags & SCAN_SUPPRESS)) {
+-                if (numVars) {
+-                    current = args[objIndex++];
+                if (numVars && objIndex >= argCount) {
+                    break;
+                } else if (numVars) {
+                                       current = args[objIndex++];
+                                        zval_dtor( *current );
+                                        ZVAL_STRINGL( *current, string, end-string, 1);
+                 } else {
+@@ -922,7 +926,9 @@
+                 goto done;
+             }
+             if (!(flags & SCAN_SUPPRESS)) {
+-                if (numVars) {
+                if (numVars && objIndex >= argCount) {
+                    break;
+                } else if (numVars) {
+                     current = args[objIndex++];
+                     zval_dtor( *current );
+                     ZVAL_STRINGL( *current, string, end-string, 1);
+@@ -1079,8 +1085,10 @@
+                    value = (int) (*fn)(buf, NULL, base);
+                    if ((flags & SCAN_UNSIGNED) && (value < 0)) {
+                 sprintf(buf, "%u", value); /* INTL: ISO digit */
+-                if (numVars) {
+-                  /* change passed value type to string */
+                if (numVars && objIndex >= argCount) {
+                   break;
+                } else if (numVars) {
+                   /* change passed value type to string */
+                    current = args[objIndex++];
+                    convert_to_string( *current );
+                    ZVAL_STRING( *current, buf, 1 );
+@@ -1088,7 +1096,9 @@
+                     add_index_string(*return_value, objIndex++, buf, 1);
+                 }
+             } else {
+-                if (numVars) {
+                if (numVars && objIndex >= argCount) {
+                    break;
+                } else if (numVars) {
+                     current = args[objIndex++];
+                     convert_to_long( *current );
+                     Z_LVAL(**current) = value;
+@@ -1196,7 +1206,9 @@
+                    double dvalue;
+                    *end = '\0';
+                    dvalue = zend_strtod(buf, NULL);
+-            if (numVars) {
+            if (numVars && objIndex >= argCount) {
+                break;
+            } else if (numVars) {
+                 current = args[objIndex++];
+                 convert_to_double( *current );
+                 Z_DVAL_PP( current ) = dvalue;
+diff -Nura php-4.4.2/ext/standard/sha256.c hardening-patch-4.4.2-0.4.15/ext/standard/sha256.c
+--- php-4.4.2/ext/standard/sha256.c     1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/sha256.c  2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,398 @@
+/*
+   +----------------------------------------------------------------------+
+   | PHP Version 5                                                        |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 1997-2004 The PHP Group                                |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.0 of the PHP license,       |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.php.net/license/3_0.txt.                                  |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@php.net>                                |
+   +----------------------------------------------------------------------+
+*/
+
+/* $Id: sha256.c,v 1.9 2004/01/08 08:17:34 andi Exp $ */
+
+#include <stdio.h>
+#include "php.h"
+
+/* This code is heavily based on the PHP md5/sha1 implementations */ 
+
+#include "sha256.h"
+
+PHPAPI void make_sha256_digest(char *sha256str, unsigned char *digest)
+{
+       int i;
+
+       for (i = 0; i < 32; i++) {
+               sprintf(sha256str, "%02x", digest[i]);
+               sha256str += 2;
+       }
+
+       *sha256str = '\0';
+}
+
+/* {{{ proto string sha256(string str [, bool raw_output])
+   Calculate the sha256 hash of a string */
+PHP_FUNCTION(sha256)
+{
+       char *arg;
+       int arg_len;
+       zend_bool raw_output = 0;
+       char sha256str[65];
+       PHP_SHA256_CTX context;
+       unsigned char digest[32];
+       
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &arg, &arg_len, &raw_output) == FAILURE) {
+               return;
+       }
+
+       sha256str[0] = '\0';
+       PHP_SHA256Init(&context);
+       PHP_SHA256Update(&context, arg, arg_len);
+       PHP_SHA256Final(digest, &context);
+       if (raw_output) {
+               RETURN_STRINGL(digest, 32, 1);
+       } else {
+               make_sha256_digest(sha256str, digest);
+               RETVAL_STRING(sha256str, 1);
+       }
+
+}
+
+/* }}} */
+
+/* {{{ proto string sha256_file(string filename [, bool raw_output])
+   Calculate the sha256 hash of given filename */
+PHP_FUNCTION(sha256_file)
+{
+       char          *arg;
+       int           arg_len;
+       zend_bool raw_output = 0;
+       char          sha256str[65];
+       unsigned char buf[1024];
+       unsigned char digest[32];
+       PHP_SHA256_CTX   context;
+       int           n;
+       FILE          *fp;
+
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &arg, &arg_len, &raw_output) == FAILURE) {
+               return;
+       }
+
+       if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+               RETURN_FALSE;
+       }
+
+       if (php_check_open_basedir(arg TSRMLS_CC)) {
+               RETURN_FALSE;
+       }
+
+       if ((fp = VCWD_FOPEN(arg, "rb")) == NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open file");
+               RETURN_FALSE;
+       }
+
+       PHP_SHA256Init(&context);
+
+       while ((n = fread(buf, 1, sizeof(buf), fp)) > 0) {
+               PHP_SHA256Update(&context, buf, n);
+       }
+
+       PHP_SHA256Final(digest, &context);
+
+       if (ferror(fp)) {
+               fclose(fp);
+               RETURN_FALSE;
+       }
+
+       fclose(fp);
+
+       if (raw_output) {
+               RETURN_STRINGL(digest, 32, 1);
+       } else {
+               make_sha256_digest(sha256str, digest);
+               RETVAL_STRING(sha256str, 1);
+       }
+}
+/* }}} */
+
+
+static void SHA256Transform(php_uint32[8], const unsigned char[64]);
+static void SHA256Encode(unsigned char *, php_uint32 *, unsigned int);
+static void SHA256Decode(php_uint32 *, const unsigned char *, unsigned int);
+
+static unsigned char PADDING[64] =
+{
+       0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+       0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+       0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic SHA256 functions.
+ */
+#define F(x) (ROTATE_RIGHT(x,2) ^ ROTATE_RIGHT(x,13) ^ ROTATE_RIGHT(x,22))
+#define G(x, y, z) (((x) & (y)) | ((z) & ((y) | (x))))
+#define H(x) (ROTATE_RIGHT(x,6) ^ ROTATE_RIGHT(x,11) ^ ROTATE_RIGHT(x,25))
+#define I(x, y, z) (((x) & (y)) | ((~x) & z))
+
+/* ROTATE_RIGHT rotates x right n bits.
+ */
+#define ROTATE_RIGHT(x, n) (((x) >> (n)) | ((x) << (32-(n))))
+
+/* W[i]
+ */
+#define W(i) ( tmp1=ROTATE_RIGHT(x[(i-15)&15],7)^ROTATE_RIGHT(x[(i-15)&15],18)^(x[(i-15)&15] >> 3), \
+       tmp2=ROTATE_RIGHT(x[(i-2)&15],17)^ROTATE_RIGHT(x[(i-2)&15],19)^(x[(i-2)&15] >> 10), \
+       (x[i&15]=x[i&15] + tmp1 + x[(i-7)&15] + tmp2) ) 
+
+/* ROUND function of sha256
+ */
+
+#define ROUND(a,b,c,d,e,f,g,h,w,k) { \
+ t1 = (h) + H((e)) + I((e), (f), (g)) + (k) + (php_uint32)(w); \
+ (h) = F((a)) + G((a), (b), (c)) + t1; \
+ (d) += t1; \
+ } 
+                                           
+
+/* {{{ PHP_SHA256Init
+ * SHA256 initialization. Begins an SHA256 operation, writing a new context.
+ */
+PHPAPI void PHP_SHA256Init(PHP_SHA256_CTX * context)
+{
+       context->count[0] = context->count[1] = 0;
+       /* Load magic initialization constants.
+        */
+       context->state[0] = 0x6a09e667;
+       context->state[1] = 0xbb67ae85;
+       context->state[2] = 0x3c6ef372;
+       context->state[3] = 0xa54ff53a;
+       context->state[4] = 0x510e527f;
+       context->state[5] = 0x9b05688c;
+       context->state[6] = 0x1f83d9ab;
+       context->state[7] = 0x5be0cd19; 
+}
+/* }}} */
+
+/* {{{ PHP_SHA256Update
+   SHA256 block update operation. Continues an SHA256 message-digest
+   operation, processing another message block, and updating the
+   context.
+ */
+PHPAPI void PHP_SHA256Update(PHP_SHA256_CTX * context, const unsigned char *input,
+                          unsigned int inputLen)
+{
+       unsigned int i, index, partLen;
+
+       /* Compute number of bytes mod 64 */
+       index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
+
+       /* Update number of bits */
+       if ((context->count[0] += ((php_uint32) inputLen << 3))
+               < ((php_uint32) inputLen << 3))
+               context->count[1]++;
+       context->count[1] += ((php_uint32) inputLen >> 29);
+
+       partLen = 64 - index;
+
+       /* Transform as many times as possible.
+        */
+       if (inputLen >= partLen) {
+               memcpy
+                       ((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
+               SHA256Transform(context->state, context->buffer);
+
+               for (i = partLen; i + 63 < inputLen; i += 64)
+                       SHA256Transform(context->state, &input[i]);
+
+               index = 0;
+       } else
+               i = 0;
+
+       /* Buffer remaining input */
+       memcpy
+               ((unsigned char*) & context->buffer[index], (unsigned char*) & input[i],
+                inputLen - i);
+}
+/* }}} */
+
+/* {{{ PHP_SHA256Final
+   SHA256 finalization. Ends an SHA256 message-digest operation, writing the
+   the message digest and zeroizing the context.
+ */
+PHPAPI void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * context)
+{
+       unsigned char bits[8];
+       unsigned int index, padLen;
+
+       /* Save number of bits */
+       bits[7] = context->count[0] & 0xFF;
+       bits[6] = (context->count[0] >> 8) & 0xFF;
+       bits[5] = (context->count[0] >> 16) & 0xFF;
+       bits[4] = (context->count[0] >> 24) & 0xFF;
+       bits[3] = context->count[1] & 0xFF;
+       bits[2] = (context->count[1] >> 8) & 0xFF;
+       bits[1] = (context->count[1] >> 16) & 0xFF;
+       bits[0] = (context->count[1] >> 24) & 0xFF;
+       
+       /* Pad out to 56 mod 64.
+        */
+       index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
+       padLen = (index < 56) ? (56 - index) : (120 - index);
+       PHP_SHA256Update(context, PADDING, padLen);
+
+       /* Append length (before padding) */
+       PHP_SHA256Update(context, bits, 8);
+
+       /* Store state in digest */
+       SHA256Encode(digest, context->state, 32);
+
+       /* Zeroize sensitive information.
+        */
+       memset((unsigned char*) context, 0, sizeof(*context));
+}
+/* }}} */
+
+/* {{{ SHA256Transform
+ * SHA256 basic transformation. Transforms state based on block.
+ */
+static void SHA256Transform(state, block)
+php_uint32 state[8];
+const unsigned char block[64];
+{
+       php_uint32 a = state[0], b = state[1], c = state[2];
+       php_uint32 d = state[3], e = state[4], f = state[5];
+       php_uint32 g = state[6], h = state[7], x[16], tmp1, tmp2, t1;
+
+       SHA256Decode(x, block, 64);
+
+       ROUND(a, b, c, d, e, f, g, h, x[0], 0x428a2f98)
+       ROUND(h, a, b, c, d, e, f, g, x[1], 0x71374491)
+       ROUND(g, h, a, b, c, d, e, f, x[2], 0xb5c0fbcf)
+       ROUND(f, g, h, a, b, c, d, e, x[3], 0xe9b5dba5)
+       ROUND(e, f, g, h, a, b, c, d, x[4], 0x3956c25b)
+       ROUND(d, e, f, g, h, a, b, c, x[5], 0x59f111f1)
+       ROUND(c, d, e, f, g, h, a, b, x[6], 0x923f82a4)
+       ROUND(b, c, d, e, f, g, h, a, x[7], 0xab1c5ed5)
+       ROUND(a, b, c, d, e, f, g, h, x[8], 0xd807aa98)
+       ROUND(h, a, b, c, d, e, f, g, x[9], 0x12835b01)
+       ROUND(g, h, a, b, c, d, e, f, x[10], 0x243185be)
+       ROUND(f, g, h, a, b, c, d, e, x[11], 0x550c7dc3)
+       ROUND(e, f, g, h, a, b, c, d, x[12], 0x72be5d74)
+       ROUND(d, e, f, g, h, a, b, c, x[13], 0x80deb1fe)
+       ROUND(c, d, e, f, g, h, a, b, x[14], 0x9bdc06a7)
+       ROUND(b, c, d, e, f, g, h, a, x[15], 0xc19bf174)
+       ROUND(a, b, c, d, e, f, g, h, W(16), 0xe49b69c1)
+       ROUND(h, a, b, c, d, e, f, g, W(17), 0xefbe4786)
+       ROUND(g, h, a, b, c, d, e, f, W(18), 0x0fc19dc6)
+       ROUND(f, g, h, a, b, c, d, e, W(19), 0x240ca1cc)
+       ROUND(e, f, g, h, a, b, c, d, W(20), 0x2de92c6f)
+       ROUND(d, e, f, g, h, a, b, c, W(21), 0x4a7484aa)
+       ROUND(c, d, e, f, g, h, a, b, W(22), 0x5cb0a9dc)
+       ROUND(b, c, d, e, f, g, h, a, W(23), 0x76f988da)
+       ROUND(a, b, c, d, e, f, g, h, W(24), 0x983e5152)
+       ROUND(h, a, b, c, d, e, f, g, W(25), 0xa831c66d)
+       ROUND(g, h, a, b, c, d, e, f, W(26), 0xb00327c8)
+       ROUND(f, g, h, a, b, c, d, e, W(27), 0xbf597fc7)
+       ROUND(e, f, g, h, a, b, c, d, W(28), 0xc6e00bf3)
+       ROUND(d, e, f, g, h, a, b, c, W(29), 0xd5a79147)
+       ROUND(c, d, e, f, g, h, a, b, W(30), 0x06ca6351)
+       ROUND(b, c, d, e, f, g, h, a, W(31), 0x14292967)
+       ROUND(a, b, c, d, e, f, g, h, W(32), 0x27b70a85)
+       ROUND(h, a, b, c, d, e, f, g, W(33), 0x2e1b2138)
+       ROUND(g, h, a, b, c, d, e, f, W(34), 0x4d2c6dfc)
+       ROUND(f, g, h, a, b, c, d, e, W(35), 0x53380d13)
+       ROUND(e, f, g, h, a, b, c, d, W(36), 0x650a7354)
+       ROUND(d, e, f, g, h, a, b, c, W(37), 0x766a0abb)
+       ROUND(c, d, e, f, g, h, a, b, W(38), 0x81c2c92e)
+       ROUND(b, c, d, e, f, g, h, a, W(39), 0x92722c85)
+       ROUND(a, b, c, d, e, f, g, h, W(40), 0xa2bfe8a1)
+       ROUND(h, a, b, c, d, e, f, g, W(41), 0xa81a664b)
+       ROUND(g, h, a, b, c, d, e, f, W(42), 0xc24b8b70)
+       ROUND(f, g, h, a, b, c, d, e, W(43), 0xc76c51a3)
+       ROUND(e, f, g, h, a, b, c, d, W(44), 0xd192e819)
+       ROUND(d, e, f, g, h, a, b, c, W(45), 0xd6990624)
+       ROUND(c, d, e, f, g, h, a, b, W(46), 0xf40e3585)
+       ROUND(b, c, d, e, f, g, h, a, W(47), 0x106aa070)
+       ROUND(a, b, c, d, e, f, g, h, W(48), 0x19a4c116)
+       ROUND(h, a, b, c, d, e, f, g, W(49), 0x1e376c08)
+       ROUND(g, h, a, b, c, d, e, f, W(50), 0x2748774c)
+       ROUND(f, g, h, a, b, c, d, e, W(51), 0x34b0bcb5)
+       ROUND(e, f, g, h, a, b, c, d, W(52), 0x391c0cb3)
+       ROUND(d, e, f, g, h, a, b, c, W(53), 0x4ed8aa4a)
+       ROUND(c, d, e, f, g, h, a, b, W(54), 0x5b9cca4f)
+       ROUND(b, c, d, e, f, g, h, a, W(55), 0x682e6ff3)
+       ROUND(a, b, c, d, e, f, g, h, W(56), 0x748f82ee)
+       ROUND(h, a, b, c, d, e, f, g, W(57), 0x78a5636f)
+       ROUND(g, h, a, b, c, d, e, f, W(58), 0x84c87814)
+       ROUND(f, g, h, a, b, c, d, e, W(59), 0x8cc70208)
+       ROUND(e, f, g, h, a, b, c, d, W(60), 0x90befffa)
+       ROUND(d, e, f, g, h, a, b, c, W(61), 0xa4506ceb)
+       ROUND(c, d, e, f, g, h, a, b, W(62), 0xbef9a3f7)
+       ROUND(b, c, d, e, f, g, h, a, W(63), 0xc67178f2)
+
+       state[0] += a;
+       state[1] += b;
+       state[2] += c;
+       state[3] += d;
+       state[4] += e;
+       state[5] += f;
+       state[6] += g;
+       state[7] += h;
+
+       /* Zeroize sensitive information. */
+       memset((unsigned char*) x, 0, sizeof(x));
+}
+/* }}} */
+
+/* {{{ SHA256Encode
+   Encodes input (php_uint32) into output (unsigned char). Assumes len is
+   a multiple of 4.
+ */
+static void SHA256Encode(output, input, len)
+unsigned char *output;
+php_uint32 *input;
+unsigned int len;
+{
+       unsigned int i, j;
+
+       for (i = 0, j = 0; j < len; i++, j += 4) {
+               output[j] = (unsigned char) ((input[i] >> 24) & 0xff);
+               output[j + 1] = (unsigned char) ((input[i] >> 16) & 0xff);
+               output[j + 2] = (unsigned char) ((input[i] >> 8) & 0xff);
+               output[j + 3] = (unsigned char) (input[i] & 0xff);
+       }
+}
+/* }}} */
+
+/* {{{ SHA256Decode
+   Decodes input (unsigned char) into output (php_uint32). Assumes len is
+   a multiple of 4.
+ */
+static void SHA256Decode(output, input, len)
+php_uint32 *output;
+const unsigned char *input;
+unsigned int len;
+{
+       unsigned int i, j;
+
+       for (i = 0, j = 0; j < len; i++, j += 4)
+               output[i] = ((php_uint32) input[j + 3]) | (((php_uint32) input[j + 2]) << 8) |
+                       (((php_uint32) input[j + 1]) << 16) | (((php_uint32) input[j]) << 24);
+}
+/* }}} */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: sw=4 ts=4 fdm=marker
+ * vim<600: sw=4 ts=4
+ */
+diff -Nura php-4.4.2/ext/standard/sha256.h hardening-patch-4.4.2-0.4.15/ext/standard/sha256.h
+--- php-4.4.2/ext/standard/sha256.h     1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/sha256.h  2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,40 @@
+/*
+   +----------------------------------------------------------------------+
+   | PHP Version 5                                                        |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 1997-2004 The PHP Group                                |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.0 of the PHP license,       |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.php.net/license/3_0.txt.                                  |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@php.net>                                |
+   +----------------------------------------------------------------------+
+*/
+
+/* $Id: sha256.h,v 1.4 2004/01/08 17:32:52 sniper Exp $ */
+
+#ifndef SHA256_H
+#define SHA256_H
+
+#include "ext/standard/basic_functions.h"
+
+/* SHA1 context. */
+typedef struct {
+       php_uint32 state[8];            /* state (ABCD) */
+       php_uint32 count[2];            /* number of bits, modulo 2^64 (lsb first) */
+       unsigned char buffer[64];       /* input buffer */
+} PHP_SHA256_CTX;
+
+PHPAPI void PHP_SHA256Init(PHP_SHA256_CTX *);
+PHPAPI void PHP_SHA256Update(PHP_SHA256_CTX *, const unsigned char *, unsigned int);
+PHPAPI void PHP_SHA256Final(unsigned char[32], PHP_SHA256_CTX *);
+
+PHP_FUNCTION(sha256);
+PHP_FUNCTION(sha256_file);
+
+#endif
+diff -Nura php-4.4.2/ext/standard/string.c hardening-patch-4.4.2-0.4.15/ext/standard/string.c
+--- php-4.4.2/ext/standard/string.c     2006-01-01 14:46:58.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/string.c  2006-09-05 20:30:33.000000000 +0200
+@@ -18,7 +18,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: string.c,v 1.333.2.52.2.3 2006/01/01 13:46:58 sniper Exp $ */
+/* $Id: string.c,v 1.333.2.52.2.4 2006/03/13 14:41:27 iliaa Exp $ */
+ 
+ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
+ 
+@@ -628,7 +628,8 @@
+ {
+        const char *text, *breakchar = "\n";
+        char *newtext;
+-       int textlen, breakcharlen = 1, newtextlen, alloced, chk;
+       int textlen, breakcharlen = 1, newtextlen, chk;
+       size_t alloced;
+        long current = 0, laststart = 0, lastspace = 0;
+        long linelength = 75;
+        zend_bool docut = 0;
+@@ -672,15 +673,13 @@
+                /* Multiple character line break or forced cut */
+                if (linelength > 0) {
+                        chk = (int)(textlen/linelength + 1);
+                       newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
+                        alloced = textlen + chk * breakcharlen + 1;
+                } else {
+                        chk = textlen;
+                       newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
+                        alloced = textlen * (breakcharlen + 1) + 1;
+                }
+-               if (alloced <= 0) {
+-                       RETURN_FALSE;
+-               }
+-               newtext = emalloc(alloced);
+ 
+                /* now keep track of the actual new text length */
+                newtextlen = 0;
+@@ -3515,7 +3514,7 @@
+        zval            **input_str;            /* Input string */
+        zval            **mult;                 /* Multiplier */
+        char            *result;                /* Resulting string */
+-       int             result_len;             /* Length of the resulting string */
+       size_t          result_len;             /* Length of the resulting string */
+        
+        if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &input_str, &mult) == FAILURE) {
+                WRONG_PARAM_COUNT;
+@@ -3540,11 +3539,7 @@
+        
+        /* Initialize the result string */      
+        result_len = Z_STRLEN_PP(input_str) * Z_LVAL_PP(mult);
+-       if (result_len < 1) {
+-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may not create strings longer than 2147483647 bytes");
+-               RETURN_FALSE;
+-       }
+-       result = (char *)emalloc(result_len + 1);
+       result = (char *)safe_emalloc(Z_STRLEN_PP(input_str), Z_LVAL_PP(mult), 1);
+        
+        /* Heavy optimization for situations where input string is 1 byte long */
+        if (Z_STRLEN_PP(input_str) == 1) {
+diff -Nura php-4.4.2/ext/standard/syslog.c hardening-patch-4.4.2-0.4.15/ext/standard/syslog.c
+--- php-4.4.2/ext/standard/syslog.c     2006-01-01 14:46:58.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/syslog.c  2006-09-05 20:30:33.000000000 +0200
+@@ -42,6 +42,8 @@
+  */
+ PHP_MINIT_FUNCTION(syslog)
+ {
+
+#if !HARDENING_PATCH
+        /* error levels */
+        REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
+        REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
+@@ -97,7 +99,7 @@
+        /* AIX doesn't have LOG_PERROR */
+        REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
+ #endif
+-
+#endif
+        return SUCCESS;
+ }
+ /* }}} */
+diff -Nura php-4.4.2/ext/standard/tests/strings/bug38322.phpt hardening-patch-4.4.2-0.4.15/ext/standard/tests/strings/bug38322.phpt
+--- php-4.4.2/ext/standard/tests/strings/bug38322.phpt  1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/tests/strings/bug38322.phpt       2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,13 @@
+--TEST--
+Bug #38322 (reading past array in sscanf() leads to segfault/arbitary code execution)
+--FILE--
+<?php
+
+$str = "a b c d e";
+var_dump(sscanf("a ",'%1$s',$str));
+
+echo "Done\n";
+?>
+--EXPECTF--    
+int(1)
+Done
+diff -Nura php-4.4.2/ext/standard/url.c hardening-patch-4.4.2-0.4.15/ext/standard/url.c
+--- php-4.4.2/ext/standard/url.c        2006-01-01 14:46:58.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/standard/url.c     2006-09-05 20:30:33.000000000 +0200
+@@ -15,7 +15,7 @@
+    | Author: Jim Winstead <jimw@php.net>                                  |
+    +----------------------------------------------------------------------+
+  */
+-/* $Id: url.c,v 1.58.2.21.2.2 2006/01/01 13:46:58 sniper Exp $ */
+/* $Id: url.c,v 1.58.2.21.2.3 2006/02/12 16:43:03 iliaa Exp $ */
+ 
+ #include <stdlib.h>
+ #include <string.h>
+@@ -137,7 +137,7 @@
+                                p++;
+                        }
+                        
+-                       if ((*p) == '\0' || *p == '/') {
+                       if ((*p == '\0' || *p == '/') && (p - e) < 7) {
+                                goto parse_port;
+                        }
+                        
+diff -Nura php-4.4.2/ext/varfilter/config.m4 hardening-patch-4.4.2-0.4.15/ext/varfilter/config.m4
+--- php-4.4.2/ext/varfilter/config.m4   1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/varfilter/config.m4        2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,11 @@
+dnl
+dnl $Id: config.m4,v 1.1 2004/11/14 13:27:16 ionic Exp $
+dnl
+
+PHP_ARG_ENABLE(varfilter, whether to enable Hardening-Patch's variable filter,
+[  --disable-varfilter     Disable Hardening-Patch's variable filter], yes)
+
+if test "$PHP_VARFILTER" != "no"; then
+  AC_DEFINE(HAVE_VARFILTER, 1, [ ])
+  PHP_NEW_EXTENSION(varfilter, varfilter.c, $ext_shared)
+fi
+diff -Nura php-4.4.2/ext/varfilter/CREDITS hardening-patch-4.4.2-0.4.15/ext/varfilter/CREDITS
+--- php-4.4.2/ext/varfilter/CREDITS     1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/varfilter/CREDITS  2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,2 @@
+varfilter
+Stefan Esser
+\ Kein Zeilenumbruch am Dateiende.
+diff -Nura php-4.4.2/ext/varfilter/php_varfilter.h hardening-patch-4.4.2-0.4.15/ext/varfilter/php_varfilter.h
+--- php-4.4.2/ext/varfilter/php_varfilter.h     1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/varfilter/php_varfilter.h  2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,144 @@
+/*
+  +----------------------------------------------------------------------+
+  | Hardened-PHP Project's varfilter extension                           |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2004-2005 Stefan Esser                                 |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 2.02 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available at through the world-wide-web at                           |
+  | http://www.php.net/license/2_02.txt.                                 |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author: Stefan Esser <sesser@hardened-php.net>                       |
+  +----------------------------------------------------------------------+
+
+  $Id: php_varfilter.h,v 1.1 2004/11/14 13:27:16 ionic Exp $ 
+*/
+
+#ifndef PHP_VARFILTER_H
+#define PHP_VARFILTER_H
+
+extern zend_module_entry varfilter_module_entry;
+#define phpext_varfilter_ptr &varfilter_module_entry
+
+#ifdef PHP_WIN32
+#define PHP_VARFILTER_API __declspec(dllexport)
+#else
+#define PHP_VARFILTER_API
+#endif
+
+#ifdef ZTS
+#include "TSRM.h"
+#endif
+
+#include "SAPI.h"
+
+#include "php_variables.h"
+
+#ifdef ZEND_ENGINE_2
+#define HASH_HTTP_GET_VARS      0x2095733f
+#define HASH_HTTP_POST_VARS     0xbfee1265
+#define HASH_HTTP_COOKIE_VARS   0xaaca9d99
+#define HASH_HTTP_ENV_VARS      0x1fe186a8
+#define HASH_HTTP_SERVER_VARS   0xc987afd6
+#define HASH_HTTP_SESSION_VARS  0x7aba0d43
+#define HASH_HTTP_POST_FILES    0x98eb1ddc
+#define HASH_HTTP_RAW_POST_DATA 0xdd633fec
+#else
+#define HASH_HTTP_GET_VARS      0x8d8645bd
+#define HASH_HTTP_POST_VARS     0x7c699bf3
+#define HASH_HTTP_COOKIE_VARS   0x93ad0d6f
+#define HASH_HTTP_ENV_VARS      0x84da3016
+#define HASH_HTTP_SERVER_VARS   0x6dbf964e
+#define HASH_HTTP_SESSION_VARS  0x322906f5
+#define HASH_HTTP_POST_FILES    0xe4e4ce70
+#define HASH_HTTP_RAW_POST_DATA 0xe6137a0e
+#endif
+
+PHP_MINIT_FUNCTION(varfilter);
+PHP_MSHUTDOWN_FUNCTION(varfilter);
+PHP_RINIT_FUNCTION(varfilter);
+PHP_RSHUTDOWN_FUNCTION(varfilter);
+PHP_MINFO_FUNCTION(varfilter);
+
+
+ZEND_BEGIN_MODULE_GLOBALS(varfilter)
+/*     request variables */
+       long  max_request_variables;
+       long  cur_request_variables;
+       long  max_varname_length;
+       long  max_totalname_length;
+       long  max_value_length;
+       long  max_array_depth;
+       long  max_array_index_length;
+       zend_bool  disallow_nul;
+/*     cookie variables */
+       long  max_cookie_vars;
+       long  cur_cookie_vars;
+       long  max_cookie_name_length;
+       long  max_cookie_totalname_length;
+       long  max_cookie_value_length;
+       long  max_cookie_array_depth;
+       long  max_cookie_array_index_length;
+       zend_bool  disallow_cookie_nul;
+/*     get variables */
+       long  max_get_vars;
+       long  cur_get_vars;
+       long  max_get_name_length;
+       long  max_get_totalname_length;
+       long  max_get_value_length;
+       long  max_get_array_depth;
+       long  max_get_array_index_length;
+       zend_bool  disallow_get_nul;
+/*     post variables */
+       long  max_post_vars;
+       long  cur_post_vars;
+       long  max_post_name_length;
+       long  max_post_totalname_length;
+       long  max_post_value_length;
+       long  max_post_array_depth;
+       long  max_post_array_index_length;
+       zend_bool  disallow_post_nul;
+/*     fileupload */
+       long  max_uploads;
+       long  cur_uploads;
+       zend_bool  disallow_elf_files;
+       char *verification_script;
+        
+        zend_bool  no_more_variables;
+        zend_bool  no_more_get_variables;
+        zend_bool  no_more_post_variables;
+        zend_bool  no_more_cookie_variables;
+        zend_bool  no_more_uploads;
+
+ZEND_END_MODULE_GLOBALS(varfilter)
+
+
+#ifdef ZTS
+#define VARFILTER_G(v) TSRMG(varfilter_globals_id, zend_varfilter_globals *, v)
+#else
+#define VARFILTER_G(v) (varfilter_globals.v)
+#endif
+
+SAPI_INPUT_FILTER_FUNC(varfilter_input_filter);
+SAPI_UPLOAD_VARNAME_FILTER_FUNC(varfilter_upload_varname_filter);
+SAPI_PRE_UPLOAD_FILTER_FUNC(varfilter_pre_upload_filter);
+SAPI_UPLOAD_CONTENT_FILTER_FUNC(varfilter_upload_content_filter);
+SAPI_POST_UPLOAD_FILTER_FUNC(varfilter_post_upload_filter);
+SAPI_TREAT_DATA_FUNC(varfilter_treat_data);
+
+
+
+#endif /* PHP_VARFILTER_H */
+
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * indent-tabs-mode: t
+ * End:
+ */
+diff -Nura php-4.4.2/ext/varfilter/varfilter.c hardening-patch-4.4.2-0.4.15/ext/varfilter/varfilter.c
+--- php-4.4.2/ext/varfilter/varfilter.c 1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/varfilter/varfilter.c      2006-09-07 18:48:50.000000000 +0200
+@@ -0,0 +1,915 @@
+/*
+  +----------------------------------------------------------------------+
+  | Hardened-PHP Project's varfilter extension                           |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2004-2005 Stefan Esser                                 |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 2.02 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available at through the world-wide-web at                           |
+  | http://www.php.net/license/2_02.txt.                                 |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author: Stefan Esser <sesser@hardened-php.net>                       |
+  +----------------------------------------------------------------------+
+
+  $Id: varfilter.c,v 1.1 2004/11/14 13:27:16 ionic Exp $ 
+*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "php.h"
+#include "php_ini.h"
+#include "ext/standard/info.h"
+#include "php_varfilter.h"
+#include "hardening_patch.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(varfilter)
+
+/* True global resources - no need for thread safety here */
+static int le_varfilter;
+
+static void (*orig_register_server_variables)(zval *track_vars_array TSRMLS_DC) = NULL;
+static int (*orig_header_handler)(sapi_header_struct *sapi_header, sapi_headers_struct *sapi_headers TSRMLS_DC) = NULL;
+static zend_bool hooked = 0;
+
+/* {{{ varfilter_module_entry
+ */
+zend_module_entry varfilter_module_entry = {
+#if ZEND_MODULE_API_NO >= 20010901
+       STANDARD_MODULE_HEADER,
+#endif
+       "varfilter",
+       NULL,
+       PHP_MINIT(varfilter),
+       PHP_MSHUTDOWN(varfilter),
+       PHP_RINIT(varfilter),           /* Replace with NULL if there's nothing to do at request start */
+       PHP_RSHUTDOWN(varfilter),       /* Replace with NULL if there's nothing to do at request end */
+       PHP_MINFO(varfilter),
+#if ZEND_MODULE_API_NO >= 20010901
+       "0.4.15", /* Replace with version number for your extension */
+#endif
+       STANDARD_MODULE_PROPERTIES
+};
+/* }}} */
+
+#ifdef COMPILE_DL_VARFILTER
+ZEND_GET_MODULE(varfilter)
+#endif
+
+/* {{{ PHP_INI
+ */
+PHP_INI_BEGIN()
+    /* for backward compatibility */
+    STD_PHP_INI_ENTRY("varfilter.max_request_variables", "200", PHP_INI_PERDIR, OnUpdateLong, max_request_variables, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("varfilter.max_varname_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_varname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("varfilter.max_value_length", "65000", PHP_INI_PERDIR, OnUpdateLong, max_value_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("varfilter.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_array_depth, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("varfilter.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_totalname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("varfilter.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_array_index_length, zend_varfilter_globals, varfilter_globals)
+
+    STD_PHP_INI_ENTRY("hphp.request.max_vars", "200", PHP_INI_PERDIR, OnUpdateLong, max_request_variables, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.request.max_varname_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_varname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.request.max_value_length", "65000", PHP_INI_PERDIR, OnUpdateLong, max_value_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.request.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_array_depth, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.request.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_totalname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.request.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_array_index_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.request.disallow_nul", "1", PHP_INI_PERDIR, OnUpdateBool, disallow_nul, zend_varfilter_globals, varfilter_globals)
+
+    STD_PHP_INI_ENTRY("hphp.cookie.max_vars", "100", PHP_INI_PERDIR, OnUpdateLong, max_cookie_vars, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.cookie.max_name_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_cookie_name_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.cookie.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_cookie_totalname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.cookie.max_value_length", "10000", PHP_INI_PERDIR, OnUpdateLong, max_cookie_value_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.cookie.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_cookie_array_depth, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.cookie.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_cookie_array_index_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.cookie.disallow_nul", "1", PHP_INI_PERDIR, OnUpdateBool, disallow_cookie_nul, zend_varfilter_globals, varfilter_globals)
+
+    STD_PHP_INI_ENTRY("hphp.get.max_vars", "100", PHP_INI_PERDIR, OnUpdateLong, max_get_vars, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.get.max_name_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_get_name_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.get.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_get_totalname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.get.max_value_length", "512", PHP_INI_PERDIR, OnUpdateLong, max_get_value_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.get.max_array_depth", "50", PHP_INI_PERDIR, OnUpdateLong, max_get_array_depth, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.get.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_get_array_index_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.get.disallow_nul", "1", PHP_INI_PERDIR, OnUpdateBool, disallow_get_nul, zend_varfilter_globals, varfilter_globals)
+
+    STD_PHP_INI_ENTRY("hphp.post.max_vars", "200", PHP_INI_PERDIR, OnUpdateLong, max_post_vars, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.post.max_name_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_post_name_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.post.max_totalname_length", "256", PHP_INI_PERDIR, OnUpdateLong, max_post_totalname_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.post.max_value_length", "65000", PHP_INI_PERDIR, OnUpdateLong, max_post_value_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.post.max_array_depth", "100", PHP_INI_PERDIR, OnUpdateLong, max_post_array_depth, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.post.max_array_index_length", "64", PHP_INI_PERDIR, OnUpdateLong, max_post_array_index_length, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.post.disallow_nul", "1", PHP_INI_PERDIR, OnUpdateBool, disallow_post_nul, zend_varfilter_globals, varfilter_globals)
+
+    STD_PHP_INI_ENTRY("hphp.upload.max_uploads", "25", PHP_INI_PERDIR, OnUpdateLong, max_uploads, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.upload.disallow_elf_files", "1", PHP_INI_SYSTEM, OnUpdateBool, disallow_elf_files, zend_varfilter_globals, varfilter_globals)
+    STD_PHP_INI_ENTRY("hphp.upload.verification_script", NULL, PHP_INI_SYSTEM, OnUpdateString, verification_script, zend_varfilter_globals, varfilter_globals)
+
+
+PHP_INI_END()
+/* }}} */
+
+/* {{{ php_varfilter_init_globals
+ */
+static void php_varfilter_init_globals(zend_varfilter_globals *varfilter_globals)
+{
+       varfilter_globals->max_request_variables = 200;
+       varfilter_globals->max_varname_length = 64;
+       varfilter_globals->max_value_length = 10000;
+       varfilter_globals->max_array_depth = 100;
+       varfilter_globals->max_totalname_length = 256;
+       varfilter_globals->max_array_index_length = 64;
+       varfilter_globals->disallow_nul = 1;
+
+       varfilter_globals->max_cookie_vars = 100;
+       varfilter_globals->max_cookie_name_length = 64;
+       varfilter_globals->max_cookie_totalname_length = 256;
+       varfilter_globals->max_cookie_value_length = 10000;
+       varfilter_globals->max_cookie_array_depth = 100;
+       varfilter_globals->max_cookie_array_index_length = 64;
+       varfilter_globals->disallow_cookie_nul = 1;
+       
+       varfilter_globals->max_get_vars = 100;
+       varfilter_globals->max_get_name_length = 64;
+       varfilter_globals->max_get_totalname_length = 256;
+       varfilter_globals->max_get_value_length = 512;
+       varfilter_globals->max_get_array_depth = 50;
+       varfilter_globals->max_get_array_index_length = 64;
+       varfilter_globals->disallow_get_nul = 1;
+       
+       varfilter_globals->max_post_vars = 200;
+       varfilter_globals->max_post_name_length = 64;
+       varfilter_globals->max_post_totalname_length = 256;
+       varfilter_globals->max_post_value_length = 65000;
+       varfilter_globals->max_post_array_depth = 100;
+       varfilter_globals->max_post_array_index_length = 64;
+       varfilter_globals->disallow_post_nul = 1;
+
+       varfilter_globals->max_uploads = 25;
+       varfilter_globals->disallow_elf_files = 1;
+       varfilter_globals->verification_script = NULL;
+        
+        varfilter_globals->no_more_variables = 0;
+        varfilter_globals->no_more_get_variables = 0;
+        varfilter_globals->no_more_post_variables = 0;
+        varfilter_globals->no_more_cookie_variables = 0;
+        varfilter_globals->no_more_uploads = 0;
+
+       varfilter_globals->cur_request_variables = 0;
+       varfilter_globals->cur_get_vars = 0;
+       varfilter_globals->cur_post_vars = 0;
+       varfilter_globals->cur_cookie_vars = 0;
+       
+       varfilter_globals->cur_uploads = 0;
+        
+}
+/* }}} */
+
+
+void varfilter_register_server_variables(zval *track_vars_array TSRMLS_DC)
+{
+        HashTable *svars;
+        int retval, failure=0;
+        
+        orig_register_server_variables(track_vars_array TSRMLS_CC);
+
+        svars = Z_ARRVAL_P(track_vars_array);
+        
+        retval = zend_hash_del_key_or_index(svars, "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), HASH_HTTP_GET_VARS, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), HASH_HTTP_POST_VARS, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), HASH_HTTP_COOKIE_VARS, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), HASH_HTTP_ENV_VARS, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), HASH_HTTP_SERVER_VARS, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), HASH_HTTP_SESSION_VARS, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), HASH_HTTP_POST_FILES, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        retval = zend_hash_del_key_or_index(svars, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA"), HASH_HTTP_RAW_POST_DATA, HASH_DEL_INDEX);
+        if (retval == SUCCESS) failure = 1;
+        
+        if (failure) {
+                php_security_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header");
+        }
+}
+
+int varfilter_header_handler(sapi_header_struct *sapi_header, sapi_headers_struct *sapi_headers TSRMLS_DC)
+{
+        int retval = SAPI_HEADER_ADD, i;
+        char *tmp;
+        
+        if (!HG(hphp_multiheader) && sapi_header && sapi_header->header) {
+                
+                tmp = sapi_header->header;
+                for (i=0; i<sapi_header->header_len; i++, tmp++) {
+                        if (tmp[0] == 0) {
+                                char *fname = get_active_function_name(TSRMLS_C);
+                                
+                                if (!fname) {
+                                        fname = "unknown";
+                                }
+                                
+                                php_security_log(S_MISC, "%s() - wanted to send a HTTP header with an ASCII NUL in it", fname);
+                                sapi_header->header_len = i;
+                        } else if (tmp[0] == '\n' && (i == sapi_header->header_len-1 || (tmp[1] != ' ' && tmp[1] != '\t'))) {
+                                char *fname = get_active_function_name(TSRMLS_C);
+                                
+                                if (!fname) {
+                                        fname = "unknown";
+                                }
+                                
+                                php_security_log(S_MISC, "%s() - wanted to send multiple HTTP headers at once", fname);
+                                sapi_header->header_len = i;
+                                tmp[0] = 0;
+                        }
+                }
+        }
+
+        if (orig_header_handler) {
+                retval = orig_header_handler(sapi_header, sapi_headers TSRMLS_CC);
+        }
+        
+        return retval;
+}
+
+/* {{{ PHP_MINIT_FUNCTION
+ */
+PHP_MINIT_FUNCTION(varfilter)
+{
+       ZEND_INIT_MODULE_GLOBALS(varfilter, php_varfilter_init_globals, NULL);
+       REGISTER_INI_ENTRIES();
+
+        if (!hooked) {
+                void *temp;
+                hooked = 1;
+                
+                temp = (void *)sapi_module.register_server_variables;
+                if (temp != varfilter_register_server_variables) {
+                        orig_register_server_variables = temp;
+                }
+                temp = (void *)sapi_module.header_handler;
+                if (temp != varfilter_header_handler) {
+                        orig_header_handler = temp;
+                }
+        }
+        
+       sapi_register_input_filter(varfilter_input_filter);
+       sapi_register_upload_varname_filter(varfilter_upload_varname_filter);
+       sapi_register_pre_upload_filter(varfilter_pre_upload_filter);
+       sapi_register_upload_content_filter(varfilter_upload_content_filter);
+       sapi_register_post_upload_filter(varfilter_post_upload_filter);
+        
+        sapi_module.header_handler = varfilter_header_handler;
+        sapi_module.register_server_variables = varfilter_register_server_variables;
+
+        
+        return SUCCESS;
+}
+/* }}} */
+
+/* {{{ PHP_MSHUTDOWN_FUNCTION
+ */
+PHP_MSHUTDOWN_FUNCTION(varfilter)
+{
+       UNREGISTER_INI_ENTRIES();
+
+       return SUCCESS;
+}
+/* }}} */
+
+/* Remove if there's nothing to do at request start */
+/* {{{ PHP_RINIT_FUNCTION
+ */
+PHP_RINIT_FUNCTION(varfilter)
+{
+       VARFILTER_G(cur_request_variables) = 0;
+       VARFILTER_G(cur_get_vars) = 0;
+       VARFILTER_G(cur_post_vars) = 0;
+       VARFILTER_G(cur_cookie_vars) = 0;
+       
+       VARFILTER_G(cur_uploads) = 0;
+        
+        VARFILTER_G(no_more_variables) = 0;
+        VARFILTER_G(no_more_get_variables) = 0;
+        VARFILTER_G(no_more_post_variables) = 0;
+        VARFILTER_G(no_more_cookie_variables) = 0;
+        VARFILTER_G(no_more_uploads) = 0;
+       
+       return SUCCESS;
+}
+/* }}} */
+
+/* Remove if there's nothing to do at request end */
+/* {{{ PHP_RSHUTDOWN_FUNCTION
+ */
+PHP_RSHUTDOWN_FUNCTION(varfilter)
+{
+       return SUCCESS;
+}
+/* }}} */
+
+/* {{{ PHP_MINFO_FUNCTION
+ */
+PHP_MINFO_FUNCTION(varfilter)
+{
+       php_info_print_table_start();
+       php_info_print_table_header(2, "Hardening-Patch's variable filter support", "enabled");
+       php_info_print_table_end();
+
+       DISPLAY_INI_ENTRIES();
+}
+/* }}} */
+
+/* {{{ normalize_varname
+ */
+static void normalize_varname(char *varname)
+{
+       char *s=varname, *index=NULL, *indexend=NULL, *p;
+       
+       /* overjump leading space */
+       while (*s == ' ') {
+               s++;
+       }
+       
+       /* and remove it */
+       if (s != varname) {
+               memmove(varname, s, strlen(s)+1);
+       }
+
+       for (p=varname; *p && *p != '['; p++) {
+               switch(*p) {
+                       case ' ':
+                       case '.':
+                               *p='_';
+                               break;
+               }
+       }
+
+       /* find index */
+       index = strchr(varname, '[');
+       if (index) {
+               index++;
+               s=index;
+       } else {
+               return;
+       }
+
+       /* done? */
+       while (index) {
+
+               while (*index == ' ' || *index == '\r' || *index == '\n' || *index=='\t') {
+                       index++;
+               }
+               indexend = strchr(index, ']');
+               indexend = indexend ? indexend + 1 : index + strlen(index);
+               
+               if (s != index) {
+                       memmove(s, index, strlen(index)+1);
+                       s += indexend-index;
+               } else {
+                       s = indexend;
+               }
+
+               if (*s == '[') {
+                       s++;
+                       index = s;
+               } else {
+                       index = NULL;
+               }       
+       }
+       *s++='\0';
+}
+/* }}} */
+
+/* {{{ SAPI_UPLOAD_VARNAME_FILTER_FUNC
+ */
+SAPI_UPLOAD_VARNAME_FILTER_FUNC(varfilter_upload_varname_filter)
+{
+       char *index, *prev_index = NULL, *var;
+       unsigned int var_len, total_len, depth = 0;
+
+       var = estrdup(varname);
+
+       /* Normalize the variable name */
+       normalize_varname(var);
+       
+       /* Find length of variable name */
+       index = strchr(var, '[');
+       total_len = strlen(var);
+       var_len = index ? index-var : total_len;
+       
+       /* Drop this variable if it exceeds the varname/total length limit */
+       if (VARFILTER_G(max_varname_length) && VARFILTER_G(max_varname_length) < var_len) {
+               php_security_log(S_FILES, "configured request variable name length limit exceeded - dropped %s", var);
+               goto return_failure;
+       }
+       if (VARFILTER_G(max_totalname_length) && VARFILTER_G(max_totalname_length) < total_len) {
+               php_security_log(S_FILES, "configured request variable total name length limit exceeded - dropped %s", var);
+               goto return_failure;
+       }
+       if (VARFILTER_G(max_post_name_length) && VARFILTER_G(max_post_name_length) < var_len) {
+               php_security_log(S_FILES, "configured POST variable name length limit exceeded - dropped %s", var);
+
+               goto return_failure;
+       }
+       if (VARFILTER_G(max_post_totalname_length) && VARFILTER_G(max_post_totalname_length) < var_len) {
+               php_security_log(S_FILES, "configured POST variable total name length limit exceeded - dropped %s", var);
+               goto return_failure;
+       }
+       
+       /* Find out array depth */
+       while (index) {
+               unsigned int index_length;
+               
+               depth++;
+               index = strchr(index+1, '[');
+               
+               if (prev_index) {
+                       index_length = index ? index - 1 - prev_index - 1: strlen(prev_index);
+                       
+                       if (VARFILTER_G(max_array_index_length) && VARFILTER_G(max_array_index_length) < index_length) {
+                               php_security_log(S_FILES, "configured request variable array index length limit exceeded - dropped %s", var);
+                               goto return_failure;
+                       } 
+                       if (VARFILTER_G(max_post_array_index_length) && VARFILTER_G(max_post_array_index_length) < index_length) {
+                               php_security_log(S_FILES, "configured POST variable array index length limit exceeded - dropped %s", var);
+                               goto return_failure;
+                       } 
+                       prev_index = index;
+               }
+               
+       }
+       
+       /* Drop this variable if it exceeds the array depth limit */
+       if (VARFILTER_G(max_array_depth) && VARFILTER_G(max_array_depth) < depth) {
+               php_security_log(S_FILES, "configured request variable array depth limit exceeded - dropped %s", var);
+               goto return_failure;
+       }
+       if (VARFILTER_G(max_post_array_depth) && VARFILTER_G(max_post_array_depth) < depth) {
+               php_security_log(S_FILES, "configured POST variable array depth limit exceeded - dropped %s", var);
+               goto return_failure;
+       }
+       
+       
+       /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
+       /* This is to protect several silly scripts that do globalizing themself */
+       
+       switch (var_len) {
+           case 18:
+               if (memcmp(var, "HTTP_RAW_POST_DATA", 18)==0) goto protected_varname2;
+               break;
+           case 17:
+               if (memcmp(var, "HTTP_SESSION_VARS", 17)==0) goto protected_varname2;
+               break;
+           case 16:
+               if (memcmp(var, "HTTP_SERVER_VARS", 16)==0) goto protected_varname2;
+               if (memcmp(var, "HTTP_COOKIE_VARS", 16)==0) goto protected_varname2;
+               break;
+           case 15:
+               if (memcmp(var, "HTTP_POST_FILES", 15)==0) goto protected_varname2;
+               break;
+           case 14:
+               if (memcmp(var, "HTTP_POST_VARS", 14)==0) goto protected_varname2;
+               break;
+           case 13:
+               if (memcmp(var, "HTTP_GET_VARS", 13)==0) goto protected_varname2;
+               if (memcmp(var, "HTTP_ENV_VARS", 13)==0) goto protected_varname2;
+               break;
+           case 8:
+               if (memcmp(var, "_SESSION", 8)==0) goto protected_varname2;
+               if (memcmp(var, "_REQUEST", 8)==0) goto protected_varname2;
+               break;
+           case 7:
+               if (memcmp(var, "GLOBALS", 7)==0) goto protected_varname2;
+               if (memcmp(var, "_COOKIE", 7)==0) goto protected_varname2;
+               if (memcmp(var, "_SERVER", 7)==0) goto protected_varname2;
+               break;
+           case 6:
+               if (memcmp(var, "_FILES", 6)==0) goto protected_varname2;
+               break;
+           case 5:
+               if (memcmp(var, "_POST", 5)==0) goto protected_varname2;
+               break;
+           case 4:
+               if (memcmp(var, "_ENV", 4)==0) goto protected_varname2;
+               if (memcmp(var, "_GET", 4)==0) goto protected_varname2;
+               break;
+       }
+
+       efree(var);
+       return SUCCESS;
+protected_varname2:
+       php_security_log(S_FILES, "tried to register forbidden variable '%s' through FILE variables", var);
+return_failure:
+       efree(var);
+       return FAILURE; 
+}
+/* }}} */
+
+/* {{{ SAPI_PRE_UPLOAD_FILTER_FUNC
+ */
+SAPI_PRE_UPLOAD_FILTER_FUNC(varfilter_pre_upload_filter)
+{
+        /* Drop if no more variables flag is set */
+        if (VARFILTER_G(no_more_uploads)) {
+                return FAILURE;
+        }
+       /* Drop this fileupload if the limit is reached */
+       if (VARFILTER_G(max_uploads) && VARFILTER_G(max_uploads) <= VARFILTER_G(cur_uploads)) {
+               php_security_log(S_FILES, "configured fileupload limit exceeded - file dropped");
+                VARFILTER_G(no_more_uploads) = 1;
+               return FAILURE;
+       }
+       
+       return SUCCESS;
+}
+/* }}} */
+
+/* {{{ SAPI_UPLOAD_CONTENT_FILTER_FUNC
+ */
+SAPI_UPLOAD_CONTENT_FILTER_FUNC(varfilter_upload_content_filter)
+{
+
+       if (VARFILTER_G(disallow_elf_files)) {
+
+               if (offset == 0 && buffer_len > 10) {
+                       
+                       if (buffer[0] == 0x7F && buffer[1] == 'E' && buffer[2] == 'L' && buffer[3] == 'F') {
+                               php_security_log(S_FILES, "uploaded file is an ELF executable - file dropped");
+                               return FAILURE;
+                       }
+               }
+       
+       }
+
+       return SUCCESS;
+}
+/* }}} */
+
+/* {{{ SAPI_POST_UPLOAD_FILTER_FUNC
+ */
+SAPI_POST_UPLOAD_FILTER_FUNC(varfilter_post_upload_filter)
+{
+       int retval = SUCCESS;
+
+       if (VARFILTER_G(verification_script)) {
+               char cmd[8192];
+               FILE *in;
+               int first=1;
+               
+               ap_php_snprintf(cmd, sizeof(cmd), "%s %s", VARFILTER_G(verification_script), tmpfilename);
+
+               if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
+                       php_security_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", VARFILTER_G(verification_script));
+                       return FAILURE;
+               }
+               
+               retval = FAILURE;
+               
+               /* read and forget the result */
+               while (1) {
+                       int readbytes = fread(cmd, 1, sizeof(cmd), in);
+                       if (readbytes<=0) {
+                               break;
+                       }
+                       if (first) {
+                               retval = atoi(cmd) == 1 ? SUCCESS : FAILURE;
+                               first = 0;
+                       }
+               }
+               pclose(in);
+       }
+
+       if (retval != SUCCESS) {
+               php_security_log(S_FILES, "fileupload verification script disallows file - file dropped");
+               return FAILURE;
+       }
+
+       VARFILTER_G(cur_uploads)++;
+       return SUCCESS;
+}
+/* }}} */
+
+/* {{{ SAPI_INPUT_FILTER_FUNC
+ */
+SAPI_INPUT_FILTER_FUNC(varfilter_input_filter)
+{
+       char *index, *prev_index = NULL;
+       unsigned int var_len, total_len, depth = 0;
+
+       /* Drop this variable if the limit was reached */
+        switch (arg) {
+            case PARSE_GET:
+                        if (VARFILTER_G(no_more_get_variables)) {
+                                return 0;
+                        }
+                        break;
+            case PARSE_POST:
+                        if (VARFILTER_G(no_more_post_variables)) {
+                                return 0;
+                        }
+                        break;
+            case PARSE_COOKIE:
+                        if (VARFILTER_G(no_more_cookie_variables)) {
+                                return 0;
+                        }
+                        break;
+            default:    /* we do not want to protect parse_str() and friends */
+                       if (new_val_len) {
+                               *new_val_len = val_len;
+                       }
+                        return 1;
+        }
+        if (VARFILTER_G(no_more_variables)) {
+                return 0;
+        }
+        
+        /* Drop this variable if the limit is now reached */
+       if (VARFILTER_G(max_request_variables) && VARFILTER_G(max_request_variables) <= VARFILTER_G(cur_request_variables)) {
+               php_security_log(S_VARS, "configured request variable limit exceeded - dropped %s", var);
+                VARFILTER_G(no_more_variables) = 1;
+               return 0;
+       }
+       switch (arg) {
+           case PARSE_GET:
+                       if (VARFILTER_G(max_get_vars) && VARFILTER_G(max_get_vars) <= VARFILTER_G(cur_get_vars)) {
+                               php_security_log(S_VARS, "configured GET variable limit exceeded - dropped %s", var);
+                                VARFILTER_G(no_more_get_variables) = 1;
+                               return 0;
+                       }
+                       break;
+           case PARSE_COOKIE:
+                       if (VARFILTER_G(max_cookie_vars) && VARFILTER_G(max_cookie_vars) <= VARFILTER_G(cur_cookie_vars)) {
+                               php_security_log(S_VARS, "configured COOKIE variable limit exceeded - dropped %s", var);
+                                VARFILTER_G(no_more_cookie_variables) = 1;
+                               return 0;
+                       }
+                       break;
+           case PARSE_POST:
+                       if (VARFILTER_G(max_post_vars) && VARFILTER_G(max_post_vars) <= VARFILTER_G(cur_post_vars)) {
+                               php_security_log(S_VARS, "configured POST variable limit exceeded - dropped %s", var);
+                                VARFILTER_G(no_more_post_variables) = 1;
+                                return 0;
+                       }
+                       break;
+       }
+       
+       
+       /* Drop this variable if it exceeds the value length limit */
+       if (VARFILTER_G(max_value_length) && VARFILTER_G(max_value_length) < val_len) {
+               php_security_log(S_VARS, "configured request variable value length limit exceeded - dropped %s", var);
+               return 0;
+       }
+       switch (arg) {
+           case PARSE_GET:
+                       if (VARFILTER_G(max_get_value_length) && VARFILTER_G(max_get_value_length) < val_len) {
+                               php_security_log(S_VARS, "configured GET variable value length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+           case PARSE_COOKIE:
+                       if (VARFILTER_G(max_cookie_value_length) && VARFILTER_G(max_cookie_value_length) < val_len) {
+                               php_security_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+           case PARSE_POST:
+                       if (VARFILTER_G(max_post_value_length) && VARFILTER_G(max_post_value_length) < val_len) {
+                               php_security_log(S_VARS, "configured POST variable value length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+       }
+       
+       /* Normalize the variable name */
+       normalize_varname(var);
+       
+       /* Find length of variable name */
+       index = strchr(var, '[');
+       total_len = strlen(var);
+       var_len = index ? index-var : total_len;
+       
+       /* Drop this variable if it exceeds the varname/total length limit */
+       if (VARFILTER_G(max_varname_length) && VARFILTER_G(max_varname_length) < var_len) {
+               php_security_log(S_VARS, "configured request variable name length limit exceeded - dropped %s", var);
+               return 0;
+       }
+       if (VARFILTER_G(max_totalname_length) && VARFILTER_G(max_totalname_length) < total_len) {
+               php_security_log(S_VARS, "configured request variable total name length limit exceeded - dropped %s", var);
+               return 0;
+       }
+       switch (arg) {
+           case PARSE_GET:
+                       if (VARFILTER_G(max_get_name_length) && VARFILTER_G(max_get_name_length) < var_len) {
+                               php_security_log(S_VARS, "configured GET variable name length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       if (VARFILTER_G(max_get_totalname_length) && VARFILTER_G(max_get_totalname_length) < var_len) {
+                               php_security_log(S_VARS, "configured GET variable total name length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+           case PARSE_COOKIE:
+                       if (VARFILTER_G(max_cookie_name_length) && VARFILTER_G(max_cookie_name_length) < var_len) {
+                               php_security_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       if (VARFILTER_G(max_cookie_totalname_length) && VARFILTER_G(max_cookie_totalname_length) < var_len) {
+                               php_security_log(S_VARS, "configured COOKIE variable total name length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+           case PARSE_POST:
+                       if (VARFILTER_G(max_post_name_length) && VARFILTER_G(max_post_name_length) < var_len) {
+                               php_security_log(S_VARS, "configured POST variable name length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       if (VARFILTER_G(max_post_totalname_length) && VARFILTER_G(max_post_totalname_length) < var_len) {
+                               php_security_log(S_VARS, "configured POST variable total name length limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+       }
+       
+       /* Find out array depth */
+       while (index) {
+               unsigned int index_length;
+               
+               depth++;
+               index = strchr(index+1, '[');
+               
+               if (prev_index) {
+                       index_length = index ? index - 1 - prev_index - 1: strlen(prev_index);
+                       
+                       if (VARFILTER_G(max_array_index_length) && VARFILTER_G(max_array_index_length) < index_length) {
+                               php_security_log(S_VARS, "configured request variable array index length limit exceeded - dropped %s", var);
+                               return 0;
+                       } 
+                       switch (arg) {
+                           case PARSE_GET:
+                                       if (VARFILTER_G(max_get_array_index_length) && VARFILTER_G(max_get_array_index_length) < index_length) {
+                                               php_security_log(S_VARS, "configured GET variable array index length limit exceeded - dropped %s", var);
+                                               return 0;
+                                       } 
+                                       break;
+                           case PARSE_COOKIE:
+                                       if (VARFILTER_G(max_cookie_array_index_length) && VARFILTER_G(max_cookie_array_index_length) < index_length) {
+                                               php_security_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped %s", var);
+                                               return 0;
+                                       } 
+                                       break;
+                           case PARSE_POST:
+                                       if (VARFILTER_G(max_post_array_index_length) && VARFILTER_G(max_post_array_index_length) < index_length) {
+                                               php_security_log(S_VARS, "configured POST variable array index length limit exceeded - dropped %s", var);
+                                               return 0;
+                                       } 
+                                       break;
+                       }
+                       prev_index = index;
+               }
+               
+       }
+       
+       /* Drop this variable if it exceeds the array depth limit */
+       if (VARFILTER_G(max_array_depth) && VARFILTER_G(max_array_depth) < depth) {
+               php_security_log(S_VARS, "configured request variable array depth limit exceeded - dropped %s", var);
+               return 0;
+       }
+       switch (arg) {
+           case PARSE_GET:
+                       if (VARFILTER_G(max_get_array_depth) && VARFILTER_G(max_get_array_depth) < depth) {
+                               php_security_log(S_VARS, "configured GET variable array depth limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+           case PARSE_COOKIE:
+                       if (VARFILTER_G(max_cookie_array_depth) && VARFILTER_G(max_cookie_array_depth) < depth) {
+                               php_security_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+           case PARSE_POST:
+                       if (VARFILTER_G(max_post_array_depth) && VARFILTER_G(max_post_array_depth) < depth) {
+                               php_security_log(S_VARS, "configured POST variable array depth limit exceeded - dropped %s", var);
+                               return 0;
+                       }
+                       break;
+       }
+
+       /* Check if variable value is truncated by a \0 */
+       
+       if (val && *val && val_len != strlen(*val)) {
+       
+               if (VARFILTER_G(disallow_nul)) {
+                       php_security_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped %s", var);
+                       return 0;
+               }
+               switch (arg) {
+                   case PARSE_GET:
+                               if (VARFILTER_G(disallow_get_nul)) {
+                                       php_security_log(S_VARS, "ASCII-NUL chars not allowed within GET variables - dropped %s", var);
+                                       return 0;
+                               }
+                               break;
+                   case PARSE_COOKIE:
+                               if (VARFILTER_G(disallow_cookie_nul)) {
+                                       php_security_log(S_VARS, "ASCII-NUL chars not allowed within COOKIE variables - dropped %s", var);
+                                       return 0;
+                               }
+                               break;
+                   case PARSE_POST:
+                               if (VARFILTER_G(disallow_post_nul)) {
+                                       php_security_log(S_VARS, "ASCII-NUL chars not allowed within POST variables - dropped %s", var);
+                                       return 0;
+                               }
+                               break;
+               }
+       }
+       
+       /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
+       /* This is to protect several silly scripts that do globalizing themself */
+       
+       switch (var_len) {
+           case 18:
+               if (memcmp(var, "HTTP_RAW_POST_DATA", 18)==0) goto protected_varname;
+               break;
+           case 17:
+               if (memcmp(var, "HTTP_SESSION_VARS", 17)==0) goto protected_varname;
+               break;
+           case 16:
+               if (memcmp(var, "HTTP_SERVER_VARS", 16)==0) goto protected_varname;
+               if (memcmp(var, "HTTP_COOKIE_VARS", 16)==0) goto protected_varname;
+               break;
+           case 15:
+               if (memcmp(var, "HTTP_POST_FILES", 15)==0) goto protected_varname;
+               break;
+           case 14:
+               if (memcmp(var, "HTTP_POST_VARS", 14)==0) goto protected_varname;
+               break;
+           case 13:
+               if (memcmp(var, "HTTP_GET_VARS", 13)==0) goto protected_varname;
+               if (memcmp(var, "HTTP_ENV_VARS", 13)==0) goto protected_varname;
+               break;
+           case 8:
+               if (memcmp(var, "_SESSION", 8)==0) goto protected_varname;
+               if (memcmp(var, "_REQUEST", 8)==0) goto protected_varname;
+               break;
+           case 7:
+               if (memcmp(var, "GLOBALS", 7)==0) goto protected_varname;
+               if (memcmp(var, "_COOKIE", 7)==0) goto protected_varname;
+               if (memcmp(var, "_SERVER", 7)==0) goto protected_varname;
+               break;
+           case 6:
+               if (memcmp(var, "_FILES", 6)==0) goto protected_varname;
+               break;
+           case 5:
+               if (memcmp(var, "_POST", 5)==0) goto protected_varname;
+               break;
+           case 4:
+               if (memcmp(var, "_ENV", 4)==0) goto protected_varname;
+               if (memcmp(var, "_GET", 4)==0) goto protected_varname;
+               break;
+       }
+
+       /* Okay let PHP register this variable */
+       VARFILTER_G(cur_request_variables)++;
+       switch (arg) {
+           case PARSE_GET:
+                       VARFILTER_G(cur_get_vars)++;
+                       break;
+           case PARSE_COOKIE:
+                       VARFILTER_G(cur_cookie_vars)++;
+                       break;
+           case PARSE_POST:
+                       VARFILTER_G(cur_post_vars)++;
+                       break;
+       }
+       
+       if (new_val_len) {
+               *new_val_len = val_len;
+       }
+
+       return 1;
+protected_varname:
+       php_security_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");
+       return 0;       
+}
+/* }}} */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noet sw=4 ts=4 fdm=marker
+ * vim<600: noet sw=4 ts=4
+ */
+
+
+diff -Nura php-4.4.2/ext/wddx/wddx.c hardening-patch-4.4.2-0.4.15/ext/wddx/wddx.c
+--- php-4.4.2/ext/wddx/wddx.c   2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/ext/wddx/wddx.c        2006-09-05 20:30:33.000000000 +0200
+@@ -16,7 +16,11 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: wddx.c,v 1.96.2.6.2.3 2006/01/01 13:46:59 sniper Exp $ */
+/* $Id: wddx.c,v 1.96.2.6.2.7 2006/05/26 01:55:26 iliaa Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+ 
+ #include "php.h"
+ #include "php_wddx.h"
+@@ -400,9 +404,9 @@
+                                        break;
+ 
+                                default:
+-                                       if (iscntrl((int)*(unsigned char *)p)) {
+                                       if (iscntrl((int)*(unsigned char *)p) || (int)*(unsigned char *)p >= 127) {
+                                                FLUSH_BUF();
+-                                               sprintf(control_buf, WDDX_CHAR, *p);
+                                               sprintf(control_buf, WDDX_CHAR, (int)*(unsigned char *)p);
+                                                php_wddx_add_chunk(packet, control_buf);
+                                        } else
+                                                buf[l++] = *p;
+@@ -428,7 +432,7 @@
+        tmp = *var;
+        zval_copy_ctor(&tmp);
+        convert_to_string(&tmp);
+-       sprintf(tmp_buf, WDDX_NUMBER, Z_STRVAL(tmp));
+       snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
+        zval_dtor(&tmp);
+ 
+        php_wddx_add_chunk(packet, tmp_buf);    
+@@ -620,17 +624,19 @@
+  */
+ void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name_len TSRMLS_DC)
+ {
+-       char tmp_buf[WDDX_BUF_LEN];
+       char *tmp_buf;
+        char *name_esc;
+        int name_esc_len;
+ 
+        if (name) {
+                name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
+-               sprintf(tmp_buf, WDDX_VAR_S, name_esc);
+               tmp_buf = emalloc(name_esc_len + 1);
+               snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
+                php_wddx_add_chunk(packet, tmp_buf);
+               efree(tmp_buf);
+                efree(name_esc);
+        }
+-       
+
+        switch(Z_TYPE_P(var)) {
+                case IS_STRING:
+                        php_wddx_serialize_string(packet, var);
+diff -Nura php-4.4.2/main/fopen_wrappers.c hardening-patch-4.4.2-0.4.15/main/fopen_wrappers.c
+--- php-4.4.2/main/fopen_wrappers.c     2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/fopen_wrappers.c  2006-09-07 18:53:23.000000000 +0200
+@@ -106,7 +106,10 @@
+        }
+ 
+        /* Resolve the real path into resolved_name */
+-       if ((expand_filepath(path, resolved_name TSRMLS_CC) != NULL) && (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) {
+       if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
+               return -2;
+       }
+       if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) {
+                /* Handler for basedirs that end with a / */
+                resolved_basedir_len = strlen(resolved_basedir);
+                if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {
+@@ -116,14 +119,20 @@
+                        }
+                }
+ 
+               resolved_name_len = strlen(resolved_name);
+                if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) {
+-                       resolved_name_len = strlen(resolved_name);
+                        if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) {
+                                resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR;
+                                resolved_name[++resolved_name_len] = '\0';
+                        }
+                }
+ 
+               if (resolved_name_len == resolved_basedir_len - 1) {
+                       if (resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
+                               resolved_basedir_len--;
+                       }
+               }
+
+                /* Check the path */
+ #ifdef PHP_WIN32
+                if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
+@@ -137,7 +146,7 @@
+                }
+        } else {
+                /* Unable to resolve the real path, return -1 */
+-               return -1;
+               return -3;
+        }
+ }
+ /* }}} */
+@@ -156,22 +165,44 @@
+                char *pathbuf;
+                char *ptr;
+                char *end;
+               char path_copy[MAXPATHLEN];
+               int path_len;
+
+               /* Special case path ends with a trailing slash */
+               path_len = strlen(path);
+               if (path_len >= MAXPATHLEN) {
+                       errno = EPERM; /* we deny permission to open it */
+                       return -1;
+               }
+               if (path_len > 0 && path[path_len-1] == PHP_DIR_SEPARATOR) {
+                       memcpy(path_copy, path, path_len+1);
+                       while (path_len > 0 && path_copy[path_len-1] == PHP_DIR_SEPARATOR) path_len--;
+                       path_copy[path_len] = '\0';
+                       path = (const char *)&path_copy;
+               }
+ 
+                pathbuf = estrdup(PG(open_basedir));
+ 
+                ptr = pathbuf;
+ 
+                while (ptr && *ptr) {
+                       int res;
+                        end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+                        if (end != NULL) {
+                                *end = '\0';
+                                end++;
+                        }
+ 
+-                       if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
+                       res = php_check_specific_open_basedir(ptr, path TSRMLS_CC);
+                       if (res == 0) {
+                                efree(pathbuf);
+                                return 0;
+                        }
+                       if (res == -2) {
+                               efree(pathbuf);
+                               errno = EPERM;
+                               return -1;
+                       }
+ 
+                        ptr = end;
+                }
+diff -Nura php-4.4.2/main/hardened_globals.h hardening-patch-4.4.2-0.4.15/main/hardened_globals.h
+--- php-4.4.2/main/hardened_globals.h   1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/hardened_globals.h        2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,64 @@
+/*
+   +----------------------------------------------------------------------+
+   | Hardening-Patch for PHP                                              |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2005 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@hardened-php.net>                       |
+   +----------------------------------------------------------------------+
+ */
+
+#ifndef HARDENED_GLOBALS_H
+#define HARDENED_GLOBALS_H
+
+typedef struct _hardened_globals hardened_globals_struct;
+
+#ifdef ZTS
+# define HG(v) TSRMG(hardened_globals_id, hardened_globals_struct *, v)
+extern int hardened_globals_id;
+#else
+# define HG(v) (hardened_globals.v)
+extern struct _hardened_globals hardened_globals;
+#endif
+
+
+struct _hardened_globals {
+#if HARDENING_PATCH_MM_PROTECT
+       unsigned int canary_1;
+       unsigned int canary_2;
+#endif
+#if HARDENING_PATCH_LL_PROTECT
+       unsigned int canary_3;
+       unsigned int canary_4;
+       unsigned int ll_canary_inited;
+#endif
+       zend_bool hphp_sql_bailout_on_error;
+       zend_bool hphp_multiheader;
+       unsigned long hphp_mailprotect;
+       long hard_memory_limit;
+       HashTable *eval_whitelist;
+       HashTable *eval_blacklist;
+       HashTable *func_whitelist;
+       HashTable *func_blacklist;
+       HashTable *include_whitelist;
+       HashTable *include_blacklist;
+       unsigned int dummy;
+};
+
+
+#endif /* HARDENED_GLOBALS_H */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ */
+diff -Nura php-4.4.2/main/hardening_patch.c hardening-patch-4.4.2-0.4.15/main/hardening_patch.c
+--- php-4.4.2/main/hardening_patch.c    1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/hardening_patch.c 2006-09-07 18:48:28.000000000 +0200
+@@ -0,0 +1,430 @@
+/*
+   +----------------------------------------------------------------------+
+   | Hardening Patch for PHP                                              |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2005 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@hardened-php.net>                       |
+   +----------------------------------------------------------------------+
+ */
+/* $Id: hardening_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */
+
+#include "php.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include "SAPI.h"
+#include "php_globals.h"
+
+#if HARDENING_PATCH
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
+#undef AF_UNIX
+#endif
+
+#if defined(AF_UNIX)
+#include <sys/un.h>
+#endif
+
+#define SYSLOG_PATH  "/dev/log"
+
+#include "snprintf.h"
+
+#include "hardening_patch.h"
+
+#ifdef ZTS
+#include "hardened_globals.h"
+int hardened_globals_id;
+#else
+struct _hardened_globals hardened_globals;
+#endif
+
+static void hardened_globals_ctor(hardened_globals_struct *hardened_globals TSRMLS_DC)
+{
+       memset(hardened_globals, 0, sizeof(*hardened_globals));
+}
+
+
+PHPAPI void hardened_startup()
+{
+#ifdef ZTS
+       ts_allocate_id(&hardened_globals_id, sizeof(hardened_globals_struct), (ts_allocate_ctor) hardened_globals_ctor, NULL);
+#else
+       hardened_globals_ctor(&hardened_globals TSRMLS_CC);
+#endif
+}
+
+PHPAPI void hardened_clear_mm_canaries(TSRMLS_D)
+{
+       HG(canary_1) = php_canary();
+       HG(canary_2) = php_canary();
+}
+
+char *loglevel2string(int loglevel)
+{
+       switch (loglevel) {
+           case S_FILES:
+               return "FILES";
+           case S_INCLUDE:
+               return "INCLUDE";
+           case S_MEMORY:
+               return "MEMORY";
+           case S_MISC:
+               return "MISC";
+           case S_SQL:
+               return "SQL";
+           case S_EXECUTOR:
+               return "EXECUTOR";
+           case S_VARS:
+               return "VARS";
+           default:
+               return "UNKNOWN";    
+       }
+}
+
+PHPAPI void php_security_log(int loglevel, char *fmt, ...)
+{
+#if defined(AF_UNIX)
+       int s, r, i=0;
+       struct sockaddr_un saun;
+       char buf[4096+64];
+       char error[4096+100];
+       char *ip_address;
+       char *fname;
+       int lineno;
+       va_list ap;
+       TSRMLS_FETCH();
+       
+       if (EG(hphp_log_use_x_forwarded_for)) {
+               ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC);
+               if (ip_address == NULL) {
+                       ip_address = "X-FORWARDED-FOR not set";
+               }
+       } else {
+               ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC);
+               if (ip_address == NULL) {
+                       ip_address = "REMOTE_ADDR not set";
+               }
+       }
+       
+       
+       va_start(ap, fmt);
+       ap_php_vsnprintf(error, sizeof(error), fmt, ap);
+       va_end(ap);
+       while (error[i]) {
+               if (error[i] < 32) error[i] = '.';
+               i++;
+       }
+       
+       if (zend_is_executing(TSRMLS_C)) {
+               lineno = zend_get_executed_lineno(TSRMLS_C);
+               fname = zend_get_executed_filename(TSRMLS_C);
+               ap_php_snprintf(buf, sizeof(buf), "ALERT - %s (attacker '%s', file '%s', line %u)", error, ip_address, fname, lineno);
+       } else {
+               fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC);
+               if (fname==NULL) {
+                       fname = "unknown";
+               }
+               ap_php_snprintf(buf, sizeof(buf), "ALERT - %s (attacker '%s', file '%s')", error, ip_address, fname);
+       }
+                       
+       /* Syslog-Logging disabled? */
+       if ((EG(hphp_log_syslog) & loglevel)==0) {
+               goto log_sapi;
+       }       
+       
+       ap_php_snprintf(error, sizeof(error), "<%u>hphp[%u]: %s\n", EG(hphp_log_syslog_facility)|EG(hphp_log_syslog_priority),getpid(),buf);
+
+       s = socket(AF_UNIX, SOCK_DGRAM, 0);
+       if (s == -1) {
+               goto log_sapi;
+       }
+       
+       memset(&saun, 0, sizeof(saun));
+       saun.sun_family = AF_UNIX;
+       strcpy(saun.sun_path, SYSLOG_PATH);
+       /*saun.sun_len = sizeof(saun);*/
+       
+       r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
+       if (r) {
+               close(s);
+               s = socket(AF_UNIX, SOCK_STREAM, 0);
+               if (s == -1) {
+                       goto log_sapi;
+               }
+       
+               memset(&saun, 0, sizeof(saun));
+               saun.sun_family = AF_UNIX;
+               strcpy(saun.sun_path, SYSLOG_PATH);
+               /*saun.sun_len = sizeof(saun);*/
+
+               r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
+               if (r) { 
+                       close(s);
+                       goto log_sapi;
+               }
+       }
+       send(s, error, strlen(error), 0);
+       
+       close(s);
+
+log_sapi:
+       /* SAPI Logging activated? */
+       if ((EG(hphp_log_sapi) & loglevel)!=0) {
+               sapi_module.log_message(buf);
+       }
+
+log_script:
+       /* script logging activaed? */
+       if (((EG(hphp_log_script) & loglevel)!=0) && EG(hphp_log_scriptname)!=NULL) {
+               char cmd[8192], *cmdpos, *bufpos;
+               FILE *in;
+               int space;
+               
+               ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", EG(hphp_log_scriptname), loglevel2string(loglevel));
+               space = sizeof(cmd) - strlen(cmd);
+               cmdpos = cmd + strlen(cmd);
+               bufpos = buf;
+               if (space <= 1) return;
+               while (space > 2 && *bufpos) {
+                       if (*bufpos == '\'') {
+                               if (space<=5) break;
+                               *cmdpos++ = '\'';
+                               *cmdpos++ = '\\';
+                               *cmdpos++ = '\'';
+                               *cmdpos++ = '\'';
+                               bufpos++;
+                               space-=4;
+                       } else {
+                               *cmdpos++ = *bufpos++;
+                               space--;
+                       }
+               }
+               *cmdpos++ = '\'';
+               *cmdpos = 0;
+               
+               if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
+                       php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", EG(hphp_log_scriptname));
+                       return;
+               }
+               /* read and forget the result */
+               while (1) {
+                       int readbytes = fread(cmd, 1, sizeof(cmd), in);
+                       if (readbytes<=0) {
+                               break;
+                       }
+               }
+               pclose(in);
+       }
+
+#endif
+}
+#endif
+
+#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT
+
+/* will be replaced later with more compatible method */
+PHPAPI unsigned int php_canary()
+{
+       time_t t;
+       unsigned int canary;
+       int fd;
+       
+       fd = open("/dev/urandom", 0);
+       if (fd != -1) {
+               int r = read(fd, &canary, sizeof(canary));
+               close(fd);
+               if (r == sizeof(canary)) {
+                       return (canary);
+               }
+       }
+       /* not good but we never want to do this */
+       time(&t);
+       canary = *(unsigned int *)&t + getpid() << 16;
+       return (canary);
+}
+#endif
+
+#if HARDENING_PATCH_INC_PROTECT
+
+PHPAPI int php_is_valid_include(zval *z)
+{
+       char *filename;
+       int len, i;
+       TSRMLS_FETCH();
+       
+       /* must be of type string */
+       if (z->type != IS_STRING || z->value.str.val == NULL) {
+               return (0);
+       }
+       
+       /* short cut */
+       filename = z->value.str.val;
+       len = z->value.str.len;
+       
+       /* 1. must be shorter than MAXPATHLEN */
+       if (len > MAXPATHLEN) {
+               char *fname = estrndup(filename, len);
+               for (i=0; i < len; i++) if (fname[i] < 32) fname[i]='.';
+               php_security_log(S_INCLUDE, "Include filename ('%s') longer than MAXPATHLEN chars", fname);
+               efree(fname);
+               return (0);
+       }
+       
+       /* 2. must not be cutted */
+       if (len != strlen(filename)) {
+               char *fname = estrndup(filename, len);
+               for (i=0; fname[i]; i++) if (fname[i] < 32) fname[i]='.';
+               php_security_log(S_INCLUDE, "Include filename truncated by a \\0 after '%s'", fname);
+               efree(fname);
+               return (0);
+       }
+       
+       /* 3. when it is an URL first check black/whitelist if both are empty disallow all URLs */
+       if (strstr(filename, "://")) {
+               char *fname = estrndup(filename, len);
+               for (i=0; i < len; i++) if (fname[i] < 32) fname[i]='.';
+       
+               /* no black or whitelist then disallow all */
+               if (HG(include_whitelist)==NULL && HG(include_blacklist)==NULL) {
+                       php_security_log(S_INCLUDE, "Include filename ('%s') is an URL", fname);
+                       efree(fname);
+                       return (0);
+               }
+               
+               /* whitelist is stronger than blacklist */
+               if (HG(include_whitelist)) {
+                       char *s, *t, *h, *index;
+                       uint indexlen;
+                       ulong numindex;
+
+                       s = filename;
+                       
+                       do {
+                               zend_bool isOk = 0;
+                               int tlen;
+                               
+                               t = h = strstr(s, "://");
+                               if (h == NULL) break;
+                               
+                               
+                               while (t > s && (isalnum(t[-1]) || t[-1]=='_')) {
+                                       t--;
+                               }
+                               
+                               tlen = strlen(t);
+                                                               
+                               zend_hash_internal_pointer_reset(HG(include_whitelist));
+                               do {
+                                       int r = zend_hash_get_current_key_ex(HG(include_whitelist), &index, &indexlen, &numindex, 0, NULL);
+                                       
+                                       if (r==HASH_KEY_NON_EXISTANT) {
+                                               break;
+                                       }
+                                       if (r==HASH_KEY_IS_STRING) {
+                                               if (h-t <= indexlen-1 && tlen>=indexlen-1) {
+                                                       if (strncmp(t, index, indexlen-1)==0) {
+                                                               isOk = 1;
+                                                               break;
+                                                       }
+                                               }
+                                       }
+                                       
+                                       zend_hash_move_forward(HG(include_whitelist));
+                               } while (1);
+                               
+                               /* not found in whitelist */
+                               if (!isOk) {
+                                       php_security_log(S_INCLUDE, "Include filename ('%s') is an URL that is not allowed in whitelist", fname);
+                                       efree(fname);
+                                       return 0;
+                               }
+                               
+                               s = h + 3;
+                       } while (1);
+               } else {
+                       /* okay then handle the blacklist */
+                       char *s, *t, *h, *index;
+                       uint indexlen;
+                       ulong numindex;
+
+                       s = filename;
+                       
+                       do {
+                               int tlen;
+                               
+                               t = h = strstr(s, "://");
+                               if (h == NULL) break;
+                               
+                               
+                               while (t > s && (isalnum(t[-1]) || t[-1]=='_')) {
+                                       t--;
+                               }
+                               
+                               tlen = strlen(t);
+                                                               
+                               zend_hash_internal_pointer_reset(HG(include_blacklist));
+                               do {
+                                       int r = zend_hash_get_current_key_ex(HG(include_blacklist), &index, &indexlen, &numindex, 0, NULL);
+                                       
+                                       if (r==HASH_KEY_NON_EXISTANT) {
+                                               break;
+                                       }
+                                       if (r==HASH_KEY_IS_STRING) {
+                                               if (h-t <= indexlen-1 && tlen>=indexlen-1) {
+                                                       if (strncmp(t, index, indexlen-1)==0) {
+                                                               php_security_log(S_INCLUDE, "Include filename ('%s') is an URL that is forbidden by the blacklist", fname);
+                                                               efree(fname);
+                                                               return 0;
+                                                       }
+                                               }
+                                       }
+                                       
+                                       zend_hash_move_forward(HG(include_blacklist));
+                               } while (1);
+                               
+                               s = h + 3;
+                       } while (1);
+               }
+               
+               efree(fname);
+       }
+       
+       /* 4. must not be an uploaded file */
+       if (SG(rfc1867_uploaded_files)) {
+               if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, len+1)) {
+                       php_security_log(S_INCLUDE, "Include filename is an uploaded file");
+                       return (0);
+               }
+       }
+       
+       /* passed all tests */
+       return (1);
+}
+
+#endif
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: sw=4 ts=4 fdm=marker
+ * vim<600: sw=4 ts=4
+ */
+diff -Nura php-4.4.2/main/hardening_patch.h hardening-patch-4.4.2-0.4.15/main/hardening_patch.h
+--- php-4.4.2/main/hardening_patch.h    1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/hardening_patch.h 2006-09-07 18:48:35.000000000 +0200
+@@ -0,0 +1,46 @@
+/*
+   +----------------------------------------------------------------------+
+   | Hardening Patch for PHP                                              |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2005 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@hardened-php.net>                       |
+   +----------------------------------------------------------------------+
+ */
+
+#ifndef HARDENING_PATCH_H
+#define HARDENING_PATCH_H
+
+#include "zend.h"
+
+#if HARDENING_PATCH
+PHPAPI void php_security_log(int loglevel, char *fmt, ...);
+PHPAPI void hardened_startup();
+#define HARDENING_PATCH_VERSION "0.4.15"
+
+#endif
+
+#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT
+PHPAPI unsigned int php_canary();
+#endif
+
+#if HARDENING_PATCH_INC_PROTECT
+PHPAPI int php_is_valid_include(zval *z);
+#endif
+
+#endif /* HARDENING_PATCH_H */
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ */
+diff -Nura php-4.4.2/main/hardening_patch.m4 hardening-patch-4.4.2-0.4.15/main/hardening_patch.m4
+--- php-4.4.2/main/hardening_patch.m4   1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/hardening_patch.m4        2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,95 @@
+dnl
+dnl $Id: hardening_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $
+dnl
+dnl This file contains Hardening Patch for PHP specific autoconf functions.
+dnl
+
+AC_ARG_ENABLE(hardening-patch-mm-protect,
+[  --disable-hardening-patch-mm-protect    Disable the Memory Manager protection.],[
+  DO_HARDENING_PATCH_MM_PROTECT=$enableval
+],[
+  DO_HARDENING_PATCH_MM_PROTECT=yes
+])
+
+AC_ARG_ENABLE(hardening-patch-ll-protect,
+[  --disable-hardening-patch-ll-protect    Disable the Linked List protection.],[
+  DO_HARDENING_PATCH_LL_PROTECT=$enableval
+],[
+  DO_HARDENING_PATCH_LL_PROTECT=yes
+])
+
+AC_ARG_ENABLE(hardening-patch-inc-protect,
+[  --disable-hardening-patch-inc-protect   Disable include/require protection.],[
+  DO_HARDENING_PATCH_INC_PROTECT=$enableval
+],[
+  DO_HARDENING_PATCH_INC_PROTECT=yes
+])
+
+AC_ARG_ENABLE(hardening-patch-fmt-protect,
+[  --disable-hardening-patch-fmt-protect   Disable format string protection.],[
+  DO_HARDENING_PATCH_FMT_PROTECT=$enableval
+],[
+  DO_HARDENING_PATCH_FMT_PROTECT=yes
+])
+
+AC_ARG_ENABLE(hardening-patch-hash-protect,
+[  --disable-hardening-patch-hash-protect  Disable HashTable destructor protection.],[
+  DO_HARDENING_PATCH_HASH_PROTECT=$enableval
+],[
+  DO_HARDENING_PATCH_HASH_PROTECT=yes
+])
+
+AC_MSG_CHECKING(whether to protect the Zend Memory Manager)
+AC_MSG_RESULT($DO_HARDENING_PATCH_MM_PROTECT)
+
+AC_MSG_CHECKING(whether to protect the Zend Linked Lists)
+AC_MSG_RESULT($DO_HARDENING_PATCH_LL_PROTECT)
+
+AC_MSG_CHECKING(whether to protect include/require statements)
+AC_MSG_RESULT($DO_HARDENING_PATCH_INC_PROTECT)
+
+AC_MSG_CHECKING(whether to protect PHP Format String functions)
+AC_MSG_RESULT($DO_HARDENING_PATCH_FMT_PROTECT)
+
+AC_MSG_CHECKING(whether to protect the destructor of Zend HashTables)
+AC_MSG_RESULT($DO_HARDENING_PATCH_HASH_PROTECT)
+
+
+AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch])
+
+
+if test "$DO_HARDENING_PATCH_MM_PROTECT" = "yes"; then
+dnl  AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch])
+  AC_DEFINE(HARDENING_PATCH_MM_PROTECT, 1, [Memory Manager Protection])
+else
+  AC_DEFINE(HARDENING_PATCH_MM_PROTECT, 0, [Memory Manager Protection])
+fi
+
+if test "$DO_HARDENING_PATCH_LL_PROTECT" = "yes"; then
+dnl    AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch])
+  AC_DEFINE(HARDENING_PATCH_LL_PROTECT, 1, [Linked List Protection])
+else
+  AC_DEFINE(HARDENING_PATCH_LL_PROTECT, 0, [Linked List Protection])
+fi
+
+if test "$DO_HARDENING_PATCH_INC_PROTECT" = "yes"; then
+dnl    AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch])
+  AC_DEFINE(HARDENING_PATCH_INC_PROTECT, 1, [Include/Require Protection])
+else
+  AC_DEFINE(HARDENING_PATCH_INC_PROTECT, 0, [Include/Require Protection])
+fi
+
+if test "$DO_HARDENING_PATCH_FMT_PROTECT" = "yes"; then
+dnl    AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch])
+  AC_DEFINE(HARDENING_PATCH_FMT_PROTECT, 1, [Fmt String Protection])
+else
+  AC_DEFINE(HARDENING_PATCH_FMT_PROTECT, 0, [Fmt String Protection])
+fi
+
+if test "$DO_HARDENING_PATCH_HASH_PROTECT" = "yes"; then
+dnl    AC_DEFINE(HARDENING_PATCH, 1, [Hardening Patch])
+  AC_DEFINE(HARDENING_PATCH_HASH_PROTECT, 1, [HashTable DTOR Protection])
+else
+  AC_DEFINE(HARDENING_PATCH_HASH_PROTECT, 0, [HashTable DTOR Protection])
+fi
+
+diff -Nura php-4.4.2/main/main.c hardening-patch-4.4.2-0.4.15/main/main.c
+--- php-4.4.2/main/main.c       2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/main.c    2006-09-05 20:30:33.000000000 +0200
+@@ -92,6 +92,10 @@
+ PHPAPI int core_globals_id;
+ #endif
+ 
+#if HARDENING_PATCH
+#include "hardened_globals.h"
+#endif
+
+ #define ERROR_BUF_LEN  1024
+ 
+ typedef struct {
+@@ -142,17 +146,39 @@
+  */
+ static PHP_INI_MH(OnChangeMemoryLimit)
+ {
+#if HARDENING_PATCH
+       long hard_memory_limit = 1<<30;
+       
+       if (stage == ZEND_INI_STAGE_RUNTIME) {
+               if (HG(hard_memory_limit) == 0) {
+                       HG(hard_memory_limit) = PG(memory_limit);
+               }
+               hard_memory_limit = HG(hard_memory_limit);
+       } else {
+               HG(hard_memory_limit) = 0;
+       }
+#endif 
+        if (new_value) {
+                PG(memory_limit) = zend_atoi(new_value, new_value_length);
+#if HARDENING_PATCH
+               if (PG(memory_limit) > hard_memory_limit) {
+                       PG(memory_limit) = hard_memory_limit;
+                       php_security_log(S_MISC, "script tried to increase memory_limit above allowed value");
+                       return FAILURE;
+               }
+#endif 
+        } else {
+#if HARDENING_PATCH
+               PG(memory_limit) = hard_memory_limit;
+#else
+                PG(memory_limit) = 1<<30;               /* effectively, no limit */
+#endif
+        }
+        return zend_set_memory_limit(PG(memory_limit));
+ }
+ /* }}} */
+ #endif
+ 
+-
+ /* {{{ php_disable_functions
+  */
+ static void php_disable_functions(TSRMLS_D)
+@@ -1008,6 +1034,9 @@
+ 
+        zend_try { 
+                shutdown_memory_manager(CG(unclean_shutdown), 0 TSRMLS_CC);
+#if HARDENING_PATCH
+               hardened_clear_mm_canaries(TSRMLS_C);
+#endif
+        } zend_end_try();
+ 
+        zend_try { 
+@@ -1098,6 +1127,10 @@
+        tsrm_ls = ts_resource(0);
+ #endif
+ 
+#if HARDENING_PATCH
+       hardened_startup();
+#endif
+
+        sapi_initialize_empty_request(TSRMLS_C);
+        sapi_activate(TSRMLS_C);
+ 
+@@ -1110,6 +1143,12 @@
+        php_output_startup();
+        php_output_activate(TSRMLS_C);
+ 
+#if HARDENING_PATCH_INC_PROTECT
+       zuf.is_valid_include = php_is_valid_include;
+#endif
+#if HARDENING_PATCH
+       zuf.security_log_function = php_security_log;
+#endif
+        zuf.error_function = php_error_cb;
+        zuf.printf_function = php_printf;
+        zuf.write_function = php_body_write_wrapper;
+@@ -1211,6 +1250,10 @@
+        REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_PATH", PHP_CONFIG_FILE_PATH, sizeof(PHP_CONFIG_FILE_PATH)-1, CONST_PERSISTENT | CONST_CS);
+        REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS);
+        REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS);
+#if HARDENING_PATCH
+       REGISTER_MAIN_LONG_CONSTANT("HARDENING_PATCH", 1, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_STRINGL_CONSTANT("HARDENING_PATCH_VERSION", HARDENING_PATCH_VERSION, sizeof(HARDENING_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS);
+#endif
+        REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS);
+        REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS);
+        REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS);
+@@ -1318,7 +1361,7 @@
+  */
+ static inline void php_register_server_variables(TSRMLS_D)
+ {
+-       zval *array_ptr=NULL;
+       zval *array_ptr=NULL, *vptr;
+ 
+        ALLOC_ZVAL(array_ptr);
+        array_init(array_ptr);
+diff -Nura php-4.4.2/main/php_config.h.in hardening-patch-4.4.2-0.4.15/main/php_config.h.in
+--- php-4.4.2/main/php_config.h.in      2006-01-12 19:24:28.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/php_config.h.in   2006-09-05 20:30:33.000000000 +0200
+@@ -865,6 +865,39 @@
+ /* Enabling BIND8 compatibility for Panther */
+ #undef BIND_8_COMPAT
+ 
+/* Hardening-Patch */
+#undef HARDENING_PATCH
+
+/* Memory Manager Protection */
+#undef HARDENING_PATCH_MM_PROTECT
+
+/* Memory Manager Protection */
+#undef HARDENING_PATCH_MM_PROTECT
+
+/* Linked List Protection */
+#undef HARDENING_PATCH_LL_PROTECT
+
+/* Linked List Protection */
+#undef HARDENING_PATCH_LL_PROTECT
+
+/* Include/Require Protection */
+#undef HARDENING_PATCH_INC_PROTECT
+
+/* Include/Require Protection */
+#undef HARDENING_PATCH_INC_PROTECT
+
+/* Fmt String Protection */
+#undef HARDENING_PATCH_FMT_PROTECT
+
+/* Fmt String Protection */
+#undef HARDENING_PATCH_FMT_PROTECT
+
+/* HashTable DTOR Protection */
+#undef HARDENING_PATCH_HASH_PROTECT
+
+/* HashTable DTOR Protection */
+#undef HARDENING_PATCH_HASH_PROTECT
+
+ /* Whether you have AOLserver */
+ #undef HAVE_AOLSERVER
+ 
+@@ -1148,6 +1181,12 @@
+ /* Define if you have the getaddrinfo function */
+ #undef HAVE_GETADDRINFO
+ 
+/* Whether realpath is broken */
+#undef PHP_BROKEN_REALPATH
+
+/* Whether realpath is broken */
+#undef PHP_BROKEN_REALPATH
+
+ /* Whether system headers declare timezone */
+ #undef HAVE_DECLARED_TIMEZONE
+ 
+diff -Nura php-4.4.2/main/php_content_types.c hardening-patch-4.4.2-0.4.15/main/php_content_types.c
+--- php-4.4.2/main/php_content_types.c  2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/php_content_types.c       2006-09-05 20:30:33.000000000 +0200
+@@ -77,6 +77,7 @@
+        sapi_register_post_entries(php_post_entries);
+        sapi_register_default_post_reader(php_default_post_reader);
+        sapi_register_treat_data(php_default_treat_data);
+       sapi_register_input_filter(php_default_input_filter);
+        return SUCCESS;
+ }
+ /* }}} */
+diff -Nura php-4.4.2/main/php.h hardening-patch-4.4.2-0.4.15/main/php.h
+--- php-4.4.2/main/php.h        2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/php.h     2006-09-05 20:30:33.000000000 +0200
+@@ -35,11 +35,19 @@
+ #include "zend_qsort.h"
+ #include "php_compat.h"
+ 
+
+ #include "zend_API.h"
+ 
+ #undef sprintf
+ #define sprintf php_sprintf
+ 
+#if HARDENING_PATCH
+#if HAVE_REALPATH
+#undef realpath
+#define realpath php_realpath
+#endif
+#endif
+
+ /* PHP's DEBUG value must match Zend's ZEND_DEBUG value */
+ #undef PHP_DEBUG
+ #define PHP_DEBUG ZEND_DEBUG
+@@ -409,6 +417,10 @@
+ #endif
+ #endif /* !XtOffsetOf */
+ 
+#if HARDENING_PATCH
+#include "hardening_patch.h"
+#endif
+
+ #endif
+ 
+ /*
+diff -Nura php-4.4.2/main/php_open_temporary_file.c hardening-patch-4.4.2-0.4.15/main/php_open_temporary_file.c
+--- php-4.4.2/main/php_open_temporary_file.c    2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/php_open_temporary_file.c 2006-09-05 20:30:33.000000000 +0200
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: php_open_temporary_file.c,v 1.18.2.10.2.2 2006/01/01 13:46:59 sniper Exp $ */
+/* $Id: php_open_temporary_file.c,v 1.18.2.10.2.3 2006/05/23 23:23:39 iliaa Exp $ */
+ 
+ #include "php.h"
+ 
+@@ -115,17 +115,16 @@
+ 
+        path_len = strlen(path);
+ 
+-       if (!(opened_path = emalloc(MAXPATHLEN))) {
+-               return -1;
+-       }
+-
+        if (!path_len || IS_SLASH(path[path_len - 1])) {
+                trailing_slash = "";
+        } else {
+                trailing_slash = "/";
+        }
+ 
+-       (void)snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXX", path, trailing_slash, pfx);
+       if (spprintf(&opened_path, 0, "%s%s%sXXXXXX", path, trailing_slash, pfx) >= MAXPATHLEN) {
+               efree(opened_path);
+               return -1;
+       }
+ 
+ #ifdef PHP_WIN32
+        if (GetTempFileName(path, pfx, 0, opened_path)) {
+diff -Nura php-4.4.2/main/php_variables.c hardening-patch-4.4.2-0.4.15/main/php_variables.c
+--- php-4.4.2/main/php_variables.c      2006-01-01 14:47:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/php_variables.c   2006-09-05 20:30:33.000000000 +0200
+@@ -236,17 +236,28 @@
+        while (var) {
+                val = strchr(var, '=');
+                if (val) { /* have a value */
+-                       int val_len;
+                       unsigned int val_len, new_val_len;
+ 
+                        *val++ = '\0';
+                        php_url_decode(var, strlen(var));
+                        val_len = php_url_decode(val, strlen(val));
+-                       php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
+                       val = estrndup(val, val_len);
+                       if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+                               php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+                       }
+                       efree(val);
+                }
+                var = php_strtok_r(NULL, "&", &strtok_buf);
+        }
+ }
+ 
+SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
+{
+       /* TODO: check .ini setting here and apply user-defined input filter */
+       *new_val_len = val_len;
+       return 1;
+}
+
+ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
+ {
+        char *res = NULL, *var, *val, *separator=NULL;
+@@ -324,15 +335,26 @@
+        while (var) {
+                val = strchr(var, '=');
+                if (val) { /* have a value */
+-                       int val_len;
+                       unsigned int val_len, new_val_len;
+ 
+                        *val++ = '\0';
+                        php_url_decode(var, strlen(var));
+                        val_len = php_url_decode(val, strlen(val));
+-                       php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
+                       val = estrndup(val, val_len);
+                       if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+                               php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+                       }
+                       efree(val);
+                } else {
+                       unsigned int val_len, new_val_len;
+                       
+                        php_url_decode(var, strlen(var));
+-                       php_register_variable_safe(var, "", 0, array_ptr TSRMLS_CC);
+                       val_len = 0;
+                       val = estrndup("", 0);
+                       if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+                               php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+                       }
+                       efree(val);
+                }
+                var = php_strtok_r(NULL, separator, &strtok_buf);
+        }
+diff -Nura php-4.4.2/main/rfc1867.c hardening-patch-4.4.2-0.4.15/main/rfc1867.c
+--- php-4.4.2/main/rfc1867.c    2006-01-01 14:47:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/rfc1867.c 2006-09-05 20:30:33.000000000 +0200
+@@ -128,6 +128,8 @@
+ #define UPLOAD_ERROR_D    4  /* No file uploaded */
+ #define UPLOAD_ERROR_E    6  /* Missing /tmp or similar directory */
+ #define UPLOAD_ERROR_F    7  /* Failed to write file to disk */
+#define UPLOAD_ERROR_X    99  /* Filter forbids upload */
+  
+ 
+ void php_rfc1867_register_constants(TSRMLS_D)
+ {
+@@ -138,6 +140,7 @@
+        REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE",    UPLOAD_ERROR_D,  CONST_CS | CONST_PERSISTENT);
+        REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E,  CONST_CS | CONST_PERSISTENT);
+        REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F,  CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_FILTER",     UPLOAD_ERROR_X,  CONST_CS | CONST_PERSISTENT);
+ }
+ 
+ static void normalize_protected_variable(char *varname TSRMLS_DC)
+@@ -849,6 +852,7 @@
+                char buff[FILLUNIT];
+                char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
+                int blen=0, wlen=0;
+               unsigned long offset;
+ 
+                zend_llist_clean(&header);
+ 
+@@ -897,21 +901,24 @@
+                        if (!filename && param) {
+ 
+                                char *value = multipart_buffer_read_body(mbuff TSRMLS_CC);
+                               unsigned int new_val_len; /* Dummy variable */
+ 
+                                if (!value) {
+                                        value = estrdup("");
+                                }
+ 
+                               if (sapi_module.input_filter(PARSE_POST, param, &value, strlen(value), &new_val_len TSRMLS_CC)) {
+ #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
+-                               if (php_mb_encoding_translation(TSRMLS_C)) {
+-                                       php_mb_gpc_stack_variable(param, value, &val_list, &len_list, 
+-                                                                                         &num_vars, &num_vars_max TSRMLS_CC);
+-                               } else {
+-                                       safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
+-                               }
+                                       if (php_mb_encoding_translation(TSRMLS_C)) {
+                                               php_mb_gpc_stack_variable(param, value, &val_list, &len_list, 
+                                                                                                 &num_vars, &num_vars_max TSRMLS_CC);
+                                       } else {
+                                               safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
+                                       }
+ #else
+-                               safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
+                                       safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
+ #endif
+                               }
+                                if (!strcasecmp(param, "MAX_FILE_SIZE")) {
+                                        max_file_size = atol(value);
+                                }
+@@ -963,7 +970,11 @@
+                                        tmp++;                          
+                                }
+                        }
+-
+                       
+                       if (sapi_module.upload_varname_filter && sapi_module.upload_varname_filter(param TSRMLS_CC)==FAILURE) {
+                               skip_upload = 1;
+                       }
+ 
+                        total_bytes = cancel_upload = 0;
+ 
+                        if (!skip_upload) {
+@@ -987,6 +998,11 @@
+                                cancel_upload = UPLOAD_ERROR_D;
+                        }
+ 
+                       if (sapi_module.pre_upload_filter && sapi_module.pre_upload_filter(param, filename TSRMLS_CC)==FAILURE) {
+                               cancel_upload = UPLOAD_ERROR_X;
+                       }
+
+                       offset = 0;
+                        end = 0;
+                        while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC)))
+                        {
+@@ -997,6 +1013,11 @@
+                                        sapi_module.sapi_error(E_WARNING, "MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved", max_file_size, param, filename);
+                                        cancel_upload = UPLOAD_ERROR_B;
+                                } else if (blen > 0) {
+
+                                       if (sapi_module.upload_content_filter && sapi_module.upload_content_filter(offset, buff, blen, &blen TSRMLS_CC)==FAILURE) {
+                                               cancel_upload = UPLOAD_ERROR_X;
+                                       }
+
+                                        wlen = write(fd, buff, blen);
+                        
+                                        if (wlen < blen) {
+@@ -1004,6 +1025,7 @@
+                                                cancel_upload = UPLOAD_ERROR_F;
+                                        } else {
+                                                total_bytes += wlen;
+                                               offset += wlen;
+                                        }
+                                } 
+                        } 
+@@ -1025,6 +1047,10 @@
+                        }
+ #endif         
+ 
+                       if (!cancel_upload && sapi_module.post_upload_filter && sapi_module.post_upload_filter(temp_filename TSRMLS_CC)==FAILURE) {
+                               cancel_upload = UPLOAD_ERROR_X;
+                       }
+
+                        if (cancel_upload) {
+                                if (temp_filename) {
+                                        if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */
+diff -Nura php-4.4.2/main/SAPI.c hardening-patch-4.4.2-0.4.15/main/SAPI.c
+--- php-4.4.2/main/SAPI.c       2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/SAPI.c    2006-09-05 20:30:33.000000000 +0200
+@@ -854,6 +854,37 @@
+        return SUCCESS;
+ }
+ 
+SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC))
+{
+       sapi_module.input_filter = input_filter;
+       return SUCCESS;
+}
+
+SAPI_API int sapi_register_upload_varname_filter(unsigned int (*upload_varname_filter)(char *varname TSRMLS_DC))
+{
+       sapi_module.upload_varname_filter = upload_varname_filter;
+       return SUCCESS;
+}
+
+SAPI_API int sapi_register_pre_upload_filter(unsigned int (*pre_upload_filter)(char *varname, char *filename TSRMLS_DC))
+{
+       sapi_module.pre_upload_filter = pre_upload_filter;
+       return SUCCESS;
+}
+
+SAPI_API int sapi_register_upload_content_filter(unsigned int (*upload_content_filter)(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC))
+{
+       sapi_module.upload_content_filter = upload_content_filter;
+       return SUCCESS;
+}
+
+SAPI_API int sapi_register_post_upload_filter(unsigned int (*post_upload_filter)(char *tmpfilename TSRMLS_DC))
+{
+       sapi_module.post_upload_filter = post_upload_filter;
+       return SUCCESS;
+}
+
+
+ 
+ SAPI_API int sapi_flush(TSRMLS_D)
+ {
+diff -Nura php-4.4.2/main/SAPI.h hardening-patch-4.4.2-0.4.15/main/SAPI.h
+--- php-4.4.2/main/SAPI.h       2006-01-01 14:46:59.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/SAPI.h    2006-09-05 20:30:33.000000000 +0200
+@@ -101,9 +101,10 @@
+        char *current_user;
+        int current_user_length;
+ 
+-    /* this is necessary for CLI module */
+-    int argc;
+-    char **argv;
+       /* this is necessary for CLI module */
+       int argc;
+       char **argv;
+       
+ } sapi_request_info;
+ 
+ 
+@@ -177,6 +178,10 @@
+ SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry);
+ SAPI_API int sapi_register_default_post_reader(void (*default_post_reader)(TSRMLS_D));
+ SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zval *destArray TSRMLS_DC));
+SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC));
+SAPI_API int sapi_register_pre_upload_filter(unsigned int (*pre_upload_filter)(char *varname, char *filename TSRMLS_DC));
+SAPI_API int sapi_register_upload_content_filter(unsigned int (*upload_content_filter)(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC));
+SAPI_API int sapi_register_post_upload_filter(unsigned int (*post_upload_filter)(char *tmpfilename TSRMLS_DC));
+ 
+ SAPI_API int sapi_flush(TSRMLS_D);
+ SAPI_API struct stat *sapi_get_stat(TSRMLS_D);
+@@ -238,8 +243,16 @@
+        int (*get_target_uid)(uid_t * TSRMLS_DC);
+        int (*get_target_gid)(gid_t * TSRMLS_DC);
+ 
+       unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC);
+
+       unsigned int (*upload_varname_filter)(char *varname TSRMLS_DC);
+       unsigned int (*pre_upload_filter)(char *varname, char *filename TSRMLS_DC);
+       unsigned int (*upload_content_filter)(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC);
+       unsigned int (*post_upload_filter)(char *tmpfilename TSRMLS_DC);
+
+        void (*ini_defaults)(HashTable *configuration_hash);
+        int phpinfo_as_text;
+
+ };
+ 
+ 
+@@ -262,16 +275,27 @@
+ 
+ #define SAPI_DEFAULT_MIMETYPE          "text/html"
+ #define SAPI_DEFAULT_CHARSET           ""
+
+#if HARDENING_PATCH
+#define SAPI_PHP_VERSION_HEADER                "X-Powered-By: PHP/" PHP_VERSION " with Hardening-Patch"
+#else
+ #define SAPI_PHP_VERSION_HEADER                "X-Powered-By: PHP/" PHP_VERSION
+#endif
+ 
+ #define SAPI_POST_READER_FUNC(post_reader) void post_reader(TSRMLS_D)
+ #define SAPI_POST_HANDLER_FUNC(post_handler) void post_handler(char *content_type_dup, void *arg TSRMLS_DC)
+ 
+ #define SAPI_TREAT_DATA_FUNC(treat_data) void treat_data(int arg, char *str, zval* destArray TSRMLS_DC)
+#define SAPI_INPUT_FILTER_FUNC(input_filter) unsigned int input_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC)
+#define SAPI_UPLOAD_VARNAME_FILTER_FUNC(upload_varname_filter) unsigned int upload_varname_filter(char *varname TSRMLS_DC)
+#define SAPI_PRE_UPLOAD_FILTER_FUNC(pre_upload_filter) unsigned int pre_upload_filter(char *varname, char *filename TSRMLS_DC)
+#define SAPI_UPLOAD_CONTENT_FILTER_FUNC(upload_content_filter) unsigned int upload_content_filter(unsigned long offset, char *buffer, unsigned int buffer_len, unsigned int *new_buffer_len TSRMLS_DC)
+#define SAPI_POST_UPLOAD_FILTER_FUNC(post_upload_filter) unsigned int post_upload_filter(char *tmpfilename TSRMLS_DC)
+ 
+ SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data);
+ SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader);
+ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data);
+SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter);
+ 
+ #define STANDARD_SAPI_MODULE_PROPERTIES
+ 
+diff -Nura php-4.4.2/main/snprintf.c hardening-patch-4.4.2-0.4.15/main/snprintf.c
+--- php-4.4.2/main/snprintf.c   2006-01-01 14:47:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/snprintf.c        2006-09-05 20:30:33.000000000 +0200
+@@ -1014,7 +1014,11 @@
+ 
+ 
+                                case 'n':
+#if HARDENING_PATCH_FMT_PROTECT
+                                       php_security_log(S_MISC, "'n' specifier within format string");
+#else
+                                        *(va_arg(ap, int *)) = cc;
+#endif
+                                        break;
+ 
+                                        /*
+diff -Nura php-4.4.2/main/spprintf.c hardening-patch-4.4.2-0.4.15/main/spprintf.c
+--- php-4.4.2/main/spprintf.c   2006-01-01 14:47:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/spprintf.c        2006-09-05 20:30:33.000000000 +0200
+@@ -630,7 +630,11 @@
+ 
+ 
+                                case 'n':
+#if HARDENING_PATCH_FMT_PROTECT
+                                       php_security_log(S_MISC, "'n' specifier within format string");
+#else
+                                        *(va_arg(ap, int *)) = xbuf->len;
+#endif
+                                        break;
+ 
+                                        /*
+diff -Nura php-4.4.2/main/streams.c hardening-patch-4.4.2-0.4.15/main/streams.c
+--- php-4.4.2/main/streams.c    2006-01-01 14:47:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/main/streams.c 2006-09-05 20:30:33.000000000 +0200
+@@ -20,7 +20,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: streams.c,v 1.125.2.100.2.2 2006/01/01 13:47:00 sniper Exp $ */
+/* $Id: streams.c,v 1.125.2.100.2.3 2006/05/19 10:24:42 tony2001 Exp $ */
+ 
+ #define _GNU_SOURCE
+ #include "php.h"
+@@ -445,7 +445,7 @@
+  * charsets (for example) but still be able to provide them all as filters */
+ PHPAPI php_stream_filter *php_stream_filter_create(const char *filtername, const char *filterparams, int filterparamslen, int persistent TSRMLS_DC)
+ {
+-       php_stream_filter_factory *factory;
+       php_stream_filter_factory *factory = NULL;
+        php_stream_filter *filter = NULL;
+        int n;
+        char *period;
+diff -Nura php-4.4.2/php.ini-dist hardening-patch-4.4.2-0.4.15/php.ini-dist
+--- php-4.4.2/php.ini-dist      2005-12-30 18:19:43.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/php.ini-dist   2006-09-05 20:30:33.000000000 +0200
+@@ -1114,6 +1114,209 @@
+ ;exif.decode_jis_motorola = JIS
+ ;exif.decode_jis_intel    = JIS
+ 
+[hardening-patch]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;
+; hphp.log.syslog   - Configures level for alerts reported through syslog
+; hphp.log.sapi     - Configures level for alerts reported through SAPI errorlog
+; hphp.log.script   - Configures level for alerts reported through external script
+;
+; hphp.log.syslog, hphp.log.sapi, hphp.log.script are bit-fields.
+; Or each number up to get desired Hardening-Patch's reporting level
+; 
+; S_ALL             - All alerts
+; S_MEMORY          - All canary violations and the safe unlink protection use this class
+; S_VARS            - All variable filters trigger this class
+; S_FILES           - All violation of uploaded files filter use this class
+; S_INCLUDE         - The protection against malicious include filenames use this class
+; S_SQL             - Failed SQL queries in MySQL are logged with this class
+; S_EXECUTOR        - The execution depth protection uses this logging class
+; S_MISC            - All other log messages (f.e. format string protection) use this class
+;
+; Example:
+;
+;   - Report all alerts (except memory alerts) to the SAPI errorlog, 
+;     memory alerts through syslog and SQL+Include alerts fo the script
+;
+;hphp.log.syslog = S_MEMORY
+;hphp.log.sapi   = S_ALL & ~S_MEMORY
+;hphp.log.script = S_INCLUDE | S_SQL
+;
+; Syslog logging:
+; 
+;   - Facility configuration: one of the following facilities
+;
+;        LOG_KERN, LOG_USER, LOG_MAIL, LOG_DAEMON
+;        LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS
+;        LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_LOCAL0
+;        LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4
+;        LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7, LOG_PID
+;        LOG_CONS, LOG_ODELAY, LOG_NDELAY, LOG_NOWAIT
+;        LOG_PERROR
+;
+;   - Priority configuration: one of the followinf priorities
+;
+;        LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_WARNING
+;        LOG_NOTICE, LOG_INFO, LOG_DEBUG, LOG_ERR
+; 
+hphp.log.syslog.priority = LOG_ALERT
+hphp.log.syslog.facility = LOG_USER
+;
+; Script logging:
+;
+;hphp.log.script.name = /home/hphp/log_script
+;
+; Alert configuration:
+;
+;   - Logged IP addresses from X-Forwarded-For instead of REMOTE_ADDR
+;
+;hphp.log.use-x-forwarded-for = On
+;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's Executor options ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Execution depth limit
+;hphp.executor.max_depth = 8000
+
+; White-/blacklist for function calls during normal execution
+;hphp.executor.func.whitelist = ord,chr
+;hphp.executor.func.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+; White-/blacklist for function calls during eval() execution
+;hphp.executor.eval.whitelist = ord,chr
+;hphp.executor.eval.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+; White-/blacklist for URLs allowes in include filenames
+;
+;   - When both options are not set all URLs are forbidden
+;
+;   - When both options are set whitelist is taken and blacklist ignored
+;
+;   - An entry in the lists is either a URL sheme like: http, https
+;     or the beginning of an URL like: php://input
+;
+;hphp.executor.include.whitelist = cookietest
+;hphp.executor.include.blacklist = http, https, ftp, ftps, php://input, file
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's REQUEST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of REQUEST variables
+hphp.request.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.request.max_varname_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.request.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.request.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.request.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.request.max_value_length = 65000
+
+; Disallow ASCII-NUL characters in input
+hphp.request.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's COOKIE variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.cookie.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.cookie.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.cookie.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.cookie.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.cookie.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.cookie.max_value_length = 10000
+
+; Disallow ASCII-NUL characters in input
+hphp.cookie.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's GET variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.get.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.get.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.get.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.get.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.get.max_array_depth = 50
+
+; Limits the length of variable values
+hphp.get.max_value_length = 512
+
+; Disallow ASCII-NUL characters in input
+hphp.get.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's POST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of POST variables
+hphp.post.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.post.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.post.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.post.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.post.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.post.max_value_length = 65000
+
+; Disallow ASCII-NUL characters in input
+hphp.post.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's fileupload variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of uploadable files
+hphp.upload.max_uploads = 25
+
+; Filter out the upload of ELF executables
+hphp.upload.disallow_elf_files = On
+
+; External filterscript for upload verification
+;hphp.upload.verification_script = /home/hphp/verify_script
+
+
+ ; Local Variables:
+ ; tab-width: 4
+ ; End:
+diff -Nura php-4.4.2/php.ini-recommended hardening-patch-4.4.2-0.4.15/php.ini-recommended
+--- php-4.4.2/php.ini-recommended       2005-12-30 18:19:43.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/php.ini-recommended    2006-09-05 20:30:33.000000000 +0200
+@@ -1112,6 +1112,209 @@
+ ;exif.decode_jis_motorola = JIS
+ ;exif.decode_jis_intel    = JIS
+ 
+[hardening-patch]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;
+; hphp.log.syslog   - Configures level for alerts reported through syslog
+; hphp.log.sapi     - Configures level for alerts reported through SAPI errorlog
+; hphp.log.script   - Configures level for alerts reported through external script
+;
+; hphp.log.syslog, hphp.log.sapi, hphp.log.script are bit-fields.
+; Or each number up to get desired Hardening-Patch's reporting level
+; 
+; S_ALL             - All alerts
+; S_MEMORY          - All canary violations and the safe unlink protection use this class
+; S_VARS            - All variable filters trigger this class
+; S_FILES           - All violation of uploaded files filter use this class
+; S_INCLUDE         - The protection against malicious include filenames use this class
+; S_SQL             - Failed SQL queries in MySQL are logged with this class
+; S_EXECUTOR        - The execution depth protection uses this logging class
+; S_MISC            - All other log messages (f.e. format string protection) use this class
+;
+; Example:
+;
+;   - Report all alerts (except memory alerts) to the SAPI errorlog, 
+;     memory alerts through syslog and SQL+Include alerts fo the script
+;
+;hphp.log.syslog = S_MEMORY
+;hphp.log.sapi   = S_ALL & ~S_MEMORY
+;hphp.log.script = S_INCLUDE | S_SQL
+;
+; Syslog logging:
+; 
+;   - Facility configuration: one of the following facilities
+;
+;        LOG_KERN, LOG_USER, LOG_MAIL, LOG_DAEMON
+;        LOG_AUTH, LOG_SYSLOG, LOG_LPR, LOG_NEWS
+;        LOG_UUCP, LOG_CRON, LOG_AUTHPRIV, LOG_LOCAL0
+;        LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4
+;        LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7, LOG_PID
+;        LOG_CONS, LOG_ODELAY, LOG_NDELAY, LOG_NOWAIT
+;        LOG_PERROR
+;
+;   - Priority configuration: one of the followinf priorities
+;
+;        LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_WARNING
+;        LOG_NOTICE, LOG_INFO, LOG_DEBUG, LOG_ERR
+; 
+hphp.log.syslog.priority = LOG_ALERT
+hphp.log.syslog.facility = LOG_USER
+;
+; Script logging:
+;
+;hphp.log.script.name = /home/hphp/log_script
+;
+; Alert configuration:
+;
+;   - Logged IP addresses from X-Forwarded-For instead of REMOTE_ADDR
+;
+;hphp.log.use-x-forwarded-for = On
+;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's Executor options ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Execution depth limit
+;hphp.executor.max_depth = 8000
+
+; White-/blacklist for function calls during normal execution
+;hphp.executor.func.whitelist = ord,chr
+;hphp.executor.func.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+; White-/blacklist for function calls during eval() execution
+;hphp.executor.eval.whitelist = ord,chr
+;hphp.executor.eval.blacklist = system,shell_exec,popen,proc_open,exec,passthru
+
+; White-/blacklist for URLs allowes in include filenames
+;
+;   - When both options are not set all URLs are forbidden
+;
+;   - When both options are set whitelist is taken and blacklist ignored
+;
+;   - An entry in the lists is either a URL sheme like: http, https
+;     or the beginning of an URL like: php://input
+;
+;hphp.executor.include.whitelist = cookietest
+;hphp.executor.include.blacklist = http, https, ftp, ftps, php://input, file
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's REQUEST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of REQUEST variables
+hphp.request.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.request.max_varname_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.request.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.request.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.request.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.request.max_value_length = 65000
+
+; Disallow ASCII-NUL characters in input
+hphp.request.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's COOKIE variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.cookie.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.cookie.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.cookie.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.cookie.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.cookie.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.cookie.max_value_length = 10000
+
+; Disallow ASCII-NUL characters in input
+hphp.cookie.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's GET variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of COOKIE variables
+hphp.get.max_vars = 100
+
+; Limits the length of variable names (without indices)
+hphp.get.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.get.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.get.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.get.max_array_depth = 50
+
+; Limits the length of variable values
+hphp.get.max_value_length = 512
+
+; Disallow ASCII-NUL characters in input
+hphp.get.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's POST variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of POST variables
+hphp.post.max_vars = 200
+
+; Limits the length of variable names (without indices)
+hphp.post.max_name_length = 64
+
+; Limits the length of complete variable names (with indices)
+hphp.post.max_totalname_length = 256
+
+; Limits the length of array indices
+hphp.post.max_array_index_length = 64
+
+; Limits the depth of arrays
+hphp.post.max_array_depth = 100
+
+; Limits the length of variable values
+hphp.post.max_value_length = 65000
+
+; Disallow ASCII-NUL characters in input
+hphp.post.disallow_nul = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Hardening-Patch's fileupload variable filters ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Limits the number of uploadable files
+hphp.upload.max_uploads = 25
+
+; Filter out the upload of ELF executables
+hphp.upload.disallow_elf_files = On
+
+; External filterscript for upload verification
+;hphp.upload.verification_script = /home/hphp/verify_script
+
+
+ ; Local Variables:
+ ; tab-width: 4
+ ; End:
+diff -Nura php-4.4.2/README.input_filter hardening-patch-4.4.2-0.4.15/README.input_filter
+--- php-4.4.2/README.input_filter       1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/README.input_filter    2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,193 @@
+Input Filter Support ported from PHP 5
+--------------------------------------
+
+XSS (Cross Site Scripting) hacks are becoming more and more prevalent,
+and can be quite difficult to prevent.  Whenever you accept user data
+and somehow display this data back to users, you are likely vulnerable
+to XSS hacks.
+
+The Input Filter support in PHP 5 is aimed at providing the framework
+through which a company-wide or site-wide security policy can be
+enforced.  It is implemented as a SAPI hook and is called from the
+treat_data and post handler functions.  To implement your own security
+policy you will need to write a standard PHP extension.  
+
+A simple implementation might look like the following.  This stores the
+original raw user data and adds a my_get_raw() function while the normal
+$_POST, $_GET and $_COOKIE arrays are only populated with stripped
+data.  In this simple example all I am doing is calling strip_tags() on
+the data.  If register_globals is turned on, the default globals that
+are created will be stripped ($foo) while a $RAW_foo is created with the
+original user input.
+
+ZEND_BEGIN_MODULE_GLOBALS(my_input_filter)
+        zval *post_array;
+        zval *get_array;
+        zval *cookie_array;
+ZEND_END_MODULE_GLOBALS(my_input_filter)
+
+#ifdef ZTS
+#define IF_G(v) TSRMG(my_input_filter_globals_id, zend_my_input_filter_globals *, v)
+#else
+#define IF_G(v) (my_input_filter_globals.v)
+#endif
+
+ZEND_DECLARE_MODULE_GLOBALS(my_input_filter)
+
+function_entry my_input_filter_functions[] = {
+    PHP_FE(my_get_raw,   NULL)
+    {NULL, NULL, NULL}
+};
+
+zend_module_entry my_input_filter_module_entry = {
+    STANDARD_MODULE_HEADER,
+    "my_input_filter",
+    my_input_filter_functions,
+    PHP_MINIT(my_input_filter),
+    PHP_MSHUTDOWN(my_input_filter),
+    NULL,
+    PHP_RSHUTDOWN(my_input_filter),
+    PHP_MINFO(my_input_filter),
+    "0.1",
+    STANDARD_MODULE_PROPERTIES
+};
+
+PHP_MINIT_FUNCTION(my_input_filter)
+{
+    ZEND_INIT_MODULE_GLOBALS(my_input_filter, php_my_input_filter_init_globals, NULL);
+
+    REGISTER_LONG_CONSTANT("POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
+    REGISTER_LONG_CONSTANT("GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
+    REGISTER_LONG_CONSTANT("COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
+
+    sapi_register_input_filter(my_sapi_input_filter);
+    return SUCCESS;
+}
+
+PHP_RSHUTDOWN_FUNCTION(my_input_filter)
+{
+    if(IF_G(get_array)) {
+        zval_ptr_dtor(&IF_G(get_array));
+        IF_G(get_array) = NULL;
+    }
+    if(IF_G(post_array)) {
+        zval_ptr_dtor(&IF_G(post_array));
+        IF_G(post_array) = NULL;
+    }
+    if(IF_G(cookie_array)) {
+        zval_ptr_dtor(&IF_G(cookie_array));
+        IF_G(cookie_array) = NULL;
+    }
+    return SUCCESS;
+}
+
+PHP_MINFO_FUNCTION(my_input_filter)
+{
+    php_info_print_table_start();
+    php_info_print_table_row( 2, "My Input Filter Support", "enabled" );
+    php_info_print_table_row( 2, "Revision", "$Revision: 1.1 $");
+    php_info_print_table_end();
+}
+
+/* The filter handler. If you return 1 from it, then PHP also registers the
+ * (modified) variable. Returning 0 prevents PHP from registering the variable;
+ * you can use this if your filter already registers the variable under a
+ * different name, or if you just don't want the variable registered at all. */
+SAPI_INPUT_FILTER_FUNC(my_sapi_input_filter)
+{
+    zval new_var;
+    zval *array_ptr = NULL;
+    char *raw_var;
+    int var_len;
+
+    assert(*val != NULL);
+
+    switch(arg) {
+        case PARSE_GET:
+            if(!IF_G(get_array)) {
+                ALLOC_ZVAL(array_ptr);
+                array_init(array_ptr);
+                INIT_PZVAL(array_ptr);
+            }
+            IF_G(get_array) = array_ptr;
+            break;
+        case PARSE_POST:
+            if(!IF_G(post_array)) {
+                ALLOC_ZVAL(array_ptr);
+                array_init(array_ptr);
+                INIT_PZVAL(array_ptr);
+            }
+            IF_G(post_array) = array_ptr;
+            break;
+        case PARSE_COOKIE:
+            if(!IF_G(cookie_array)) {
+                ALLOC_ZVAL(array_ptr);
+                array_init(array_ptr);
+                INIT_PZVAL(array_ptr);
+            }
+            IF_G(cookie_array) = array_ptr;
+            break;
+    }
+    Z_STRLEN(new_var) = val_len;
+    Z_STRVAL(new_var) = estrndup(*val, val_len);
+    Z_TYPE(new_var) = IS_STRING;
+
+    var_len = strlen(var);
+    raw_var = emalloc(var_len+5);  /* RAW_ and a \0 */
+    strcpy(raw_var, "RAW_");
+    strlcat(raw_var,var,var_len+5);
+
+    php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC);
+
+    php_strip_tags(*val, val_len, NULL, NULL, 0);
+
+    *new_val_len = strlen(*val);
+    return 1;
+}
+
+PHP_FUNCTION(my_get_raw)
+{
+    long arg;
+    char *var;
+    int var_len;
+    zval **tmp;
+    zval *array_ptr = NULL;
+    HashTable *hash_ptr;
+    char *raw_var;
+
+    if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
+        return;
+    }
+
+    switch(arg) {
+        case PARSE_GET:
+            array_ptr = IF_G(get_array);
+            break;
+        case PARSE_POST:
+            array_ptr = IF_G(post_array);
+            break;
+        case PARSE_COOKIE:
+            array_ptr = IF_G(post_array);
+            break;
+    }
+
+    if(!array_ptr) RETURN_FALSE;
+
+    /*
+     * I'm changing the variable name here because when running with register_globals on,
+     * the variable will end up in the global symbol table
+     */
+    raw_var = emalloc(var_len+5);  /* RAW_ and a \0 */
+    strcpy(raw_var, "RAW_");
+    strlcat(raw_var,var,var_len+5);
+    hash_ptr = HASH_OF(array_ptr);
+
+    if(zend_hash_find(hash_ptr, raw_var, var_len+5, (void **)&tmp) == SUCCESS) {
+        *return_value = **tmp;
+        zval_copy_ctor(return_value);
+    } else {
+        RETVAL_FALSE;
+    }
+    efree(raw_var);
+}
+
+diff -Nura php-4.4.2/run-tests.php hardening-patch-4.4.2-0.4.15/run-tests.php
+--- php-4.4.2/run-tests.php     2006-01-01 14:46:48.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/run-tests.php  2006-09-05 20:30:33.000000000 +0200
+@@ -152,6 +152,10 @@
+                'error_reporting=2047',
+                'display_errors=1',
+                'log_errors=0',
+                'hphp.executor.include.whitelist=cookietest',
+                'hphp.log.syslog=0',
+                'hphp.log.sapi=0',
+                'hphp.log.script=0',
+                'html_errors=0',
+                'track_errors=1',
+                'report_memleaks=1',
+diff -Nura php-4.4.2/sapi/apache/mod_php4.c hardening-patch-4.4.2-0.4.15/sapi/apache/mod_php4.c
+--- php-4.4.2/sapi/apache/mod_php4.c    2006-01-01 14:47:01.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/sapi/apache/mod_php4.c 2006-09-05 20:30:33.000000000 +0200
+@@ -452,7 +452,7 @@
+        sapi_apache_get_fd,
+        sapi_apache_force_http_10,
+        sapi_apache_get_target_uid,
+-       sapi_apache_get_target_gid
+       sapi_apache_get_target_gid,
+ };
+ /* }}} */
+ 
+@@ -898,7 +898,11 @@
+        {
+                TSRMLS_FETCH();
+                if (PG(expose_php)) {
+#if HARDENING_PATCH
+                       ap_add_version_component("PHP/" PHP_VERSION " with Hardening-Patch");
+#else
+                        ap_add_version_component("PHP/" PHP_VERSION);
+#endif                 
+                }
+        }
+ #endif
+diff -Nura php-4.4.2/sapi/apache2filter/sapi_apache2.c hardening-patch-4.4.2-0.4.15/sapi/apache2filter/sapi_apache2.c
+--- php-4.4.2/sapi/apache2filter/sapi_apache2.c 2006-01-01 14:47:01.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/sapi/apache2filter/sapi_apache2.c      2006-09-05 20:30:33.000000000 +0200
+@@ -562,7 +562,11 @@
+ {
+        TSRMLS_FETCH();
+        if (PG(expose_php)) {
+#if HARDENING_PATCH
+               ap_add_version_component(p, "PHP/" PHP_VERSION " with Hardening-Patch");
+#else
+                ap_add_version_component(p, "PHP/" PHP_VERSION);
+#endif
+        }
+ }
+ 
+diff -Nura php-4.4.2/sapi/apache2handler/sapi_apache2.c hardening-patch-4.4.2-0.4.15/sapi/apache2handler/sapi_apache2.c
+--- php-4.4.2/sapi/apache2handler/sapi_apache2.c        2006-01-01 14:47:01.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/sapi/apache2handler/sapi_apache2.c     2006-09-05 20:30:33.000000000 +0200
+@@ -340,7 +340,11 @@
+ {
+        TSRMLS_FETCH();
+        if (PG(expose_php)) {
+#if HARDENING_PATCH
+               ap_add_version_component(p, "PHP/" PHP_VERSION " with Hardening-Patch");
+#else
+                ap_add_version_component(p, "PHP/" PHP_VERSION);
+#endif
+        }
+ }
+ 
+diff -Nura php-4.4.2/sapi/cgi/cgi_main.c hardening-patch-4.4.2-0.4.15/sapi/cgi/cgi_main.c
+--- php-4.4.2/sapi/cgi/cgi_main.c       2006-01-01 14:47:01.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/sapi/cgi/cgi_main.c    2006-09-05 20:30:33.000000000 +0200
+@@ -1432,11 +1432,19 @@
+                                                        SG(headers_sent) = 1;
+                                                        SG(request_info).no_headers = 1;
+                                                }
+#if HARDENING_PATCH
+#if ZEND_DEBUG
+                                               php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
+                                               php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
+ #if ZEND_DEBUG
+                                                php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2006 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #else
+                                                php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2006 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #endif
+#endif
+                                                php_end_ob_buffers(1 TSRMLS_CC);
+                                                exit(0);
+                                                break;
+diff -Nura php-4.4.2/sapi/cli/php_cli.c hardening-patch-4.4.2-0.4.15/sapi/cli/php_cli.c
+--- php-4.4.2/sapi/cli/php_cli.c        2006-01-01 14:47:01.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/sapi/cli/php_cli.c     2006-09-05 20:30:33.000000000 +0200
+@@ -654,11 +654,19 @@
+                                if (php_request_startup(TSRMLS_C)==FAILURE) {
+                                        goto err;
+                                }
+#if HARDENING_PATCH
+#if ZEND_DEBUG
+                               php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
+                               php_printf("PHP %s with Hardening-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2004 The PHP Group\n%s", PHP_VERSION, HARDENING_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
+ #if ZEND_DEBUG
+                                php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2006 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #else
+                                php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2006 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #endif
+#endif
+                                php_end_ob_buffers(1 TSRMLS_CC);
+                                exit_status=0;
+                                goto out;
+diff -Nura php-4.4.2/TSRM/TSRM.h hardening-patch-4.4.2-0.4.15/TSRM/TSRM.h
+--- php-4.4.2/TSRM/TSRM.h       2005-07-26 15:34:52.000000000 +0200
+++ hardening-patch-4.4.2-0.4.15/TSRM/TSRM.h    2006-09-05 20:30:33.000000000 +0200
+@@ -33,6 +33,13 @@
+ #      define TSRM_API
+ #endif
+ 
+#if HARDENING_PATCH
+# if HAVE_REALPATH
+#  undef realpath
+#  define realpath php_realpath
+# endif
+#endif
+
+ /* Only compile multi-threading functions if we're in ZTS mode */
+ #ifdef ZTS
+ 
+@@ -84,6 +91,7 @@
+ 
+ #define THREAD_HASH_OF(thr,ts)  (unsigned long)thr%(unsigned long)ts
+ 
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff -Nura php-4.4.2/TSRM/tsrm_virtual_cwd.c hardening-patch-4.4.2-0.4.15/TSRM/tsrm_virtual_cwd.c
+--- php-4.4.2/TSRM/tsrm_virtual_cwd.c   2006-01-01 14:46:48.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/TSRM/tsrm_virtual_cwd.c        2006-09-05 20:30:33.000000000 +0200
+@@ -179,6 +179,178 @@
+     return p;
+ }
+ 
+#if HARDENING_PATCH
+CWD_API char *php_realpath(const char *path, char *resolved)
+{
+        struct stat sb;
+        char *p, *q, *s;
+        size_t left_len, resolved_len;
+        unsigned symlinks;
+        int serrno, slen;
+        int is_dir = 1;
+        char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
+
+        serrno = errno;
+        symlinks = 0;
+        if (path[0] == '/') {
+                resolved[0] = '/';
+                resolved[1] = '\0';
+                if (path[1] == '\0')
+                        return (resolved);
+                resolved_len = 1;
+                left_len = strlcpy(left, path + 1, sizeof(left));
+        } else {
+                if (getcwd(resolved, PATH_MAX) == NULL) {
+                        strlcpy(resolved, ".", PATH_MAX);
+                        return (NULL);
+                }
+                resolved_len = strlen(resolved);
+                left_len = strlcpy(left, path, sizeof(left));
+        }
+        if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
+                errno = ENAMETOOLONG;
+                return (NULL);
+        }
+
+        /*
+         * Iterate over path components in `left'.
+         */
+        while (left_len != 0) {
+                /*
+                 * Extract the next path component and adjust `left'
+                 * and its length.
+                 */
+                p = strchr(left, '/');
+                s = p ? p : left + left_len;
+                if (s - left >= sizeof(next_token)) {
+                        errno = ENAMETOOLONG;
+                        return (NULL);
+                }
+                memcpy(next_token, left, s - left);
+                next_token[s - left] = '\0';
+                left_len -= s - left;
+                if (p != NULL)
+                        memmove(left, s + 1, left_len + 1);
+                if (resolved[resolved_len - 1] != '/') {
+                        if (resolved_len + 1 >= PATH_MAX) {
+                                errno = ENAMETOOLONG;
+                                return (NULL);
+                        }
+                        resolved[resolved_len++] = '/';
+                        resolved[resolved_len] = '\0';
+                }
+                if (next_token[0] == '\0')
+                        continue;
+                else if (strcmp(next_token, ".") == 0)
+                        continue;
+                else if (strcmp(next_token, "..") == 0) {
+                        /*
+                         * Strip the last path component except when we have
+                         * single "/"
+                         */
+                        if (!is_dir) {
+                                errno = ENOENT;
+                                return (NULL);
+                        }
+                        if (resolved_len > 1) {
+                                resolved[resolved_len - 1] = '\0';
+                                q = strrchr(resolved, '/');
+                                *q = '\0';
+                                resolved_len = q - resolved;
+                        }
+                        continue;
+                }
+
+                /*
+                 * Append the next path component and lstat() it. If
+                 * lstat() fails we still can return successfully if
+                 * there are no more path components left.
+                 */
+                resolved_len = strlcat(resolved, next_token, PATH_MAX);
+                if (resolved_len >= PATH_MAX) {
+                        errno = ENAMETOOLONG;
+                        return (NULL);
+                }
+                if (lstat(resolved, &sb) != 0) {
+                        if (errno == ENOENT) {
+                               if (p == NULL) {
+                                       errno = serrno;
+                                       return (resolved);
+                               } else 
+                               /* dirty hack to support a vanilla PHP feature */
+                               if (strstr(left, "/.") == NULL && strstr(left, "./") == NULL) {
+                                       resolved_len = strlcat(resolved, "/", PATH_MAX);
+                                       resolved_len = strlcat(resolved, left, PATH_MAX);
+                                       if (resolved_len >= PATH_MAX) {
+                                               errno = ENAMETOOLONG;
+                                               return (NULL);
+                                       }
+                                       errno = serrno;
+                                       return (resolved);
+                               }
+                        }
+                        return (NULL);
+                }
+                if (S_ISLNK(sb.st_mode)) {
+                        if (symlinks++ > MAXSYMLINKS) {
+                                errno = ELOOP;
+                                return (NULL);
+                        }
+                        slen = readlink(resolved, symlink, sizeof(symlink) - 1);
+                        if (slen < 0)
+                                return (NULL);
+                        symlink[slen] = '\0';
+                        if (symlink[0] == '/') {
+                                resolved[1] = 0;
+                                resolved_len = 1;
+                        } else if (resolved_len > 1) {
+                                /* Strip the last path component. */
+                                resolved[resolved_len - 1] = '\0';
+                                q = strrchr(resolved, '/');
+                                *q = '\0';
+                                resolved_len = q - resolved;
+                        }
+
+                        /*
+                         * If there are any path components left, then
+                         * append them to symlink. The result is placed
+                         * in `left'.
+                         */
+                        if (p != NULL) {
+                                if (symlink[slen - 1] != '/') {
+                                        if (slen + 1 >= sizeof(symlink)) {
+                                                errno = ENAMETOOLONG;
+                                                return (NULL);
+                                        }
+                                        symlink[slen] = '/';
+                                        symlink[slen + 1] = 0;
+                                }
+                                left_len = strlcat(symlink, left, sizeof(left));
+                                if (left_len >= sizeof(left)) {
+                                        errno = ENAMETOOLONG;
+                                        return (NULL);
+                                }
+                        }
+                        left_len = strlcpy(left, symlink, sizeof(left));
+                } else {
+                       if (S_ISDIR(sb.st_mode)) {
+                               is_dir = 1;
+                       } else {
+                               is_dir = 0;
+                       }
+               }
+        }
+
+        /*
+         * Remove trailing slash except when the resolved pathname
+         * is a single "/".
+         */
+        if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
+                resolved[resolved_len - 1] = '\0';
+        return (resolved);
+}
+#endif
+
+ CWD_API void virtual_cwd_startup(void)
+ {
+        char cwd[MAXPATHLEN];
+@@ -300,8 +472,11 @@
+ 
+        if (path_length == 0) 
+                return (0);
+-       if (path_length >= MAXPATHLEN)
+       if (path_length >= MAXPATHLEN) {
+                state->cwd[0] = 0;
+                state->cwd_length = 0;
+                return (1);
+        }
+ 
+ #if !defined(TSRM_WIN32) && !defined(NETWARE)
+        /* cwd_length can be 0 when getcwd() fails.
+@@ -313,8 +488,9 @@
+                                path = resolved_path;
+                                path_length = strlen(path);
+                        } else {
+-                               /* disable for now
+-                               return 1; */
+                                state->cwd[0] = 0;
+                                state->cwd_length = 0;
+                               return 1;
+                        }
+                }
+        } else { /* Concat current directory with relative path and then run realpath() on it */
+@@ -323,6 +499,8 @@
+ 
+                ptr = tmp = (char *) malloc(state->cwd_length+path_length+sizeof("/"));
+                if (!tmp) {
+                        state->cwd[0] = 0;
+                        state->cwd_length = 0;
+                        return 1;
+                }
+                memcpy(ptr, state->cwd, state->cwd_length);
+@@ -332,6 +510,8 @@
+                ptr += path_length;
+                *ptr = '\0';
+                if (strlen(tmp) >= MAXPATHLEN) {
+                        state->cwd[0] = 0;
+                        state->cwd_length = 0;
+                        free(tmp);
+                        return 1;
+                }
+@@ -340,9 +520,10 @@
+                                path = resolved_path;
+                                path_length = strlen(path);
+                        } else {
+-                               /* disable for now
+                                state->cwd[0] = 0;
+                                state->cwd_length = 0;
+                                free(tmp);
+-                               return 1; */
+                               return 1;
+                        }
+                }
+                free(tmp);
+diff -Nura php-4.4.2/TSRM/tsrm_virtual_cwd.h hardening-patch-4.4.2-0.4.15/TSRM/tsrm_virtual_cwd.h
+--- php-4.4.2/TSRM/tsrm_virtual_cwd.h   2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/TSRM/tsrm_virtual_cwd.h        2006-09-05 20:30:33.000000000 +0200
+@@ -128,6 +128,22 @@
+ 
+ typedef int (*verify_path_func)(const cwd_state *);
+ 
+#ifndef HAVE_STRLCPY
+CWD_API size_t php_strlcpy(char *dst, const char *src, size_t siz);
+#undef strlcpy
+#define strlcpy php_strlcpy
+#endif
+
+#ifndef HAVE_STRLCAT
+CWD_API size_t php_strlcat(char *dst, const char *src, size_t siz);
+#undef strlcat
+#define strlcat php_strlcat
+#endif
+
+
+#if HARDENING_PATCH
+CWD_API char *php_realpath(const char *path, char *resolved);
+#endif
+ CWD_API void virtual_cwd_startup(void);
+ CWD_API void virtual_cwd_shutdown(void);
+ CWD_API char *virtual_getcwd_ex(size_t *length TSRMLS_DC);
+diff -Nura php-4.4.2/Zend/zend_alloc.c hardening-patch-4.4.2-0.4.15/Zend/zend_alloc.c
+--- php-4.4.2/Zend/zend_alloc.c 2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_alloc.c      2006-09-05 20:30:33.000000000 +0200
+@@ -56,6 +56,11 @@
+ # define END_MAGIC_SIZE 0
+ #endif
+ 
+#if HARDENING_PATCH_MM_PROTECT
+# define CANARY_SIZE sizeof(unsigned int)
+#else
+# define CANARY_SIZE 0
+#endif
+ 
+ # if MEMORY_LIMIT
+ #  if ZEND_DEBUG
+@@ -64,7 +69,15 @@
+ #define CHECK_MEMORY_LIMIT(s, rs)      _CHECK_MEMORY_LIMIT(s, rs, NULL, 0)
+ #  endif
+ 
+-#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { AG(allocated_memory) += rs;\
+#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { if ((ssize_t)(rs) > (ssize_t)(INT_MAX - AG(allocated_memory))) { \
+                                                                       if (file) { \
+                                                                               fprintf(stderr, "Integer overflow in memory_limit check detected at %s:%d\n", file, lineno); \
+                                                                       } else { \
+                                                                               fprintf(stderr, "Integer overflow in memory_limit check detected\n"); \
+                                                                       } \
+                                                                       exit(1); \
+                                                               } \
+                                                               AG(allocated_memory) += rs;\
+                                                                if (AG(memory_limit)<AG(allocated_memory)) {\
+                                                                        int php_mem_limit = AG(memory_limit); \
+                                                                        AG(allocated_memory) -= rs; \
+@@ -96,9 +109,17 @@
+        if (p==AG(head)) {                                                      \
+                AG(head) = p->pNext;                                    \
+        } else {                                                                        \
+               if (p != p->pLast->pNext) {                             \
+                       zend_security_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected"); \
+                       exit(1);                                                        \
+               }                                                                               \
+                p->pLast->pNext = p->pNext;                             \
+        }                                                                                       \
+        if (p->pNext) {                                                         \
+               if (p != p->pNext->pLast) {                             \
+                       zend_security_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected"); \
+                       exit(1);                                                        \
+               }                                                                               \
+                p->pNext->pLast = p->pLast;                             \
+        }
+ 
+@@ -111,7 +132,7 @@
+        p->pLast = (zend_mem_header *) NULL;
+ 
+ #define DECLARE_CACHE_VARS()   \
+-       unsigned int real_size;         \
+       size_t real_size;               \
+        unsigned int cache_index
+ 
+ #define REAL_SIZE(size) ((size+7) & ~0x7)
+@@ -126,12 +147,22 @@
+ 
+ ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+ {
+-       zend_mem_header *p;
+       zend_mem_header *p = NULL;
+        DECLARE_CACHE_VARS();
+        TSRMLS_FETCH();
+ 
+#if HARDENING_PATCH_MM_PROTECT
+       if (size > LONG_MAX - sizeof(zend_mem_header) - MEM_HEADER_PADDING - END_MAGIC_SIZE - CANARY_SIZE) {
+               zend_security_log(S_MEMORY, "emalloc() - requested size would result in integer overflow");
+               exit(1);
+       }
+#endif
+        CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size);
+ 
+       if (size > INT_MAX || SIZE < size) {
+               goto emalloc_error;
+       }
+
+        if (!ZEND_DISABLE_MEMORY_CACHE && (CACHE_INDEX < MAX_CACHED_MEMORY) && (AG(cache_count)[CACHE_INDEX] > 0)) {
+                p = AG(cache)[CACHE_INDEX][--AG(cache_count)[CACHE_INDEX]];
+ #if ZEND_DEBUG
+@@ -147,6 +178,10 @@
+                AG(cache_stats)[CACHE_INDEX][1]++;
+                memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size), &mem_block_end_magic, sizeof(long));
+ #endif
+#if HARDENING_PATCH_MM_PROTECT
+               p->canary = HG(canary_1);
+               memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size + END_MAGIC_SIZE), &HG(canary_2), CANARY_SIZE);
+#endif
+                p->cached = 0;
+                p->size = size;
+                return (void *)((char *)p + sizeof(zend_mem_header) + MEM_HEADER_PADDING);
+@@ -162,9 +197,11 @@
+                        AG(allocated_memory_peak) = AG(allocated_memory);
+                }
+ #endif
+-               p  = (zend_mem_header *) ZEND_DO_MALLOC(sizeof(zend_mem_header) + MEM_HEADER_PADDING + SIZE + END_MAGIC_SIZE);
+               p  = (zend_mem_header *) ZEND_DO_MALLOC(sizeof(zend_mem_header) + MEM_HEADER_PADDING + SIZE + END_MAGIC_SIZE + CANARY_SIZE);
+        }
+ 
+emalloc_error:
+
+        HANDLE_BLOCK_INTERRUPTIONS();
+ 
+        if (!p) {
+@@ -192,7 +229,10 @@
+ # endif
+        memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size), &mem_block_end_magic, sizeof(long));
+ #endif
+-
+#if HARDENING_PATCH_MM_PROTECT
+       p->canary = HG(canary_1);
+       memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size + END_MAGIC_SIZE), &HG(canary_2), CANARY_SIZE);
+#endif
+        HANDLE_UNBLOCK_INTERRUPTIONS();
+        return (void *)((char *)p + sizeof(zend_mem_header) + MEM_HEADER_PADDING);
+ }
+@@ -219,17 +259,36 @@
+                        return emalloc_rel(lval + offset);
+                }
+        }
+-
+       
+#if HARDENING_PATCH
+       zend_security_log(S_MEMORY, "Possible integer overflow catched by safe_emalloc()");
+#endif
+        zend_error(E_ERROR, "Possible integer overflow in memory allocation (%ld * %ld + %ld)", nmemb, size, offset);
+        return 0;
+ }
+ 
+ ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+ {
+#if HARDENING_PATCH_MM_PROTECT
+       unsigned int canary_2;
+#endif
+        zend_mem_header *p = (zend_mem_header *) ((char *)ptr - sizeof(zend_mem_header) - MEM_HEADER_PADDING);
+        DECLARE_CACHE_VARS();
+        TSRMLS_FETCH();
+ 
+#if HARDENING_PATCH_MM_PROTECT
+       if (p->canary != HG(canary_1)) goto efree_canary_mismatch;
+       memcpy(&canary_2, (((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + p->size + END_MAGIC_SIZE), CANARY_SIZE);
+       if (canary_2 != HG(canary_2)) {
+efree_canary_mismatch:
+               zend_security_log(S_MEMORY, "canary mismatch on efree() - heap overflow or double efree detected");
+               exit(1);
+       }
+       /* to catch double efree()s */
+       memset((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + p->size + END_MAGIC_SIZE), 0, CANARY_SIZE);
+       p->canary = 0;
+#endif
+
+ #if defined(ZTS) && TSRM_DEBUG
+        if (p->thread_id != tsrm_thread_id()) {
+                tsrm_error(TSRM_ERROR_LEVEL_ERROR, "Memory block allocated at %s:(%d) on thread %x freed at %s:(%d) on thread %x, ignoring",
+@@ -274,6 +333,9 @@
+        size_t _size = nmemb * size;
+     
+        if (nmemb && (_size/nmemb!=size)) {
+#if HARDENING_PATCH
+               zend_security_log(S_MEMORY, "Possible integer overflow catched by ecalloc()");
+#endif
+                fprintf(stderr,"FATAL:  ecalloc():  Unable to allocate %ld * %ld bytes\n", (long) nmemb, (long) size);
+ #if ZEND_DEBUG && HAVE_KILL && HAVE_GETPID
+                kill(getpid(), SIGSEGV);
+@@ -293,6 +355,9 @@
+ 
+ ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+ {
+#if HARDENING_PATCH_MM_PROTECT
+       unsigned int canary_2;
+#endif
+        zend_mem_header *p;
+        zend_mem_header *orig;
+        DECLARE_CACHE_VARS();
+@@ -304,6 +369,16 @@
+ 
+        p = orig = (zend_mem_header *) ((char *)ptr-sizeof(zend_mem_header)-MEM_HEADER_PADDING);
+ 
+#if HARDENING_PATCH_MM_PROTECT
+       if (p->canary != HG(canary_1)) goto erealloc_canary_mismatch;
+       memcpy(&canary_2, (((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + p->size + END_MAGIC_SIZE), CANARY_SIZE);
+       if (canary_2 != HG(canary_2)) {
+erealloc_canary_mismatch:
+               zend_security_log(S_MEMORY, "canary mismatch on erealloc() - heap overflow detected");
+               exit(1);
+       }
+#endif
+
+ #if defined(ZTS) && TSRM_DEBUG
+        if (p->thread_id != tsrm_thread_id()) {
+                void *new_p;
+@@ -320,6 +395,13 @@
+        CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size);
+ 
+        HANDLE_BLOCK_INTERRUPTIONS();
+
+       if (size > INT_MAX || SIZE < size) {
+               REMOVE_POINTER_FROM_LIST(p);
+               p = NULL;
+               goto erealloc_error;
+       }
+
+ #if MEMORY_LIMIT
+        CHECK_MEMORY_LIMIT(size - p->size, SIZE - REAL_SIZE(p->size));
+        if (AG(allocated_memory) > AG(allocated_memory_peak)) {
+@@ -327,7 +409,8 @@
+        }
+ #endif
+        REMOVE_POINTER_FROM_LIST(p);
+-       p = (zend_mem_header *) ZEND_DO_REALLOC(p, sizeof(zend_mem_header)+MEM_HEADER_PADDING+SIZE+END_MAGIC_SIZE);
+       p = (zend_mem_header *) ZEND_DO_REALLOC(p, sizeof(zend_mem_header)+MEM_HEADER_PADDING+SIZE+END_MAGIC_SIZE+CANARY_SIZE);
+erealloc_error:
+        if (!p) {
+                if (!allow_failure) {
+                        fprintf(stderr,"FATAL:  erealloc():  Unable to allocate %ld bytes\n", (long) size);
+@@ -349,6 +432,9 @@
+        memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size), &mem_block_end_magic, sizeof(long));
+ #endif 
+ 
+#if HARDENING_PATCH_MM_PROTECT
+       memcpy((((char *) p) + sizeof(zend_mem_header) + MEM_HEADER_PADDING + size + END_MAGIC_SIZE), &HG(canary_2), CANARY_SIZE);
+#endif
+        p->size = size;
+ 
+        HANDLE_UNBLOCK_INTERRUPTIONS();
+@@ -423,6 +509,10 @@
+ {
+        AG(head) = NULL;
+        
+#if HARDENING_PATCH_MM_PROTECT
+       HG(canary_1) = zend_canary();
+       HG(canary_2) = zend_canary();
+#endif
+ #if MEMORY_LIMIT
+        AG(memory_limit) = 1<<30;               /* ridiculous limit, effectively no limit */
+        AG(allocated_memory) = 0;
+diff -Nura php-4.4.2/Zend/zend_alloc.h hardening-patch-4.4.2-0.4.15/Zend/zend_alloc.h
+--- php-4.4.2/Zend/zend_alloc.h 2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_alloc.h      2006-09-05 20:30:33.000000000 +0200
+@@ -32,6 +32,9 @@
+ #define MEM_BLOCK_CACHED_MAGIC 0xFB8277DCL
+ 
+ typedef struct _zend_mem_header {
+#if HARDENING_PATCH_MM_PROTECT
+       unsigned int canary;
+#endif
+ #if ZEND_DEBUG
+        long magic;
+        char *filename;
+diff -Nura php-4.4.2/Zend/zend_builtin_functions.c hardening-patch-4.4.2-0.4.15/Zend/zend_builtin_functions.c
+--- php-4.4.2/Zend/zend_builtin_functions.c     2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_builtin_functions.c  2006-09-05 20:30:33.000000000 +0200
+@@ -49,6 +49,9 @@
+ static ZEND_FUNCTION(crash);
+ #endif
+ #endif
+#if HARDENING_PATCH_MM_PROTECT_DEBUG
+static ZEND_FUNCTION(heap_overflow);
+#endif
+ static ZEND_FUNCTION(get_included_files);
+ static ZEND_FUNCTION(is_subclass_of);
+ static ZEND_FUNCTION(is_a);
+@@ -101,6 +104,9 @@
+        ZEND_FE(crash,                          NULL)
+ #endif
+ #endif
+#if HARDENING_PATCH_MM_PROTECT_DEBUG
+       ZEND_FE(heap_overflow,                  NULL)
+#endif
+        ZEND_FE(get_included_files,     NULL)
+        ZEND_FALIAS(get_required_files, get_included_files,             NULL)
+        ZEND_FE(is_subclass_of,         NULL)
+@@ -805,6 +811,19 @@
+ 
+ #endif /* ZEND_DEBUG */
+ 
+
+#if HARDENING_PATCH_MM_PROTECT_DEBUG
+ZEND_FUNCTION(heap_overflow)
+{
+       char *nowhere = emalloc(10);
+
+       memcpy(nowhere, "something1234567890", sizeof("something1234567890"));
+       
+       efree(nowhere);
+}
+#endif
+
+
+ /* {{{ proto array get_included_files(void)
+    Returns an array with the file names that were include_once()'d */
+ ZEND_FUNCTION(get_included_files)
+diff -Nura php-4.4.2/Zend/zend.c hardening-patch-4.4.2-0.4.15/Zend/zend.c
+--- php-4.4.2/Zend/zend.c       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend.c    2006-09-05 20:30:33.000000000 +0200
+@@ -53,6 +53,12 @@
+ ZEND_API void (*zend_unblock_interruptions)(void);
+ ZEND_API void (*zend_ticks_function)(int ticks);
+ ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+#if HARDENING_PATCH
+ZEND_API void (*zend_security_log)(int loglevel, char *fmt, ...);
+#endif
+#if HARDENING_PATCH_INC_PROTECT
+ZEND_API int (*zend_is_valid_include)(zval *z);
+#endif
+ 
+ void (*zend_on_timeout)(int seconds TSRMLS_DC);
+ 
+@@ -70,9 +76,391 @@
+        return SUCCESS;
+ }
+ 
+#if HARDENING_PATCH
+static ZEND_INI_MH(OnUpdateHPHP_log_syslog)
+{
+       if (!new_value) {
+               EG(hphp_log_syslog) = S_ALL & ~S_SQL | S_MEMORY | S_INTERNAL;
+       } else {
+               EG(hphp_log_syslog) = atoi(new_value) | S_MEMORY | S_INTERNAL;
+       }
+       return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_syslog_facility)
+{
+       if (!new_value) {
+               EG(hphp_log_syslog_facility) = LOG_USER;
+       } else {
+               EG(hphp_log_syslog_facility) = atoi(new_value);
+       }
+       return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_syslog_priority)
+{
+       if (!new_value) {
+               EG(hphp_log_syslog_priority) = LOG_ALERT;
+       } else {
+               EG(hphp_log_syslog_priority) = atoi(new_value);
+       }
+       return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_sapi)
+{
+       if (!new_value) {
+               EG(hphp_log_sapi) = S_ALL & ~S_SQL | S_INTERNAL;
+       } else {
+               EG(hphp_log_sapi) = atoi(new_value) | S_INTERNAL;
+       }
+       return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_script)
+{
+       if (!new_value) {
+               EG(hphp_log_script) = S_ALL & (~S_MEMORY) & (~S_INTERNAL);
+       } else {
+               EG(hphp_log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
+       }
+       return SUCCESS;
+}
+static ZEND_INI_MH(OnUpdateHPHP_log_scriptname)
+{
+       if (EG(hphp_log_scriptname)) {
+               pefree(EG(hphp_log_scriptname),1);
+       }
+        EG(hphp_log_scriptname) = NULL;
+       if (new_value) {
+               EG(hphp_log_scriptname) = pestrdup(new_value,1);
+       }
+       return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_include_whitelist)
+{
+       char *s = NULL, *e, *val;
+       unsigned long dummy = 1;
+
+       if (!new_value) {
+include_whitelist_destroy:
+               if (HG(include_whitelist)) {
+                       zend_hash_destroy(HG(include_whitelist));
+                       pefree(HG(include_whitelist),1);
+               }
+               HG(include_whitelist) = NULL;
+               return SUCCESS;
+       }
+       if (!(*new_value)) {
+               goto include_whitelist_destroy;
+       }
+       
+       HG(include_whitelist) = pemalloc(sizeof(HashTable), 1);
+       zend_hash_init(HG(include_whitelist), 5, NULL, NULL, 1);
+       
+       val = zend_str_tolower_dup(new_value, strlen(new_value));
+       e = val;
+
+       while (*e) {
+               switch (*e) {
+                       case ' ':
+                       case ',':
+                               if (s) {
+                                       *e = '\0';
+                                       zend_hash_add(HG(include_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+                                       s = NULL;
+                               }
+                               break;
+                       default:
+                               if (!s) {
+                                       s = e;
+                               }
+                               break;
+               }
+               e++;
+       }
+       if (s) {
+               zend_hash_add(HG(include_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+       }
+       efree(val);
+       
+       return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_include_blacklist)
+{
+       char *s = NULL, *e, *val;
+       unsigned long dummy = 1;
+
+       if (!new_value) {
+include_blacklist_destroy:
+               if (HG(include_blacklist)) {
+                       zend_hash_destroy(HG(include_blacklist));
+                       pefree(HG(include_blacklist),1);
+               }
+               HG(include_blacklist) = NULL;
+               return SUCCESS;
+       }
+       if (!(*new_value)) {
+               goto include_blacklist_destroy;
+       }
+       
+       HG(include_blacklist) = pemalloc(sizeof(HashTable), 1);
+       zend_hash_init(HG(include_blacklist), 5, NULL, NULL, 1);
+       
+       val = zend_str_tolower_dup(new_value, strlen(new_value));
+       e = val;
+
+       while (*e) {
+               switch (*e) {
+                       case ' ':
+                       case ',':
+                               if (s) {
+                                       *e = '\0';
+                                       zend_hash_add(HG(include_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+                                       s = NULL;
+                               }
+                               break;
+                       default:
+                               if (!s) {
+                                       s = e;
+                               }
+                               break;
+               }
+               e++;
+       }
+       if (s) {
+               zend_hash_add(HG(include_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+       }
+       efree(val);
+       
+       return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_eval_whitelist)
+{
+       char *s = NULL, *e, *val;
+       unsigned long dummy = 1;
+
+       if (!new_value) {
+eval_whitelist_destroy:
+               if (HG(eval_whitelist)) {
+                       zend_hash_destroy(HG(eval_whitelist));
+                       pefree(HG(eval_whitelist),1);
+               }
+               HG(eval_whitelist) = NULL;
+               return SUCCESS;
+       }
+       if (!(*new_value)) {
+               goto eval_whitelist_destroy;
+       }
+       
+       HG(eval_whitelist) = pemalloc(sizeof(HashTable), 1);
+       zend_hash_init(HG(eval_whitelist), 5, NULL, NULL, 1);
+       
+       val = zend_str_tolower_dup(new_value, strlen(new_value));
+       e = val;
+
+       while (*e) {
+               switch (*e) {
+                       case ' ':
+                       case ',':
+                               if (s) {
+                                       *e = '\0';
+                                       zend_hash_add(HG(eval_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+                                       s = NULL;
+                               }
+                               break;
+                       default:
+                               if (!s) {
+                                       s = e;
+                               }
+                               break;
+               }
+               e++;
+       }
+       if (s) {
+               zend_hash_add(HG(eval_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+       }
+       efree(val);
+       
+       return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_eval_blacklist)
+{
+       char *s = NULL, *e, *val;
+       unsigned long dummy = 1;
+
+       if (!new_value) {
+eval_blacklist_destroy:
+               if (HG(eval_blacklist)) {
+                       zend_hash_destroy(HG(eval_blacklist));
+                       pefree(HG(eval_blacklist), 1);
+               }
+               HG(eval_blacklist) = NULL;
+               return SUCCESS;
+       }
+       if (!(*new_value)) {
+               goto eval_blacklist_destroy;
+       }
+       
+       HG(eval_blacklist) = pemalloc(sizeof(HashTable), 1);
+       zend_hash_init(HG(eval_blacklist), 5, NULL, NULL, 1);
+       
+       val = zend_str_tolower_dup(new_value, strlen(new_value));
+       e = val;
+
+       while (*e) {
+               switch (*e) {
+                       case ' ':
+                       case ',':
+                               if (s) {
+                                       *e = '\0';
+                                       zend_hash_add(HG(eval_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+                                       s = NULL;
+                               }
+                               break;
+                       default:
+                               if (!s) {
+                                       s = e;
+                               }
+                               break;
+               }
+               e++;
+       }
+       if (s) {
+               zend_hash_add(HG(eval_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+       }
+       efree(val);
+       
+       
+       return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_func_whitelist)
+{
+       char *s = NULL, *e, *val;
+       unsigned long dummy = 1;
+
+       if (!new_value) {
+func_whitelist_destroy:
+               if (HG(func_whitelist)) {
+                       zend_hash_destroy(HG(func_whitelist));
+                       pefree(HG(func_whitelist),1);
+               }
+               HG(func_whitelist) = NULL;
+               return SUCCESS;
+       }
+       if (!(*new_value)) {
+               goto func_whitelist_destroy;
+       }
+       
+       HG(func_whitelist) = pemalloc(sizeof(HashTable), 1);
+       zend_hash_init(HG(func_whitelist), 5, NULL, NULL, 1);
+       
+       val = zend_str_tolower_dup(new_value, strlen(new_value));
+       e = val;
+
+       while (*e) {
+               switch (*e) {
+                       case ' ':
+                       case ',':
+                               if (s) {
+                                       *e = '\0';
+                                       zend_hash_add(HG(func_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+                                       s = NULL;
+                               }
+                               break;
+                       default:
+                               if (!s) {
+                                       s = e;
+                               }
+                               break;
+               }
+               e++;
+       }
+       if (s) {
+               zend_hash_add(HG(func_whitelist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+       }
+       efree(val);
+       
+       return SUCCESS;
+}
+
+static ZEND_INI_MH(OnUpdateHPHP_func_blacklist)
+{
+       char *s = NULL, *e, *val;
+       unsigned long dummy = 1;
+
+       if (!new_value) {
+func_blacklist_destroy:
+               if (HG(func_blacklist)) {
+                       zend_hash_destroy(HG(func_blacklist));
+                       pefree(HG(func_blacklist),1);
+               }
+               HG(func_blacklist) = NULL;
+               return SUCCESS;
+       }
+       if (!(*new_value)) {
+               goto func_blacklist_destroy;
+       }
+       
+       HG(func_blacklist) = pemalloc(sizeof(HashTable), 1);
+       zend_hash_init(HG(func_blacklist), 5, NULL, NULL, 1);
+       
+       val = zend_str_tolower_dup(new_value, strlen(new_value));
+       e = val;
+
+       while (*e) {
+               switch (*e) {
+                       case ' ':
+                       case ',':
+                               if (s) {
+                                       *e = '\0';
+                                       zend_hash_add(HG(func_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+                                       s = NULL;
+                               }
+                               break;
+                       default:
+                               if (!s) {
+                                       s = e;
+                               }
+                               break;
+               }
+               e++;
+       }
+       if (s) {
+               zend_hash_add(HG(func_blacklist), s, e-s+1, &dummy, sizeof(unsigned long), NULL);
+       }
+       efree(val);
+       
+       
+       return SUCCESS;
+}
+
+#endif
+ 
+ ZEND_INI_BEGIN()
+        ZEND_INI_ENTRY("error_reporting",                       NULL,           ZEND_INI_ALL,           OnUpdateErrorReporting)
+#if HARDENING_PATCH
+       ZEND_INI_ENTRY("hphp.log.syslog",                       NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_log_syslog)
+       ZEND_INI_ENTRY("hphp.log.syslog.facility",              NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_log_syslog_facility)
+       ZEND_INI_ENTRY("hphp.log.syslog.priority",              NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_log_syslog_priority)
+       ZEND_INI_ENTRY("hphp.log.sapi",                         NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_log_sapi)
+       ZEND_INI_ENTRY("hphp.log.script",                       NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_log_script)
+       ZEND_INI_ENTRY("hphp.log.script.name",                  NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_log_scriptname)
+       STD_ZEND_INI_BOOLEAN("hphp.log.use-x-forwarded-for",    "0",            ZEND_INI_SYSTEM,        OnUpdateBool, hphp_log_use_x_forwarded_for,     zend_executor_globals,  executor_globals)
+
+       ZEND_INI_ENTRY("hphp.executor.include.whitelist",       NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_include_whitelist)
+       ZEND_INI_ENTRY("hphp.executor.include.blacklist",       NULL,           ZEND_INI_SYSTEM,        OnUpdateHPHP_include_blacklist)
+       ZEND_INI_ENTRY("hphp.executor.eval.whitelist",  NULL,           ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateHPHP_eval_whitelist)
+       ZEND_INI_ENTRY("hphp.executor.eval.blacklist",  NULL,           ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateHPHP_eval_blacklist)
+       ZEND_INI_ENTRY("hphp.executor.func.whitelist",  NULL,           ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateHPHP_func_whitelist)
+       ZEND_INI_ENTRY("hphp.executor.func.blacklist",  NULL,           ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateHPHP_func_blacklist)
+
+       STD_ZEND_INI_ENTRY("hphp.executor.max_depth",           "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateLong, hphp_executor_max_depth, zend_executor_globals, executor_globals)
+       STD_ZEND_INI_BOOLEAN("hphp.sql.bailout_on_error",       "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateBool, hphp_sql_bailout_on_error,        hardened_globals_struct,        hardened_globals)
+       STD_ZEND_INI_BOOLEAN("hphp.multiheader",                "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateBool, hphp_multiheader, hardened_globals_struct,        hardened_globals)
+       STD_ZEND_INI_ENTRY("hphp.mail.protect",         "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateLong, hphp_mailprotect, hardened_globals_struct,        hardened_globals)
+#endif
+ ZEND_INI_END()
+ 
+ 
+@@ -354,8 +742,12 @@
+        zend_init_rsrc_plist(TSRMLS_C);
+        EG(lambda_count)=0;
+        EG(user_error_handler) = NULL;
+       EG(in_code_type) = 0;
+        EG(in_execution) = 0;
+        EG(current_execute_data) = NULL;
+#if HARDENING_PATCH
+        EG(hphp_log_scriptname) = NULL;
+#endif
+ }
+ 
+ 
+@@ -420,6 +812,14 @@
+        extern zend_scanner_globals language_scanner_globals;
+ #endif
+ 
+       /* Set up Hardening-Patch utility functions first */
+#if HARDENING_PATCH
+       zend_security_log = utility_functions->security_log_function;
+#endif
+#if HARDENING_PATCH_INC_PROTECT
+       zend_is_valid_include = utility_functions->is_valid_include;
+#endif
+
+ #ifdef ZTS
+        ts_allocate_id(&alloc_globals_id, sizeof(zend_alloc_globals), (ts_allocate_ctor) alloc_globals_ctor, (ts_allocate_dtor) alloc_globals_dtor);
+ #else
+@@ -619,6 +1019,7 @@
+        }
+        CG(unclean_shutdown) = 1;
+        CG(in_compilation) = EG(in_execution) = 0;
+       EG(in_code_type) = 0;
+        EG(current_execute_data) = NULL;
+        longjmp(EG(bailout), FAILURE);
+ }
+diff -Nura php-4.4.2/Zend/zend_canary.c hardening-patch-4.4.2-0.4.15/Zend/zend_canary.c
+--- php-4.4.2/Zend/zend_canary.c        1970-01-01 01:00:00.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_canary.c     2006-09-05 20:30:33.000000000 +0200
+@@ -0,0 +1,58 @@
+/*
+   +----------------------------------------------------------------------+
+   | Hardening-Patch for PHP                                              |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2004-2005 Stefan Esser                                 |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 2.02 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available at through the world-wide-web at                           |
+   | http://www.php.net/license/2_02.txt.                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser <sesser@hardened-php.net>                       |
+   +----------------------------------------------------------------------+
+ */
+/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */
+
+#include "zend.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT
+
+/* will be replaced later with more compatible method */
+ZEND_API unsigned int zend_canary()
+{
+       time_t t;
+       unsigned int canary;
+       int fd;
+       
+       fd = open("/dev/urandom", 0);
+       if (fd != -1) {
+               int r = read(fd, &canary, sizeof(canary));
+               close(fd);
+               if (r == sizeof(canary)) {
+                       return (canary);
+               }
+       }
+       /* not good but we never want to do this */
+       time(&t);
+       canary = *(unsigned int *)&t + getpid() << 16;
+       return (canary);
+}
+#endif
+
+
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: sw=4 ts=4 fdm=marker
+ * vim<600: sw=4 ts=4
+ */
+diff -Nura php-4.4.2/Zend/zend_compile.c hardening-patch-4.4.2-0.4.15/Zend/zend_compile.c
+--- php-4.4.2/Zend/zend_compile.c       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_compile.c    2006-09-05 20:30:33.000000000 +0200
+@@ -768,6 +768,13 @@
+        op_array.function_name = name;
+        op_array.arg_types = NULL;
+        op_array.return_reference = return_reference;
+#if HARDENING_PATCH
+       if (EG(in_code_type)==ZEND_EVAL_CODE) {
+               op_array.created_by_eval = 1;
+       } else {
+               op_array.created_by_eval = 0;
+       }
+#endif
+ 
+        if (is_method) {
+                if (zend_hash_add(&CG(active_class_entry)->function_table, name, name_len+1, &op_array, sizeof(zend_op_array), (void **) &CG(active_op_array)) == FAILURE) {
+diff -Nura php-4.4.2/Zend/zend_compile.h hardening-patch-4.4.2-0.4.15/Zend/zend_compile.h
+--- php-4.4.2/Zend/zend_compile.h       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_compile.h    2006-09-05 20:30:33.000000000 +0200
+@@ -106,6 +106,9 @@
+        char *filename;
+ 
+        void *reserved[ZEND_MAX_RESERVED_RESOURCES];
+#if HARDENING_PATCH
+       zend_bool created_by_eval;
+#endif 
+ };
+ 
+ 
+@@ -549,6 +552,7 @@
+ #define ZEND_USER_FUNCTION                     2
+ #define ZEND_OVERLOADED_FUNCTION       3
+ #define        ZEND_EVAL_CODE                          4
+#define ZEND_SANDBOX_CODE                      6
+ 
+ #define ZEND_INTERNAL_CLASS            1
+ #define ZEND_USER_CLASS                        2
+diff -Nura php-4.4.2/Zend/zend_constants.c hardening-patch-4.4.2-0.4.15/Zend/zend_constants.c
+--- php-4.4.2/Zend/zend_constants.c     2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_constants.c  2006-09-05 20:30:33.000000000 +0200
+@@ -111,6 +111,74 @@
+        REGISTER_MAIN_LONG_CONSTANT("E_USER_NOTICE", E_USER_NOTICE, CONST_PERSISTENT | CONST_CS);
+ 
+        REGISTER_MAIN_LONG_CONSTANT("E_ALL", E_ALL, CONST_PERSISTENT | CONST_CS);
+#if HARDENING_PATCH
+       REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
+       REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
+
+       /* error levels */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); 
+       REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT);
+       /* facility: type of program logging the message */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT);
+#ifdef LOG_NEWS
+       /* No LOG_NEWS on HP-UX */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */
+#endif
+#ifdef LOG_UUCP
+       /* No LOG_UUCP on HP-UX */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_CRON
+       /* apparently some systems don't have this one */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_AUTHPRIV
+       /* AIX doesn't have LOG_AUTHPRIV */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT);
+#endif
+#if !defined(PHP_WIN32) && !defined(NETWARE)
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT);
+#endif
+       /* options */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT);
+#ifdef LOG_NOWAIT
+       REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT);
+#endif
+#ifdef LOG_PERROR
+       /* AIX doesn't have LOG_PERROR */
+       REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
+#endif
+#endif
+ 
+        /* true/false constants */
+        {
+diff -Nura php-4.4.2/Zend/zend_errors.h hardening-patch-4.4.2-0.4.15/Zend/zend_errors.h
+--- php-4.4.2/Zend/zend_errors.h        2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_errors.h     2006-09-05 20:30:33.000000000 +0200
+@@ -36,5 +36,18 @@
+ #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE)
+ #define E_CORE (E_CORE_ERROR | E_CORE_WARNING)
+ 
+#if HARDENING_PATCH
+#define S_MEMORY                       (1<<0L)
+#define S_VARS                         (1<<1L)
+#define S_FILES                                (1<<2L)
+#define S_INCLUDE                      (1<<3L)
+#define S_SQL                          (1<<4L)
+#define S_EXECUTOR                     (1<<5L)
+#define S_MAIL                         (1<<6L)
+#define S_MISC                         (1<<30L)
+#define S_INTERNAL                     (1<<29L)
+#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_MISC | S_SQL | S_EXECUTOR)
+#endif
+
+ #endif /* ZEND_ERRORS_H */
+ 
+diff -Nura php-4.4.2/Zend/zend_execute_API.c hardening-patch-4.4.2-0.4.15/Zend/zend_execute_API.c
+--- php-4.4.2/Zend/zend_execute_API.c   2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_execute_API.c        2006-09-05 20:30:33.000000000 +0200
+@@ -142,6 +142,7 @@
+        EG(class_table) = CG(class_table);
+ 
+        EG(in_execution) = 0;
+       EG(in_code_type) = 0;
+ 
+        zend_ptr_stack_init(&EG(argument_stack));
+ 
+@@ -431,12 +432,14 @@
+        zend_execute_data execute_data;
+ 
+        /* Initialize execute_data */
+       memset(&execute_data, 0, sizeof(execute_data));
+        EX(fbc) = NULL;
+        EX(object).ptr = NULL;
+        EX(ce) = NULL;
+        EX(Ts) = NULL;
+        EX(op_array) = NULL;
+        EX(opline) = NULL;
+       EX(execute_depth) = 0;
+ 
+        *retval_ptr_ptr = NULL;
+ 
+@@ -494,6 +497,39 @@
+                zval_dtor(&function_name_copy);
+                return FAILURE;
+        }
+#if HARDENING_PATCH    
+       if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
+               if (EG(in_code_type) == ZEND_EVAL_CODE) {
+                       if (HG(eval_whitelist) != NULL) {
+                               if (!zend_hash_exists(HG(eval_whitelist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+                                       zend_security_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", function_name_copy.value.str.val);
+                                       zval_dtor(&function_name_copy);
+                                       zend_bailout();
+                               }
+                       } else if (HG(eval_blacklist) != NULL) {
+                               if (zend_hash_exists(HG(eval_blacklist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+                                       zend_security_log(S_EXECUTOR, "function within eval blacklist called: %s()", function_name_copy.value.str.val);
+                                       zval_dtor(&function_name_copy);
+                                       zend_bailout();
+                               }
+                       }
+               }
+                               
+               if (HG(func_whitelist) != NULL) {
+                       if (!zend_hash_exists(HG(func_whitelist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+                               zend_security_log(S_EXECUTOR, "function outside of whitelist called: %s()", function_name_copy.value.str.val);
+                               zval_dtor(&function_name_copy);
+                               zend_bailout();
+                       }
+               } else if (HG(func_blacklist) != NULL) {
+                       if (zend_hash_exists(HG(func_blacklist), function_name_copy.value.str.val, function_name_copy.value.str.len+1)) {
+                               zend_security_log(S_EXECUTOR, "function within blacklist called: %s()", function_name_copy.value.str.val);
+                               zval_dtor(&function_name_copy);
+                               zend_bailout();
+                       }
+               }
+       }
+#endif 
+        zval_dtor(&function_name_copy);
+ 
+        for (i=0; i<param_count; i++) {
+@@ -606,8 +642,7 @@
+        return SUCCESS;
+ }
+ 
+-
+-ZEND_API int zend_eval_string(char *str, zval *retval_ptr, char *string_name TSRMLS_DC)
+ZEND_API int zend_eval_string_ex(char *str, zval *retval_ptr, char *string_name, int type TSRMLS_DC)
+ {
+        zval pv;
+        zend_op_array *new_op_array;
+@@ -640,6 +675,7 @@
+                zval **original_return_value_ptr_ptr = EG(return_value_ptr_ptr);
+                zend_op **original_opline_ptr = EG(opline_ptr);
+                
+               new_op_array->type = type;
+                EG(return_value_ptr_ptr) = &local_retval_ptr;
+                EG(active_op_array) = new_op_array;
+                EG(no_extensions)=1;
+@@ -673,6 +709,10 @@
+        return retval;
+ }
+ 
+ZEND_API int zend_eval_string(char *str, zval *retval_ptr, char *string_name TSRMLS_DC)
+{
+       return (zend_eval_string_ex(str, retval_ptr, string_name, ZEND_EVAL_CODE TSRMLS_CC));
+}
+ 
+ void execute_new_code(TSRMLS_D)
+ {
+diff -Nura php-4.4.2/Zend/zend_execute.c hardening-patch-4.4.2-0.4.15/Zend/zend_execute.c
+--- php-4.4.2/Zend/zend_execute.c       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_execute.c    2006-09-05 20:30:33.000000000 +0200
+@@ -1042,6 +1042,7 @@
+        zend_execute_data execute_data;
+ 
+        /* Initialize execute_data */
+       memset(&execute_data, 0, sizeof(execute_data));
+        EX(fbc) = NULL;
+        EX(ce) = NULL;
+        EX(object).ptr = NULL;
+@@ -1053,9 +1054,21 @@
+        }
+        EX(prev_execute_data) = EG(current_execute_data);
+        EX(original_in_execution)=EG(in_execution);
+       EX(original_in_code_type)=EG(in_code_type);
+ 
+        EG(current_execute_data) = &execute_data;
+ 
+#if HARDENING_PATCH
+       EX(execute_depth) = 0;
+       
+       if ((op_array->type == ZEND_EVAL_CODE || op_array->created_by_eval) && EG(in_code_type) != ZEND_SANDBOX_CODE) {
+               EG(in_code_type) = ZEND_EVAL_CODE;
+       } else if (op_array->type == ZEND_SANDBOX_CODE) {
+               EG(in_code_type) = ZEND_SANDBOX_CODE;
+               op_array->type = ZEND_EVAL_CODE;
+       }
+#endif
+
+        EG(in_execution) = 1;
+        if (op_array->start_op) {
+                EX(opline) = op_array->start_op;
+@@ -1087,6 +1100,19 @@
+                }
+        }
+ 
+#if HARDENING_PATCH    
+       if (EX(prev_execute_data) == NULL) {
+               EX(execute_depth) = 0;
+       } else {
+               EX(execute_depth) = EX(prev_execute_data)->execute_depth + 1;
+       }
+
+       if (EG(hphp_executor_max_depth) > 0 && EX(execute_depth) > EG(hphp_executor_max_depth)) {
+               zend_security_log(S_EXECUTOR, "Maximum execution depth of %u violated", EG(hphp_executor_max_depth));
+               zend_bailout();
+       }
+#endif
+
+        while (1) {
+ #ifdef ZEND_WIN32
+                if (EG(timed_out)) {
+@@ -1634,6 +1660,36 @@
+                                        if (zend_hash_find(active_function_table, function_name->value.str.val, function_name->value.str.len+1, (void **) &function)==FAILURE) {
+                                                zend_error(E_ERROR, "Call to undefined function:  %s()", function_name->value.str.val);
+                                        }
+#if HARDENING_PATCH    
+                                       if (active_function_table == EG(function_table)) {
+                                               if (EG(in_code_type) == ZEND_EVAL_CODE) {
+                                                       if (HG(eval_whitelist) != NULL) {
+                                                               if (!zend_hash_exists(HG(eval_whitelist), function_name->value.str.val, function_name->value.str.len+1)) {
+                                                                       zend_security_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", function_name->value.str.val);
+                                                                       zend_bailout();
+                                                               }
+                                                       } else if (HG(eval_blacklist) != NULL) {
+                                                               if (zend_hash_exists(HG(eval_blacklist), function_name->value.str.val, function_name->value.str.len+1)) {
+                                                                       zend_security_log(S_EXECUTOR, "function within eval blacklist called: %s()", function_name->value.str.val);
+                                                                       zend_bailout();
+                                                               }
+                                                       }
+                                               }
+       
+                                               if (HG(func_whitelist) != NULL) {
+                                                       if (!zend_hash_exists(HG(func_whitelist), function_name->value.str.val, function_name->value.str.len+1)) {
+                                                               zend_security_log(S_EXECUTOR, "function outside of whitelist called: %s()", function_name->value.str.val);
+                                                               zend_bailout();
+                                                       }
+                                               } else if (HG(func_blacklist) != NULL) {
+                                                       if (zend_hash_exists(HG(func_blacklist), function_name->value.str.val, function_name->value.str.len+1)) {
+                                                               zend_security_log(S_EXECUTOR, "function within blacklist called: %s()", function_name->value.str.val);
+                                                               zend_bailout();
+                                                       }
+                                               }
+                                       }
+#endif
+
+                                        zval_dtor(&tmp);
+                                        EX(fbc) = function;
+ overloaded_function_call_cont:
+@@ -1649,6 +1705,35 @@
+                                        if (zend_hash_find(EG(function_table), fname->value.str.val, fname->value.str.len+1, (void **) &EX(function_state).function)==FAILURE) {
+                                                zend_error(E_ERROR, "Unknown function:  %s()", fname->value.str.val);
+                                        }
+#if HARDENING_PATCH    
+                                       if (EX(function_state).function->type==ZEND_INTERNAL_FUNCTION) {
+                                               if (EG(in_code_type) == ZEND_EVAL_CODE) {
+                                                       if (HG(eval_whitelist) != NULL) {
+                                                               if (!zend_hash_exists(HG(eval_whitelist), fname->value.str.val, fname->value.str.len+1)) {
+                                                                       zend_security_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", fname->value.str.val);
+                                                                       zend_bailout();
+                                                               }
+                                                       } else if (HG(eval_blacklist) != NULL) {
+                                                               if (zend_hash_exists(HG(eval_blacklist), fname->value.str.val, fname->value.str.len+1)) {
+                                                                       zend_security_log(S_EXECUTOR, "function within eval blacklist called: %s()", fname->value.str.val);
+                                                                       zend_bailout();
+                                                               }
+                                                       }
+                                               }
+       
+                                               if (HG(func_whitelist) != NULL) {
+                                                       if (!zend_hash_exists(HG(func_whitelist), fname->value.str.val, fname->value.str.len+1)) {
+                                                               zend_security_log(S_EXECUTOR, "function outside of whitelist called: %s()", fname->value.str.val);
+                                                               zend_bailout();
+                                                       }
+                                               } else if (HG(func_blacklist) != NULL) {
+                                                       if (zend_hash_exists(HG(func_blacklist), fname->value.str.val, fname->value.str.len+1)) {
+                                                               zend_security_log(S_EXECUTOR, "function within blacklist called: %s()", fname->value.str.val);
+                                                               zend_bailout();
+                                                       }
+                                               }
+                                       }
+#endif
+                                        FREE_OP(EX(Ts), &EX(opline)->op1, EG(free_op1));
+                                        zend_ptr_stack_n_push(&EG(arg_types_stack), 2, EX(object).ptr, EX(ce));
+                                        EX(object).ptr = NULL;
+@@ -1821,6 +1906,7 @@
+                                                efree(EX(Ts));
+                                        }
+                                        EG(in_execution) = EX(original_in_execution);
+                                       EG(in_code_type) = EX(original_in_code_type);
+                                        EG(current_execute_data) = EX(prev_execute_data);
+                                        return;
+                                }
+@@ -2210,7 +2296,12 @@
+                                                                int dummy = 1;
+                                                                zend_file_handle file_handle = {0};
+ 
+#if HARDENING_PATCH_INC_PROTECT
+                                                               if (zend_is_valid_include(inc_filename) 
+                                                                               && zend_open(inc_filename->value.str.val, &file_handle) == SUCCESS
+#else
+                                                                if (zend_open(inc_filename->value.str.val, &file_handle) == SUCCESS
+#endif
+                                                                                && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
+ 
+                                                                        file_handle.filename = inc_filename->value.str.val;
+@@ -2239,6 +2330,11 @@
+                                                        break;
+                                                case ZEND_INCLUDE:
+                                                case ZEND_REQUIRE:
+#if HARDENING_PATCH_INC_PROTECT
+                                                       if (!zend_is_valid_include(inc_filename)) {
+                                                               break;
+                                                       }
+#endif
+                                                        new_op_array = compile_filename(EX(opline)->op2.u.constant.value.lval, inc_filename TSRMLS_CC);
+                                                        break;
+                                                case ZEND_EVAL: {
+@@ -2381,7 +2477,7 @@
+                                        if (EX(opline)->extended_value) {
+                                                array_ptr_ptr = get_zval_ptr_ptr(&EX(opline)->op1, EX(Ts), BP_VAR_R);
+                                                if (array_ptr_ptr == NULL) {
+-                                                       MAKE_STD_ZVAL(array_ptr);
+                                                       ALLOC_INIT_ZVAL(array_ptr);
+                                                } else {
+                                                        SEPARATE_ZVAL_IF_NOT_REF(array_ptr_ptr);
+                                                        array_ptr = *array_ptr_ptr;
+diff -Nura php-4.4.2/Zend/zend_execute_globals.h hardening-patch-4.4.2-0.4.15/Zend/zend_execute_globals.h
+--- php-4.4.2/Zend/zend_execute_globals.h       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_execute_globals.h    2006-09-05 20:30:33.000000000 +0200
+@@ -60,6 +60,8 @@
+        object_info object;
+        temp_variable *Ts;
+        zend_bool original_in_execution;
+       zend_uint original_in_code_type;
+       zend_uint execute_depth;
+        zend_op_array *op_array;
+        struct  _zend_execute_data *prev_execute_data;
+ } zend_execute_data;
+diff -Nura php-4.4.2/Zend/zend_extensions.c hardening-patch-4.4.2-0.4.15/Zend/zend_extensions.c
+--- php-4.4.2/Zend/zend_extensions.c    2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_extensions.c 2006-09-05 20:30:33.000000000 +0200
+@@ -54,23 +54,44 @@
+                return FAILURE;
+        }
+ 
+       /* check if module is compiled against Hardening-Patch */
+       if (extension_version_info->zend_extension_api_no < 1000000000) {
+               fprintf(stderr, "%s is not compiled with Hardening-Patch.\n"
+                               "The Hardening-Patch version %d is installed.\n\n",
+                               new_extension->name,
+                               HARDENING_PATCH_ZEND_EXTENSION_API_NO);
+               DL_UNLOAD(handle);
+               return FAILURE;
+       }
+
+
+       /* check if module is compiled against correct Hardening-Patch version */
+       if (extension_version_info->zend_extension_api_no != HARDENING_PATCH_ZEND_EXTENSION_API_NO) {
+               fprintf(stderr, "%s requires Hardening-Patch version %d.\n"
+                               "The Hardening-Patch version %d is installed.\n\n",
+                               new_extension->name,
+                               extension_version_info->zend_extension_api_no,
+                               HARDENING_PATCH_ZEND_EXTENSION_API_NO);
+               DL_UNLOAD(handle);
+               return FAILURE;
+       }
+ 
+        /* allow extension to proclaim compatibility with any Zend version */
+-       if (extension_version_info->zend_extension_api_no != ZEND_EXTENSION_API_NO &&(!new_extension->api_no_check || new_extension->api_no_check(ZEND_EXTENSION_API_NO) != SUCCESS)) {
+-               if (extension_version_info->zend_extension_api_no > ZEND_EXTENSION_API_NO) {
+       if (extension_version_info->real_zend_extension_api_no != ZEND_EXTENSION_API_NO &&(!new_extension->api_no_check || new_extension->api_no_check(ZEND_EXTENSION_API_NO) != SUCCESS)) {
+               if (extension_version_info->real_zend_extension_api_no > ZEND_EXTENSION_API_NO) {
+                        fprintf(stderr, "%s requires Zend Engine API version %d.\n"
+                                        "The Zend Engine API version %d which is installed, is outdated.\n\n",
+                                        new_extension->name,
+-                                       extension_version_info->zend_extension_api_no,
+                                       extension_version_info->real_zend_extension_api_no,
+                                        ZEND_EXTENSION_API_NO);
+                        DL_UNLOAD(handle);
+                        return FAILURE;
+-               } else if (extension_version_info->zend_extension_api_no < ZEND_EXTENSION_API_NO) {
+               } else if (extension_version_info->real_zend_extension_api_no < ZEND_EXTENSION_API_NO) {
+                        fprintf(stderr, "%s requires Zend Engine API version %d.\n"
+                                        "The Zend Engine API version %d which is installed, is newer.\n"
+                                        "Contact %s at %s for a later version of %s.\n\n",
+                                        new_extension->name,
+-                                       extension_version_info->zend_extension_api_no,
+                                       extension_version_info->real_zend_extension_api_no,
+                                        ZEND_EXTENSION_API_NO,
+                                        new_extension->author,
+                                        new_extension->URL,
+diff -Nura php-4.4.2/Zend/zend_extensions.h hardening-patch-4.4.2-0.4.15/Zend/zend_extensions.h
+--- php-4.4.2/Zend/zend_extensions.h    2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_extensions.h 2006-09-05 20:30:33.000000000 +0200
+@@ -23,6 +23,9 @@
+ 
+ #include "zend_compile.h"
+ 
+/* Create own API version number for Hardening-Patch */
+
+#define HARDENING_PATCH_ZEND_EXTENSION_API_NO  1001050805
+ #define ZEND_EXTENSION_API_NO  20050606
+ 
+ typedef struct _zend_extension_version_info {
+@@ -30,6 +33,7 @@
+        char *required_zend_version;
+        unsigned char thread_safe;
+        unsigned char debug;
+       int real_zend_extension_api_no;
+ } zend_extension_version_info;
+ 
+ 
+@@ -96,7 +100,7 @@
+ 
+ 
+ #define ZEND_EXTENSION()       \
+-       ZEND_EXT_API zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG }
+       ZEND_EXT_API zend_extension_version_info extension_version_info = { HARDENING_PATCH_ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG, ZEND_EXTENSION_API_NO }
+ 
+ #define STANDARD_ZEND_EXTENSION_PROPERTIES NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -1
+ #define COMPAT_ZEND_EXTENSION_PROPERTIES   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -1
+diff -Nura php-4.4.2/Zend/zend_globals.h hardening-patch-4.4.2-0.4.15/Zend/zend_globals.h
+--- php-4.4.2/Zend/zend_globals.h       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_globals.h    2006-09-05 20:30:33.000000000 +0200
+@@ -163,6 +163,16 @@
+ 
+        int error_reporting;
+        int orig_error_reporting;
+#if HARDENING_PATCH
+       int hphp_log_syslog;
+       int hphp_log_syslog_facility;
+       int hphp_log_syslog_priority;
+       int hphp_log_sapi;
+       int hphp_log_script;
+       char *hphp_log_scriptname;
+       zend_bool hphp_log_use_x_forwarded_for;
+       long hphp_executor_max_depth;
+#endif
+        int exit_status;
+ 
+        zend_op_array *active_op_array;
+@@ -176,6 +186,7 @@
+        int ticks_count;
+ 
+        zend_bool in_execution;
+       zend_uint in_code_type;
+        zend_bool bailout_set;
+        zend_bool full_tables_cleanup;
+ 
+diff -Nura php-4.4.2/Zend/zend.h hardening-patch-4.4.2-0.4.15/Zend/zend.h
+--- php-4.4.2/Zend/zend.h       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend.h    2006-09-05 20:30:33.000000000 +0200
+@@ -274,9 +274,10 @@
+ struct _zval_struct {
+        /* Variable information */
+        zvalue_value value;             /* value */
+       zend_uint refcount;
+       zend_ushort flags;
+        zend_uchar type;        /* active type */
+        zend_uchar is_ref;
+-       zend_ushort refcount;
+ };
+ 
+ 
+@@ -337,6 +338,12 @@
+        void (*ticks_function)(int ticks);
+        void (*on_timeout)(int seconds TSRMLS_DC);
+        zend_bool (*open_function)(const char *filename, struct _zend_file_handle *);
+#if HARDENING_PATCH
+       void (*security_log_function)(int loglevel, char *fmt, ...);
+#endif 
+#if HARDENING_PATCH_INC_PROTECT
+       int (*is_valid_include)(zval *z);
+#endif
+ } zend_utility_functions;
+ 
+                
+@@ -468,7 +475,16 @@
+ extern ZEND_API void (*zend_ticks_function)(int ticks);
+ extern ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 4, 0);
+ extern void (*zend_on_timeout)(int seconds TSRMLS_DC);
+#if HARDENING_PATCH
+extern ZEND_API        void (*zend_security_log)(int loglevel, char *fmt, ...);
+#endif 
+#if HARDENING_PATCH_INC_PROTECT
+extern ZEND_API int (*zend_is_valid_include)(zval *z);
+#endif
+ 
+#if HARDENING_PATCH_MM_PROTECT || HARDENING_PATCH_LL_PROTECT || HARDENING_PATCH_HASH_PROTECT
+ZEND_API unsigned int zend_canary(void);
+#endif
+ 
+ ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 2, 3);
+ 
+@@ -575,6 +591,11 @@
+ 
+ #define ZEND_MAX_RESERVED_RESOURCES    4
+ 
+#if HARDENING_PATCH
+#include "hardened_globals.h"
+#include "php_syslog.h"
+#endif
+
+ #endif /* ZEND_H */
+ 
+ /*
+diff -Nura php-4.4.2/Zend/zend_hash.c hardening-patch-4.4.2-0.4.15/Zend/zend_hash.c
+--- php-4.4.2/Zend/zend_hash.c  2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_hash.c       2006-09-05 20:30:33.000000000 +0200
+@@ -26,6 +26,17 @@
+ # include <stdlib.h>
+ #endif
+ 
+#if HARDENING_PATCH_HASH_PROTECT
+       unsigned int zend_hash_canary = 0x1234567;
+       zend_bool zend_hash_canary_inited = 0;
+#endif
+
+#define CHECK_HASH_CANARY(hash) \
+       if (zend_hash_canary != (hash)->canary) { \
+               zend_security_log(S_MEMORY, "Zend HashTable canary was overwritten"); \
+               exit(1); \
+       }
+
+ #define HANDLE_NUMERIC(key, length, func) {                                                                                            \
+        register char *tmp=key;                                                                                                                         \
+                                                                                                                                                                                \
+@@ -175,6 +186,9 @@
+ {
+        uint i = 3;
+        Bucket **tmp;
+#if HARDENING_PATCH_HASH_PROTECT
+       TSRMLS_FETCH(); 
+#endif 
+ 
+        SET_INCONSISTENT(HT_OK);
+ 
+@@ -184,6 +198,13 @@
+ 
+        ht->nTableSize = 1 << i;
+        ht->nTableMask = ht->nTableSize - 1;
+#if HARDENING_PATCH_HASH_PROTECT
+       if (zend_hash_canary_inited==0) {
+               zend_hash_canary = zend_canary();
+               zend_hash_canary_inited = 1;
+       }
+       ht->canary = zend_hash_canary;
+#endif
+        ht->pDestructor = pDestructor;
+        ht->pListHead = NULL;
+        ht->pListTail = NULL;
+@@ -259,6 +280,9 @@
+                                }
+ #endif
+                                if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+                                       CHECK_HASH_CANARY(ht);
+#endif 
+                                        ht->pDestructor(p->pData);
+                                }
+                                UPDATE_DATA(ht, p, pData, nDataSize);
+@@ -327,6 +351,9 @@
+                                }
+ #endif
+                                if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+                                       CHECK_HASH_CANARY(ht);
+#endif 
+                                        ht->pDestructor(p->pData);
+                                }
+                                UPDATE_DATA(ht, p, pData, nDataSize);
+@@ -402,6 +429,9 @@
+                        }
+ #endif
+                        if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+                               CHECK_HASH_CANARY(ht);
+#endif 
+                                ht->pDestructor(p->pData);
+                        }
+                        UPDATE_DATA(ht, p, pData, nDataSize);
+@@ -450,7 +480,7 @@
+        IS_CONSISTENT(ht);
+ 
+        if ((ht->nTableSize << 1) > 0) {        /* Let's double the table size */
+-               t = (Bucket **) perealloc_recoverable(ht->arBuckets, (ht->nTableSize << 1) * sizeof(Bucket *), ht->persistent);
+               t = (Bucket **) perealloc(ht->arBuckets, (ht->nTableSize << 1) * sizeof(Bucket *), ht->persistent);
+                if (t) {
+                        HANDLE_BLOCK_INTERRUPTIONS();
+                        ht->arBuckets = t;
+@@ -460,6 +490,7 @@
+                        HANDLE_UNBLOCK_INTERRUPTIONS();
+                        return SUCCESS;
+                }
+               zend_error(E_ERROR, "zend_hash_do_resize - out of memory");
+                return FAILURE;
+        }
+        return SUCCESS;
+@@ -491,15 +522,17 @@
+        IS_CONSISTENT(ht);
+ 
+        if (flag == HASH_DEL_KEY) {
+-               HANDLE_NUMERIC(arKey, nKeyLength, zend_hash_del_key_or_index(ht, arKey, nKeyLength, idx, HASH_DEL_INDEX));
+               HANDLE_NUMERIC(arKey, nKeyLength, zend_hash_del_key_or_index(ht, NULL, 0, idx, HASH_DEL_INDEX));
+                h = zend_inline_hash_func(arKey, nKeyLength);
+        }
+        nIndex = h & ht->nTableMask;
+ 
+        p = ht->arBuckets[nIndex];
+        while (p != NULL) {
+-               if ((p->h == h) && ((p->nKeyLength == 0) || /* Numeric index */
+-                       ((p->nKeyLength == nKeyLength) && (!memcmp(p->arKey, arKey, nKeyLength))))) {
+               if ((p->h == h) 
+                        && (p->nKeyLength == nKeyLength)
+                        && ((p->nKeyLength == 0) /* Numeric index (short circuits the memcmp() check) */
+                                || !memcmp(p->arKey, arKey, nKeyLength))) { /* String index */
+                        HANDLE_BLOCK_INTERRUPTIONS();
+                        if (p == ht->arBuckets[nIndex]) {
+                                ht->arBuckets[nIndex] = p->pNext;
+@@ -524,6 +557,9 @@
+                                ht->pInternalPointer = p->pListNext;
+                        }
+                        if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+                               CHECK_HASH_CANARY(ht);
+#endif 
+                                ht->pDestructor(p->pData);
+                        }
+                        if (!p->pDataPtr) {
+@@ -553,6 +589,9 @@
+                q = p;
+                p = p->pListNext;
+                if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+                       CHECK_HASH_CANARY(ht);
+#endif 
+                        ht->pDestructor(q->pData);
+                }
+                if (!q->pDataPtr && q->pData) {
+@@ -579,6 +618,9 @@
+                q = p;
+                p = p->pListNext;
+                if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+                       CHECK_HASH_CANARY(ht);
+#endif 
+                        ht->pDestructor(q->pData);
+                }
+                if (!q->pDataPtr && q->pData) {
+@@ -608,6 +650,9 @@
+        HANDLE_BLOCK_INTERRUPTIONS();
+ 
+        if (ht->pDestructor) {
+#if HARDENING_PATCH_HASH_PROTECT
+               CHECK_HASH_CANARY(ht);
+#endif 
+                ht->pDestructor(p->pData);
+        }
+        if (!p->pDataPtr) {
+diff -Nura php-4.4.2/Zend/zend_hash.h hardening-patch-4.4.2-0.4.15/Zend/zend_hash.h
+--- php-4.4.2/Zend/zend_hash.h  2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_hash.h       2006-09-05 20:30:33.000000000 +0200
+@@ -54,6 +54,9 @@
+ } Bucket;
+ 
+ typedef struct _hashtable {
+#if HARDENING_PATCH_HASH_PROTECT
+       unsigned int canary;
+#endif 
+        uint nTableSize;
+        uint nTableMask;
+        uint nNumOfElements;
+diff -Nura php-4.4.2/Zend/zend_ini.c hardening-patch-4.4.2-0.4.15/Zend/zend_ini.c
+--- php-4.4.2/Zend/zend_ini.c   2005-09-02 23:09:03.000000000 +0200
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_ini.c        2006-09-07 19:14:18.000000000 +0200
+@@ -256,7 +256,8 @@
+        zend_ini_entry *ini_entry;
+        TSRMLS_FETCH();
+ 
+-       if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) {
+       if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE ||
+           (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifyable & ZEND_INI_USER) == 0)) {
+                return FAILURE;
+        }
+ 
+diff -Nura php-4.4.2/Zend/zend_ini.h hardening-patch-4.4.2-0.4.15/Zend/zend_ini.h
+--- php-4.4.2/Zend/zend_ini.h   2005-01-09 18:00:16.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_ini.h        2006-09-05 20:30:33.000000000 +0200
+@@ -174,6 +174,7 @@
+ /* Standard message handlers */
+ BEGIN_EXTERN_C()
+ ZEND_API ZEND_INI_MH(OnUpdateBool);
+#define OnUpdateLong OnUpdateInt
+ ZEND_API ZEND_INI_MH(OnUpdateInt);
+ ZEND_API ZEND_INI_MH(OnUpdateReal);
+ ZEND_API ZEND_INI_MH(OnUpdateString);
+diff -Nura php-4.4.2/Zend/zend_language_scanner.l hardening-patch-4.4.2-0.4.15/Zend/zend_language_scanner.l
+--- php-4.4.2/Zend/zend_language_scanner.l      2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_language_scanner.l   2006-09-05 20:30:33.000000000 +0200
+@@ -393,6 +393,13 @@
+                compilation_successful=0;
+        } else {
+                init_op_array(op_array, ZEND_USER_FUNCTION, INITIAL_OP_ARRAY_SIZE TSRMLS_CC);
+#if HARDENING_PATCH
+               if (EG(in_code_type)==ZEND_EVAL_CODE) {
+                       op_array->created_by_eval = 1;
+               } else {
+                       op_array->created_by_eval = 0;
+               }
+#endif
+                CG(in_compilation) = 1;
+                CG(active_op_array) = op_array;
+                compiler_result = zendparse(TSRMLS_C);
+diff -Nura php-4.4.2/Zend/zend_language_scanner.c hardening-patch-4.4.2-0.4.15/Zend/zend_language_scanner.c
+--- php-4.4.2/Zend/zend_language_scanner.c      2006-01-12 19:24:28.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_language_scanner.c   2006-09-05 20:30:33.000000000 +0200
+@@ -3036,6 +3036,13 @@
+                compilation_successful=0;
+        } else {
+                init_op_array(op_array, ZEND_USER_FUNCTION, INITIAL_OP_ARRAY_SIZE TSRMLS_CC);
+#if HARDENING_PATCH
+               if (EG(in_code_type)==ZEND_EVAL_CODE) {
+                       op_array->created_by_eval = 1;
+               } else {
+                       op_array->created_by_eval = 0;
+               }
+#endif
+                CG(in_compilation) = 1;
+                CG(active_op_array) = op_array;
+                compiler_result = zendparse(TSRMLS_C);
+diff -Nura php-4.4.2/Zend/zend_llist.c hardening-patch-4.4.2-0.4.15/Zend/zend_llist.c
+--- php-4.4.2/Zend/zend_llist.c 2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_llist.c      2006-09-05 20:30:33.000000000 +0200
+@@ -21,9 +21,49 @@
+ #include "zend.h"
+ #include "zend_llist.h"
+ #include "zend_qsort.h"
+#include "zend_globals.h"
+
+#if HARDENING_PATCH_LL_PROTECT
+       unsigned int zend_llist_canary_1 = 0x1234567;
+       unsigned int zend_llist_canary_2 = 0x1553425;
+       zend_bool zend_llist_canary_inited = 0;
+#endif
+
+#define CHECK_LIST_CANARY(list) \
+       if (((list)->persistent && (zend_llist_canary_1 != (list)->canary_h || zend_llist_canary_2 != (list)->canary_t)) \
+             ||(!(list)->persistent && (HG(canary_3) != (list)->canary_h || HG(canary_4) != (list)->canary_t))) { \
+               zend_security_log(S_MEMORY, "linked list canary was overwritten"); \
+               exit(1); \
+       }
+
+#define CHECK_LISTELEMENT_CANARY(elem, list) \
+       if (((list)->persistent && zend_llist_canary_1 != (elem)->canary)||(!(list)->persistent && HG(canary_3) != (elem)->canary)) { \
+               zend_security_log(S_MEMORY, "linked list element canary was overwritten"); \
+               exit(1); \
+       }
+
+ 
+ ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent)
+ {
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       
+        if (persistent) {
+                if (!zend_llist_canary_inited) {
+                        /* do not change order to ensure thread safety */
+                        zend_llist_canary_1 = zend_canary();
+                        zend_llist_canary_2 = zend_canary();
+                        zend_llist_canary_inited = 1;
+                }
+        } else
+       if (!HG(ll_canary_inited)) {
+               HG(canary_3) = zend_canary();
+               HG(canary_4) = zend_canary();
+               HG(ll_canary_inited) = 1;
+       }
+       l->canary_h = persistent ? zend_llist_canary_1 : HG(canary_3);
+       l->canary_t = persistent ? zend_llist_canary_2 : HG(canary_4);
+#endif
+        l->head  = NULL;
+        l->tail  = NULL;
+        l->count = 0;
+@@ -37,6 +77,11 @@
+ {
+        zend_llist_element *tmp = pemalloc(sizeof(zend_llist_element)+l->size-1, l->persistent);
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(l)
+       tmp->canary = l->persistent ? zend_llist_canary_1 : HG(canary_3);
+#endif
+        tmp->prev = l->tail;
+        tmp->next = NULL;
+        if (l->tail) {
+@@ -55,6 +100,11 @@
+ {
+        zend_llist_element *tmp = pemalloc(sizeof(zend_llist_element)+l->size-1, l->persistent);
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(l)
+       tmp->canary = l->persistent ? zend_llist_canary_1 : HG(canary_3);
+#endif
+        tmp->next = l->head;
+        tmp->prev = NULL;
+        if (l->head) {
+@@ -91,10 +141,20 @@
+        zend_llist_element *current=l->head;
+        zend_llist_element *next;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(l)
+#endif
+        while (current) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(current, l)
+#endif
+                next = current->next;
+                if (compare(current->data, element)) {
+                        DEL_LLIST_ELEMENT(current, l);
+#if HARDENING_PATCH_LL_PROTECT
+                       current->canary = 0;
+#endif
+                        break;
+                }
+                current = next;
+@@ -106,7 +166,14 @@
+ {
+        zend_llist_element *current=l->head, *next;
+        
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(l)
+#endif
+        while (current) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(current, l)
+#endif
+                next = current->next;
+                if (l->dtor) {
+                        l->dtor(current->data);
+@@ -131,7 +198,14 @@
+        zend_llist_element *old_tail;
+        void *data;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(l)
+#endif
+        if ((old_tail = l->tail)) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(old_tail, l)
+#endif
+                if (l->tail->prev) {
+                        l->tail->prev->next = NULL;
+                }
+@@ -157,9 +231,16 @@
+ {
+        zend_llist_element *ptr;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(src)
+#endif
+        zend_llist_init(dst, src->size, src->dtor, src->persistent);
+        ptr = src->head;
+        while (ptr) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(ptr, src)
+#endif
+                zend_llist_add_element(dst, ptr->data);
+                ptr = ptr->next;
+        }
+@@ -170,11 +251,21 @@
+ {
+        zend_llist_element *element, *next;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH(); 
+       CHECK_LIST_CANARY(l)
+#endif
+        element=l->head;
+        while (element) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(element, l)
+#endif
+                next = element->next;
+                if (func(element->data)) {
+                        DEL_LLIST_ELEMENT(element, l);
+#if HARDENING_PATCH_LL_PROTECT
+                       element->canary = 0;
+#endif
+                }
+                element = next;
+        }
+@@ -185,7 +276,13 @@
+ {
+        zend_llist_element *element;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       CHECK_LIST_CANARY(l)
+#endif
+        for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(element, l)
+#endif
+                func(element->data TSRMLS_CC);
+        }
+ }
+@@ -197,6 +294,9 @@
+        zend_llist_element **elements;
+        zend_llist_element *element, **ptr;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       CHECK_LIST_CANARY(l)
+#endif
+        if (l->count <= 0) {
+                return;
+        }
+@@ -206,6 +306,9 @@
+        ptr = &elements[0];
+ 
+        for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(element, l)
+#endif
+                *ptr++ = element;
+        }
+ 
+@@ -228,7 +331,13 @@
+ {
+        zend_llist_element *element;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       CHECK_LIST_CANARY(l)
+#endif
+        for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(element, l)
+#endif
+                func(element->data, arg TSRMLS_CC);
+        }
+ }
+@@ -239,8 +348,14 @@
+        zend_llist_element *element;
+        va_list args;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       CHECK_LIST_CANARY(l)
+#endif
+        va_start(args, num_args);
+        for (element=l->head; element; element=element->next) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(element, l)
+#endif
+                func(element->data, num_args, args TSRMLS_CC);
+        }
+        va_end(args);
+@@ -249,6 +364,10 @@
+ 
+ ZEND_API int zend_llist_count(zend_llist *l)
+ {
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH();
+       CHECK_LIST_CANARY(l)
+#endif
+        return l->count;
+ }
+     
+@@ -256,8 +375,15 @@
+ {
+        zend_llist_position *current = pos ? pos : &l->traverse_ptr;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH();
+       CHECK_LIST_CANARY(l)
+#endif
+        *current = l->head;
+        if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(*current, l)
+#endif
+                return (*current)->data;
+        } else {
+                return NULL;
+@@ -269,8 +395,15 @@
+ {
+        zend_llist_position *current = pos ? pos : &l->traverse_ptr;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH();
+       CHECK_LIST_CANARY(l)
+#endif
+        *current = l->tail;
+        if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(*current, l)
+#endif
+                return (*current)->data;
+        } else {
+                return NULL;
+@@ -282,9 +415,19 @@
+ {
+        zend_llist_position *current = pos ? pos : &l->traverse_ptr;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH();
+       CHECK_LIST_CANARY(l)
+#endif
+        if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(*current, l)
+#endif
+                *current = (*current)->next;
+                if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+                       CHECK_LISTELEMENT_CANARY(*current, l)
+#endif
+                        return (*current)->data;
+                }
+        }
+@@ -296,9 +439,19 @@
+ {
+        zend_llist_position *current = pos ? pos : &l->traverse_ptr;
+ 
+#if HARDENING_PATCH_LL_PROTECT
+       TSRMLS_FETCH();
+       CHECK_LIST_CANARY(l)
+#endif
+        if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+               CHECK_LISTELEMENT_CANARY(*current, l)
+#endif
+                *current = (*current)->prev;
+                if (*current) {
+#if HARDENING_PATCH_LL_PROTECT
+                       CHECK_LISTELEMENT_CANARY(*current, l)
+#endif
+                        return (*current)->data;
+                }
+        }
+diff -Nura php-4.4.2/Zend/zend_llist.h hardening-patch-4.4.2-0.4.15/Zend/zend_llist.h
+--- php-4.4.2/Zend/zend_llist.h 2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_llist.h      2006-09-05 20:30:33.000000000 +0200
+@@ -24,6 +24,9 @@
+ #include <stdlib.h>
+ 
+ typedef struct _zend_llist_element {
+#if HARDENING_PATCH_LL_PROTECT
+       unsigned int canary, padding;
+#endif 
+        struct _zend_llist_element *next;
+        struct _zend_llist_element *prev;
+        char data[1]; /* Needs to always be last in the struct */
+@@ -36,6 +39,9 @@
+ typedef void (*llist_apply_func_t)(void * TSRMLS_DC);
+ 
+ typedef struct _zend_llist {
+#if HARDENING_PATCH_LL_PROTECT
+       unsigned int canary_h; /* head */
+#endif 
+        zend_llist_element *head;
+        zend_llist_element *tail;
+        size_t size;
+@@ -43,6 +49,9 @@
+        llist_dtor_func_t dtor;
+        unsigned char persistent;
+        zend_llist_element *traverse_ptr;
+#if HARDENING_PATCH_LL_PROTECT
+       unsigned int canary_t; /* tail */
+#endif 
+ } zend_llist;
+ 
+ typedef zend_llist_element* zend_llist_position;
+diff -Nura php-4.4.2/Zend/zend_modules.h hardening-patch-4.4.2-0.4.15/Zend/zend_modules.h
+--- php-4.4.2/Zend/zend_modules.h       2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_modules.h    2006-09-05 20:30:33.000000000 +0200
+@@ -34,6 +34,7 @@
+ ZEND_API extern unsigned char second_arg_force_ref[];
+ ZEND_API extern unsigned char third_arg_force_ref[];
+ 
+#define HARDENING_PATCH_ZEND_MODULE_API_NO 1001051112
+ #define ZEND_MODULE_API_NO 20020429
+ #ifdef ZTS
+ #define USING_ZTS 1
+@@ -41,9 +42,9 @@
+ #define USING_ZTS 0
+ #endif
+ 
+-#define STANDARD_MODULE_HEADER sizeof(zend_module_entry), ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS
+#define STANDARD_MODULE_HEADER sizeof(zend_module_entry), HARDENING_PATCH_ZEND_MODULE_API_NO, ZEND_DEBUG, USING_ZTS 
+ 
+-#define STANDARD_MODULE_PROPERTIES_EX 0, 0, 0, NULL, 0
+#define STANDARD_MODULE_PROPERTIES_EX 0, 0, 0, NULL, 0, ZEND_MODULE_API_NO
+ 
+ #define STANDARD_MODULE_PROPERTIES \
+        NULL, NULL, STANDARD_MODULE_PROPERTIES_EX
+@@ -75,6 +76,7 @@
+        unsigned char type;
+        void *handle;
+        int module_number;
+       unsigned int real_zend_api;
+ };
+ 
+ 
+diff -Nura php-4.4.2/Zend/zend_opcode.c hardening-patch-4.4.2-0.4.15/Zend/zend_opcode.c
+--- php-4.4.2/Zend/zend_opcode.c        2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_opcode.c     2006-09-05 20:30:33.000000000 +0200
+@@ -88,6 +88,9 @@
+        op_array->done_pass_two = 0;
+ 
+        op_array->start_op = NULL;
+#if HARDENING_PATCH
+       op_array->created_by_eval = 0;
+#endif
+ 
+        zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_op_array_ctor_handler, op_array TSRMLS_CC);
+ }
+diff -Nura php-4.4.2/Zend/zend_operators.c hardening-patch-4.4.2-0.4.15/Zend/zend_operators.c
+--- php-4.4.2/Zend/zend_operators.c     2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_operators.c  2006-09-05 20:30:33.000000000 +0200
+@@ -1604,6 +1604,20 @@
+        return (op->value.lval ? 1 : 0);
+ }
+ 
+ZEND_API char *zend_str_tolower_copy(char *dest, const char *source, unsigned int length)
+{
+       register unsigned char *str = (unsigned char*)source;
+       register unsigned char *result = (unsigned char*)dest;
+       register unsigned char *end = str + length;
+
+       while (str < end) {
+               *result++ = tolower((int)*str++);
+       }
+       *result = *end;
+
+       return dest;
+}
+
+ ZEND_API void zend_str_tolower(char *str, unsigned int length)
+ {
+        register char *p=str, *end=p+length;
+diff -Nura php-4.4.2/Zend/zend_operators.h hardening-patch-4.4.2-0.4.15/Zend/zend_operators.h
+--- php-4.4.2/Zend/zend_operators.h     2006-01-01 14:46:49.000000000 +0100
+++ hardening-patch-4.4.2-0.4.15/Zend/zend_operators.h  2006-09-05 20:30:33.000000000 +0200
+@@ -174,6 +174,14 @@
+ #endif
+ 
+ ZEND_API void zend_str_tolower(char *str, unsigned int length);
+ZEND_API char *zend_str_tolower_copy(char *dest, const char *source, unsigned int length);
+
+static inline char *
+zend_str_tolower_dup(const char *source, unsigned int length)
+{
+       return zend_str_tolower_copy((char *)emalloc(length+1), source, length);
+}
+
+ ZEND_API int zend_binary_zval_strcmp(zval *s1, zval *s2);
+ ZEND_API int zend_binary_zval_strncmp(zval *s1, zval *s2, zval *s3);
+ ZEND_API int zend_binary_zval_strcasecmp(zval *s1, zval *s2);
author	jvoisin	2018-09-11 10:30:39 +0200
committer	jvoisin	2018-09-11 10:30:39 +0200
commit	5321e0fcf6ab6e6cc5d95b4cbd9bc0f7e44e01fe (patch)
tree	25ce8c8ffe0880fe8c7aedde6df1c6d0a80c6d37 /hardening-patch-4.4.2-0.4.15.patch