whitespace / code indentation

author: Ben Fuhrmannek 2016-09-23 17:35:03 +0200
committer: Ben Fuhrmannek 2016-09-23 17:35:03 +0200
commit: 200e697807b4de3af042edb3dea4d3db8fba9f03 (patch)
tree: d62cbe31b3c8789b92fc19f72039a7a4e57750d8 /session.c
parent: 5f2b52cbc278bcf587160a21790d5c6ebe181178 (diff)
1 files changed, 221 insertions, 221 deletions
diff --git a/session.c b/session.c
index 10c1652..b89aa7f 100644
--- a/session.c
+++ b/session.c
@@ -18,7 +18,7 @@
  +----------------------------------------------------------------------+
 */
 /*
-  $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 
+  $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
 */
 #ifdef HAVE_CONFIG_H
@@ -57,55 +57,55 @@ ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL;
 int suhosin_session_encode(char **newstr, int *newlen TSRMLS_DC)
 {
-    smart_str buf = {0};
+        smart_str buf = {0};
-    php_serialize_data_t var_hash;
+        php_serialize_data_t var_hash;
-    PS_ENCODE_VARS;
+        PS_ENCODE_VARS;
-    PHP_VAR_SERIALIZE_INIT(var_hash);
+        PHP_VAR_SERIALIZE_INIT(var_hash);
-    PS_ENCODE_LOOP(
+        PS_ENCODE_LOOP(
-            smart_str_appendl(&buf, key, key_length);
+                        smart_str_appendl(&buf, key, key_length);
-            if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) {
+                        if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) {
-                PHP_VAR_SERIALIZE_DESTROY(var_hash);
+                                PHP_VAR_SERIALIZE_DESTROY(var_hash);
-                smart_str_free(&buf);
+                                smart_str_free(&buf);
-                return FAILURE;
+                                return FAILURE;
-            }
+                        }
-            smart_str_appendc(&buf, PS_DELIMITER);
+                        smart_str_appendc(&buf, PS_DELIMITER);
-            php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
+                        php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
-        } else {
+                } else {
-            smart_str_appendc(&buf, PS_UNDEF_MARKER);
+                        smart_str_appendc(&buf, PS_UNDEF_MARKER);
-            smart_str_appendl(&buf, key, key_length);
+                        smart_str_appendl(&buf, key, key_length);
-            smart_str_appendc(&buf, PS_DELIMITER);
+                        smart_str_appendc(&buf, PS_DELIMITER);
-    );
+        );
-    if (newlen) {
+        if (newlen) {
-        *newlen = buf.len;
+                *newlen = buf.len;
-    }
+        }
-    smart_str_0(&buf);
+        smart_str_0(&buf);
-    *newstr = buf.c;
+        *newstr = buf.c;
-    PHP_VAR_SERIALIZE_DESTROY(var_hash);
+        PHP_VAR_SERIALIZE_DESTROY(var_hash);
-    return SUCCESS;
+        return SUCCESS;
 }
 static void suhosin_send_cookie(TSRMLS_D)
 {
-    int  * session_send_cookie = &SESSION_G(send_cookie);
+        int  * session_send_cookie = &SESSION_G(send_cookie);
-    char * base;
+        char * base;
-    zend_ini_entry *ini_entry;
+        zend_ini_entry *ini_entry;
-    
-    /* The following is requires to be 100% compatible to PHP 
+        /* The following is requires to be 100% compatible to PHP
-       versions where the hash extension is not available by default */
+           versions where the hash extension is not available by default */
-    if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) {
+        if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) {
 #ifndef ZTS
-        base = (char *) ini_entry->mh_arg2;
+                base = (char *) ini_entry->mh_arg2;
 #else
-        base = (char *) ts_resource(*((int *) ini_entry->mh_arg2));
+                base = (char *) ts_resource(*((int *) ini_entry->mh_arg2));
 #endif
-        session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long));
+                session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long));
-    }
+        }
-    *session_send_cookie = 1;
+        *session_send_cookie = 1;
 }
@@ -115,255 +115,255 @@ static int (*old_SessionRINIT)(INIT_FUNC_ARGS) = NULL;
 static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC)
 {
-    int r;
+        int r;
-    
-    int i;char *v,*KEY=(char *)key;
+        int i;char *v,*KEY=(char *)key;
-    /* protect session vars */
+        /* protect session vars */
 /*  if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
-        SESSION_G(http_session_vars)->refcount++;
+                SESSION_G(http_session_vars)->refcount++;
-    }*/
+        }*/
-    
-    /* protect dumb session handlers */
+        /* protect dumb session handlers */
-    if (key == NULL || !key[0] || 
+        if (key == NULL || !key[0] ||
                (*mod_data == NULL
                && !SESSION_G(mod_user_implemented)
                )) {
 regenerate:
-        SDEBUG("regenerating key is %s", key);
+                SDEBUG("regenerating key is %s", key);
-        KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
+                KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
-        suhosin_send_cookie(TSRMLS_C);
+                suhosin_send_cookie(TSRMLS_C);
-    } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) {
+        } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) {
-        suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY);
+                suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY);
-        if (!SUHOSIN_G(simulation)) {
+                if (!SUHOSIN_G(simulation)) {
-            goto regenerate;
+                        goto regenerate;
-        }
+                }
-    }
+        }
+        r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC);
-    r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC);
+        if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) {
+                char cryptkey[33];
-    if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) {
+                SUHOSIN_G(do_not_scan) = 1;
-        char cryptkey[33];
+                suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
-    
-        SUHOSIN_G(do_not_scan) = 1;
+                v = *val;
-        suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
+                i = *vallen;
-    
+                *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC);
-        v = *val;
+                SUHOSIN_G(do_not_scan) = 0;
-        i = *vallen;
+        if (*val == NULL) {
-        *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC);
+                *val = estrndup("", 0);
-        SUHOSIN_G(do_not_scan) = 0;
+                *vallen = 0;
-    if (*val == NULL) {
+        }
-        *val = estrndup("", 0);
+                efree(v);
-        *vallen = 0;
+        }
-    }
-        efree(v);
+        return r;
-    }
-    
-    return r;
 }
 static int suhosin_hook_s_write(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC)
 {
-    int r;
+        int r;
 /*  int nullify = 0;*/
-    char *v = (char *)val;
+        char *v = (char *)val;
-    /* protect dumb session handlers */
+        /* protect dumb session handlers */
-    if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || 
+        if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
                (*mod_data == NULL
                && !SESSION_G(mod_user_implemented)
                )) {
-        r = FAILURE;
+                r = FAILURE;
-        goto return_write;
+                goto return_write;
-    }
+        }
-    
-    r = vallen;
+        r = vallen;
-    if (r > 0 && SUHOSIN_G(session_encrypt)) {
+        if (r > 0 && SUHOSIN_G(session_encrypt)) {
-        char cryptkey[33];
+                char cryptkey[33];
-        SUHOSIN_G(do_not_scan) = 1;
+                SUHOSIN_G(do_not_scan) = 1;
-    
-        suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
+                suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
-        
-        v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC);
+                v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC);
-        
-        SUHOSIN_G(do_not_scan) = 0;
+                SUHOSIN_G(do_not_scan) = 0;
-        r = strlen(v);
+                r = strlen(v);
-    }
+        }
+        r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
-    r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
-    
 return_write:
-    /* protect session vars */
+        /* protect session vars */
 /*  if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
-        if (SESSION_G(http_session_vars)->refcount==1) {
+                if (SESSION_G(http_session_vars)->refcount==1) {
-            nullify = 1;
+                        nullify = 1;
-        }
+                }
-        zval_ptr_dtor(&SESSION_G(http_session_vars));
+                zval_ptr_dtor(&SESSION_G(http_session_vars));
-        if (nullify) {
+                if (nullify) {
-            suhosin_log(S_SESSION, "possible session variables double free attack stopped");
+                        suhosin_log(S_SESSION, "possible session variables double free attack stopped");
-            SESSION_G(http_session_vars) = NULL;
+                        SESSION_G(http_session_vars) = NULL;
-        }
+                }
-    }*/
+        }*/
-    return r;
+        return r;
 }
 static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC)
 {
-    int r;
+        int r;
-    /* protect dumb session handlers */
+        /* protect dumb session handlers */
-    if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || 
+        if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
                (*mod_data == NULL
                && !SESSION_G(mod_user_implemented)
                )) {
-        return FAILURE;
+                return FAILURE;
-    }
+        }
-    
-    r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC);
+        r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC);
-    
-    return r;
+        return r;
 }
 static void suhosin_hook_session_module(TSRMLS_D)
 {
-    ps_module *old_mod = SESSION_G(mod), *mod;
+        ps_module *old_mod = SESSION_G(mod), *mod;
-    
-    if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) {
+        if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) {
-        return;
+                return;
-    }
+        }
-    if (SUHOSIN_G(s_module) == NULL) {
+        if (SUHOSIN_G(s_module) == NULL) {
-        SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
+                SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
-        if (mod == NULL) {
+                if (mod == NULL) {
-            return;
+                        return;
-        }
+                }
-    }
+        }
-    
-    SUHOSIN_G(s_original_mod) = old_mod;
+        SUHOSIN_G(s_original_mod) = old_mod;
-    
-    mod = SUHOSIN_G(s_module);
+        mod = SUHOSIN_G(s_module);
-    memcpy(mod, old_mod, sizeof(ps_module));
+        memcpy(mod, old_mod, sizeof(ps_module));
-    
-    SUHOSIN_G(old_s_read) = mod->s_read;
+        SUHOSIN_G(old_s_read) = mod->s_read;
-    mod->s_read = suhosin_hook_s_read;
+        mod->s_read = suhosin_hook_s_read;
-    SUHOSIN_G(old_s_write) = mod->s_write;
+        SUHOSIN_G(old_s_write) = mod->s_write;
-    mod->s_write = suhosin_hook_s_write;
+        mod->s_write = suhosin_hook_s_write;
-    SUHOSIN_G(old_s_destroy) = mod->s_destroy;
+        SUHOSIN_G(old_s_destroy) = mod->s_destroy;
-    mod->s_destroy = suhosin_hook_s_destroy;
+        mod->s_destroy = suhosin_hook_s_destroy;
-    
-    SESSION_G(mod) = mod;
+        SESSION_G(mod) = mod;
 }
 static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
 {
-    int r;
+        int r;
-    if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
+        if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
-        && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
+                && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
-        return SUCCESS;
+                return SUCCESS;
-    }
+        }
-    SESSION_G(mod) = SUHOSIN_G(s_original_mod);
+        SESSION_G(mod) = SUHOSIN_G(s_original_mod);
-    r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
+        r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
-    
-    suhosin_hook_session_module(TSRMLS_C);
-    return r;
+        suhosin_hook_session_module(TSRMLS_C);
+        return r;
 }
 static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS)
 {
-    if (SESSION_G(mod) == NULL) {
+        if (SESSION_G(mod) == NULL) {
-        char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
+                char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
-        
-        if (value) {
+                if (value) {
-            suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC);
+                        suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC);
-        }
+                }
-    }
+        }
-    return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
+        return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
 }
 void suhosin_hook_session(TSRMLS_D)
 {
-    ps_serializer *serializer;
+        ps_serializer *serializer;
-    zend_ini_entry *ini_entry;
+        zend_ini_entry *ini_entry;
-    zend_module_entry *module;
+        zend_module_entry *module;
 #ifdef ZTS
-    ts_rsrc_id *ps_globals_id_ptr;
+        ts_rsrc_id *ps_globals_id_ptr;
 #endif
-    
-    if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) {
+        if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) {
-        return;
+                return;
-    }
+        }
-    /* retrieve globals from module entry struct if possible */
+        /* retrieve globals from module entry struct if possible */
 #ifdef ZTS
-    if (session_globals_id == 0) {
+        if (session_globals_id == 0) {
-    session_globals_id = *module->globals_id_ptr;
+        session_globals_id = *module->globals_id_ptr;
-    }
+        }
 #else
-    if (session_globals == NULL) {
+        if (session_globals == NULL) {
-    session_globals = module->globals_ptr;
+        session_globals = module->globals_ptr;
-    }
+        }
 #endif
-    
-    if (old_OnUpdateSaveHandler != NULL) {
-        return;
-    }
-    
-    /* hook request startup function of session module */
-    old_SessionRINIT = module->request_startup_func;
-    module->request_startup_func = suhosin_hook_session_RINIT;
-    
-    /* retrieve pointer to session.save_handler ini entry */
-    if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
-        return;
-    }
-    SUHOSIN_G(s_module) = NULL;
-    /* replace OnUpdateMemoryLimit handler */
+        if (old_OnUpdateSaveHandler != NULL) {
-    old_OnUpdateSaveHandler = ini_entry->on_modify;
+                return;
-    ini_entry->on_modify = suhosin_OnUpdateSaveHandler;
+        }
-    
-    suhosin_hook_session_module(TSRMLS_C);
-    
-    /* Protect the PHP serializer from ! attacks */
-    serializer = (ps_serializer *) SESSION_G(serializer);
-    if (serializer != NULL && strcmp(serializer->name, "php")==0) {
-        serializer->encode = suhosin_session_encode;
-    }
-    /* increase session identifier entropy */
+        /* hook request startup function of session module */
-    if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
+        old_SessionRINIT = module->request_startup_func;
+        module->request_startup_func = suhosin_hook_session_RINIT;
+        /* retrieve pointer to session.save_handler ini entry */
+        if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
+                return;
+        }
+        SUHOSIN_G(s_module) = NULL;
+        /* replace OnUpdateMemoryLimit handler */
+        old_OnUpdateSaveHandler = ini_entry->on_modify;
+        ini_entry->on_modify = suhosin_OnUpdateSaveHandler;
+        suhosin_hook_session_module(TSRMLS_C);
+        /* Protect the PHP serializer from ! attacks */
+        serializer = (ps_serializer *) SESSION_G(serializer);
+        if (serializer != NULL && strcmp(serializer->name, "php")==0) {
+                serializer->encode = suhosin_session_encode;
+        }
+        /* increase session identifier entropy */
+        if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
 #ifndef PHP_WIN32
-        /* ensure that /dev/urandom exists */
+                /* ensure that /dev/urandom exists */
-        int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
+                int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
-        if (fd >= 0) {
+                if (fd >= 0) {
-            close(fd);
+                        close(fd);
-            SESSION_G(entropy_length) = 16;
+                        SESSION_G(entropy_length) = 16;
-            SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
+                        SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
-        }
+                }
 #endif
-    }
+        }
 }
 void suhosin_unhook_session(TSRMLS_D)
 {
-    if (old_OnUpdateSaveHandler != NULL) {
+        if (old_OnUpdateSaveHandler != NULL) {
-        zend_ini_entry *ini_entry;
+                zend_ini_entry *ini_entry;
-        
-        /* retrieve pointer to session.save_handler ini entry */
+                /* retrieve pointer to session.save_handler ini entry */
-        if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
+                if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
-            return;
+                        return;
-        }
+                }
-        ini_entry->on_modify = old_OnUpdateSaveHandler;
+                ini_entry->on_modify = old_OnUpdateSaveHandler;
-    
-        old_OnUpdateSaveHandler = NULL; 
+                old_OnUpdateSaveHandler = NULL;
-    }
+        }
 }
author	Ben Fuhrmannek	2016-09-23 17:35:03 +0200
committer	Ben Fuhrmannek	2016-09-23 17:35:03 +0200
commit	200e697807b4de3af042edb3dea4d3db8fba9f03 (patch)
tree	d62cbe31b3c8789b92fc19f72039a7a4e57750d8 /session.c
parent	5f2b52cbc278bcf587160a21790d5c6ebe181178 (diff)

diff --git a/session.c b/session.c index 10c1652..b89aa7f 100644 --- a/session.c +++ b/session.c
@@ -18,7 +18,7 @@
18	+----------------------------------------------------------------------+	18	+----------------------------------------------------------------------+
19	*/	19	*/
20	/*	20	/*
21	$Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $	21	$Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
22	*/	22	*/
23		23
24	#ifdef HAVE_CONFIG_H	24	#ifdef HAVE_CONFIG_H
@@ -57,55 +57,55 @@ ps_serializer (suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL;
57		57
58	int suhosin_session_encode(char *newstr, int newlen TSRMLS_DC)	58	int suhosin_session_encode(char *newstr, int newlen TSRMLS_DC)
59	{	59	{
60	smart_str buf = {0};	60	smart_str buf = {0};
61	php_serialize_data_t var_hash;	61	php_serialize_data_t var_hash;
62	PS_ENCODE_VARS;	62	PS_ENCODE_VARS;
63		63
64	PHP_VAR_SERIALIZE_INIT(var_hash);	64	PHP_VAR_SERIALIZE_INIT(var_hash);
65		65
66	PS_ENCODE_LOOP(	66	PS_ENCODE_LOOP(
67	smart_str_appendl(&buf, key, key_length);	67	smart_str_appendl(&buf, key, key_length);
68	if (key[0] == PS_UNDEF_MARKER \|\| memchr(key, PS_DELIMITER, key_length)) {	68	if (key[0] == PS_UNDEF_MARKER \|\| memchr(key, PS_DELIMITER, key_length)) {
69	PHP_VAR_SERIALIZE_DESTROY(var_hash);	69	PHP_VAR_SERIALIZE_DESTROY(var_hash);
70	smart_str_free(&buf);	70	smart_str_free(&buf);
71	return FAILURE;	71	return FAILURE;
72	}	72	}
73	smart_str_appendc(&buf, PS_DELIMITER);	73	smart_str_appendc(&buf, PS_DELIMITER);
74		74
75	php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);	75	php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
76	} else {	76	} else {
77	smart_str_appendc(&buf, PS_UNDEF_MARKER);	77	smart_str_appendc(&buf, PS_UNDEF_MARKER);
78	smart_str_appendl(&buf, key, key_length);	78	smart_str_appendl(&buf, key, key_length);
79	smart_str_appendc(&buf, PS_DELIMITER);	79	smart_str_appendc(&buf, PS_DELIMITER);
80	);	80	);
81		81
82	if (newlen) {	82	if (newlen) {
83	*newlen = buf.len;	83	*newlen = buf.len;
84	}	84	}
85	smart_str_0(&buf);	85	smart_str_0(&buf);
86	*newstr = buf.c;	86	*newstr = buf.c;
87		87
88	PHP_VAR_SERIALIZE_DESTROY(var_hash);	88	PHP_VAR_SERIALIZE_DESTROY(var_hash);
89	return SUCCESS;	89	return SUCCESS;
90	}	90	}
91		91
92	static void suhosin_send_cookie(TSRMLS_D)	92	static void suhosin_send_cookie(TSRMLS_D)
93	{	93	{
94	int * session_send_cookie = &SESSION_G(send_cookie);	94	int * session_send_cookie = &SESSION_G(send_cookie);
95	char * base;	95	char * base;
96	zend_ini_entry *ini_entry;	96	zend_ini_entry *ini_entry;
97		97
98	/* The following is requires to be 100% compatible to PHP	98	/* The following is requires to be 100% compatible to PHP
99	versions where the hash extension is not available by default */	99	versions where the hash extension is not available by default */
100	if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) {	100	if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) {
101	#ifndef ZTS	101	#ifndef ZTS
102	base = (char *) ini_entry->mh_arg2;	102	base = (char *) ini_entry->mh_arg2;
103	#else	103	#else
104	base = (char ) ts_resource(((int *) ini_entry->mh_arg2));	104	base = (char ) ts_resource(((int *) ini_entry->mh_arg2));
105	#endif	105	#endif
106	session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long));	106	session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long));
107	}	107	}
108	*session_send_cookie = 1;	108	*session_send_cookie = 1;
109	}	109	}
110		110
111		111
@@ -115,255 +115,255 @@ static int (*old_SessionRINIT)(INIT_FUNC_ARGS) = NULL;
115		115
116	static int suhosin_hook_s_read(void *mod_data, const char key, char *val, int vallen TSRMLS_DC)	116	static int suhosin_hook_s_read(void *mod_data, const char key, char *val, int vallen TSRMLS_DC)
117	{	117	{
118	int r;	118	int r;
119		119
120	int i;char v,KEY=(char *)key;	120	int i;char v,KEY=(char *)key;
121		121
122	/* protect session vars */	122	/* protect session vars */
123	/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {	123	/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
124	SESSION_G(http_session_vars)->refcount++;	124	SESSION_G(http_session_vars)->refcount++;
125	}*/	125	}*/
126		126
127	/* protect dumb session handlers */	127	/* protect dumb session handlers */
128	if (key == NULL \|\| !key[0] \|\|	128	if (key == NULL \|\| !key[0] \|\|
129	(*mod_data == NULL	129	(*mod_data == NULL
130	&& !SESSION_G(mod_user_implemented)	130	&& !SESSION_G(mod_user_implemented)
131	)) {	131	)) {
132	regenerate:	132	regenerate:
133	SDEBUG("regenerating key is %s", key);	133	SDEBUG("regenerating key is %s", key);
134	KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);	134	KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
135	suhosin_send_cookie(TSRMLS_C);	135	suhosin_send_cookie(TSRMLS_C);
136	} else if (strlen(key) > SUHOSIN_G(session_max_id_length)) {	136	} else if (strlen(key) > SUHOSIN_G(session_max_id_length)) {
137	suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY);	137	suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY);
138	if (!SUHOSIN_G(simulation)) {	138	if (!SUHOSIN_G(simulation)) {
139	goto regenerate;	139	goto regenerate;
140	}	140	}
141	}	141	}
		142
		143	r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC);
142		144
143	r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC);	145	if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) {
		146	char cryptkey[33];
144		147
145	if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) {	148	SUHOSIN_G(do_not_scan) = 1;
146	char cryptkey[33];	149	suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
147		150
148	SUHOSIN_G(do_not_scan) = 1;	151	v = *val;
149	suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);	152	i = *vallen;
150		153	val = suhosin_decrypt_string(v, i, "", 0, (char )&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC);
151	v = *val;	154	SUHOSIN_G(do_not_scan) = 0;
152	i = *vallen;	155	if (*val == NULL) {
153	val = suhosin_decrypt_string(v, i, "", 0, (char )&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC);	156	*val = estrndup("", 0);
154	SUHOSIN_G(do_not_scan) = 0;	157	*vallen = 0;
155	if (*val == NULL) {	158	}
156	*val = estrndup("", 0);	159	efree(v);
157	*vallen = 0;	160	}
158	}	161
159	efree(v);	162	return r;
160	}
161
162	return r;
163	}	163	}
164		164
165	static int suhosin_hook_s_write(void *mod_data, const char key, const char *val, const int vallen TSRMLS_DC)	165	static int suhosin_hook_s_write(void *mod_data, const char key, const char *val, const int vallen TSRMLS_DC)
166	{	166	{
167	int r;	167	int r;
168	/* int nullify = 0;*/	168	/* int nullify = 0;*/
169	char v = (char )val;	169	char v = (char )val;
170		170
171	/* protect dumb session handlers */	171	/* protect dumb session handlers */
172	if (key == NULL \|\| !key[0] \|\| val == NULL \|\| strlen(key) > SUHOSIN_G(session_max_id_length) \|\|	172	if (key == NULL \|\| !key[0] \|\| val == NULL \|\| strlen(key) > SUHOSIN_G(session_max_id_length) \|\|
173	(*mod_data == NULL	173	(*mod_data == NULL
174	&& !SESSION_G(mod_user_implemented)	174	&& !SESSION_G(mod_user_implemented)
175	)) {	175	)) {
176	r = FAILURE;	176	r = FAILURE;
177	goto return_write;	177	goto return_write;
178	}	178	}
179		179
180	r = vallen;	180	r = vallen;
181		181
182	if (r > 0 && SUHOSIN_G(session_encrypt)) {	182	if (r > 0 && SUHOSIN_G(session_encrypt)) {
183	char cryptkey[33];	183	char cryptkey[33];
184		184
185	SUHOSIN_G(do_not_scan) = 1;	185	SUHOSIN_G(do_not_scan) = 1;
186		186
187	suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);	187	suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
188		188
189	v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC);	189	v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC);
190		190
191	SUHOSIN_G(do_not_scan) = 0;	191	SUHOSIN_G(do_not_scan) = 0;
192	r = strlen(v);	192	r = strlen(v);
193	}	193	}
		194
		195	r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
194		196
195	r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
196
197	return_write:	197	return_write:
198	/* protect session vars */	198	/* protect session vars */
199	/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {	199	/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
200	if (SESSION_G(http_session_vars)->refcount==1) {	200	if (SESSION_G(http_session_vars)->refcount==1) {
201	nullify = 1;	201	nullify = 1;
202	}	202	}
203	zval_ptr_dtor(&SESSION_G(http_session_vars));	203	zval_ptr_dtor(&SESSION_G(http_session_vars));
204	if (nullify) {	204	if (nullify) {
205	suhosin_log(S_SESSION, "possible session variables double free attack stopped");	205	suhosin_log(S_SESSION, "possible session variables double free attack stopped");
206	SESSION_G(http_session_vars) = NULL;	206	SESSION_G(http_session_vars) = NULL;
207	}	207	}
208	}*/	208	}*/
209		209
210	return r;	210	return r;
211	}	211	}
212		212
213	static int suhosin_hook_s_destroy(void *mod_data, const char key TSRMLS_DC)	213	static int suhosin_hook_s_destroy(void *mod_data, const char key TSRMLS_DC)
214	{	214	{
215	int r;	215	int r;
216		216
217	/* protect dumb session handlers */	217	/* protect dumb session handlers */
218	if (key == NULL \|\| !key[0] \|\| strlen(key) > SUHOSIN_G(session_max_id_length) \|\|	218	if (key == NULL \|\| !key[0] \|\| strlen(key) > SUHOSIN_G(session_max_id_length) \|\|
219	(*mod_data == NULL	219	(*mod_data == NULL
220	&& !SESSION_G(mod_user_implemented)	220	&& !SESSION_G(mod_user_implemented)
221	)) {	221	)) {
222	return FAILURE;	222	return FAILURE;
223	}	223	}
224		224
225	r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC);	225	r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC);
226		226
227	return r;	227	return r;
228	}	228	}
229		229
230	static void suhosin_hook_session_module(TSRMLS_D)	230	static void suhosin_hook_session_module(TSRMLS_D)
231	{	231	{
232	ps_module old_mod = SESSION_G(mod), mod;	232	ps_module old_mod = SESSION_G(mod), mod;
233		233
234	if (old_mod == NULL \|\| SUHOSIN_G(s_module) == old_mod) {	234	if (old_mod == NULL \|\| SUHOSIN_G(s_module) == old_mod) {
235	return;	235	return;
236	}	236	}
237		237
238	if (SUHOSIN_G(s_module) == NULL) {	238	if (SUHOSIN_G(s_module) == NULL) {
239	SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));	239	SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
240	if (mod == NULL) {	240	if (mod == NULL) {
241	return;	241	return;
242	}	242	}
243	}	243	}
244		244
245	SUHOSIN_G(s_original_mod) = old_mod;	245	SUHOSIN_G(s_original_mod) = old_mod;
246		246
247	mod = SUHOSIN_G(s_module);	247	mod = SUHOSIN_G(s_module);
248	memcpy(mod, old_mod, sizeof(ps_module));	248	memcpy(mod, old_mod, sizeof(ps_module));
249		249
250	SUHOSIN_G(old_s_read) = mod->s_read;	250	SUHOSIN_G(old_s_read) = mod->s_read;
251	mod->s_read = suhosin_hook_s_read;	251	mod->s_read = suhosin_hook_s_read;
252	SUHOSIN_G(old_s_write) = mod->s_write;	252	SUHOSIN_G(old_s_write) = mod->s_write;
253	mod->s_write = suhosin_hook_s_write;	253	mod->s_write = suhosin_hook_s_write;
254	SUHOSIN_G(old_s_destroy) = mod->s_destroy;	254	SUHOSIN_G(old_s_destroy) = mod->s_destroy;
255	mod->s_destroy = suhosin_hook_s_destroy;	255	mod->s_destroy = suhosin_hook_s_destroy;
256		256
257	SESSION_G(mod) = mod;	257	SESSION_G(mod) = mod;
258	}	258	}
259		259
260	static PHP_INI_MH(suhosin_OnUpdateSaveHandler)	260	static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
261	{	261	{
262	int r;	262	int r;
263		263
264	if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)	264	if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
265	&& strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {	265	&& strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
266	return SUCCESS;	266	return SUCCESS;
267	}	267	}
268		268
269	SESSION_G(mod) = SUHOSIN_G(s_original_mod);	269	SESSION_G(mod) = SUHOSIN_G(s_original_mod);
270		270
271	r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);	271	r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
272
273	suhosin_hook_session_module(TSRMLS_C);
274		272
275	return r;	273	suhosin_hook_session_module(TSRMLS_C);
		274
		275	return r;
276	}	276	}
277		277
278		278
279	static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS)	279	static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS)
280	{	280	{
281	if (SESSION_G(mod) == NULL) {	281	if (SESSION_G(mod) == NULL) {
282	char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);	282	char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
283		283
284	if (value) {	284	if (value) {
285	suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC);	285	suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC);
286	}	286	}
287	}	287	}
288	return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU);	288	return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
289	}	289	}
290		290
291	void suhosin_hook_session(TSRMLS_D)	291	void suhosin_hook_session(TSRMLS_D)
292	{	292	{
293	ps_serializer *serializer;	293	ps_serializer *serializer;
294	zend_ini_entry *ini_entry;	294	zend_ini_entry *ini_entry;
295	zend_module_entry *module;	295	zend_module_entry *module;
296	#ifdef ZTS	296	#ifdef ZTS
297	ts_rsrc_id *ps_globals_id_ptr;	297	ts_rsrc_id *ps_globals_id_ptr;
298	#endif	298	#endif
299		299
300	if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) {	300	if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) {
301	return;	301	return;
302	}	302	}
303	/* retrieve globals from module entry struct if possible */	303	/* retrieve globals from module entry struct if possible */
304	#ifdef ZTS	304	#ifdef ZTS
305	if (session_globals_id == 0) {	305	if (session_globals_id == 0) {
306	session_globals_id = *module->globals_id_ptr;	306	session_globals_id = *module->globals_id_ptr;
307	}	307	}
308	#else	308	#else
309	if (session_globals == NULL) {	309	if (session_globals == NULL) {
310	session_globals = module->globals_ptr;	310	session_globals = module->globals_ptr;
311	}	311	}
312	#endif	312	#endif
313
314	if (old_OnUpdateSaveHandler != NULL) {
315	return;
316	}
317
318	/* hook request startup function of session module */
319	old_SessionRINIT = module->request_startup_func;
320	module->request_startup_func = suhosin_hook_session_RINIT;
321
322	/* retrieve pointer to session.save_handler ini entry */
323	if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
324	return;
325	}
326	SUHOSIN_G(s_module) = NULL;
327		313
328	/* replace OnUpdateMemoryLimit handler */	314	if (old_OnUpdateSaveHandler != NULL) {
329	old_OnUpdateSaveHandler = ini_entry->on_modify;	315	return;
330	ini_entry->on_modify = suhosin_OnUpdateSaveHandler;	316	}
331
332	suhosin_hook_session_module(TSRMLS_C);
333
334	/* Protect the PHP serializer from ! attacks */
335	serializer = (ps_serializer *) SESSION_G(serializer);
336	if (serializer != NULL && strcmp(serializer->name, "php")==0) {
337	serializer->encode = suhosin_session_encode;
338	}
339		317
340	/* increase session identifier entropy */	318	/* hook request startup function of session module */
341	if (SESSION_G(entropy_length) == 0 \|\| SESSION_G(entropy_file) == NULL) {	319	old_SessionRINIT = module->request_startup_func;
		320	module->request_startup_func = suhosin_hook_session_RINIT;
		321
		322	/* retrieve pointer to session.save_handler ini entry */
		323	if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
		324	return;
		325	}
		326	SUHOSIN_G(s_module) = NULL;
		327
		328	/* replace OnUpdateMemoryLimit handler */
		329	old_OnUpdateSaveHandler = ini_entry->on_modify;
		330	ini_entry->on_modify = suhosin_OnUpdateSaveHandler;
		331
		332	suhosin_hook_session_module(TSRMLS_C);
		333
		334	/* Protect the PHP serializer from ! attacks */
		335	serializer = (ps_serializer *) SESSION_G(serializer);
		336	if (serializer != NULL && strcmp(serializer->name, "php")==0) {
		337	serializer->encode = suhosin_session_encode;
		338	}
		339
		340	/* increase session identifier entropy */
		341	if (SESSION_G(entropy_length) == 0 \|\| SESSION_G(entropy_file) == NULL) {
342	#ifndef PHP_WIN32	342	#ifndef PHP_WIN32
343	/* ensure that /dev/urandom exists */	343	/* ensure that /dev/urandom exists */
344	int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);	344	int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
345	if (fd >= 0) {	345	if (fd >= 0) {
346	close(fd);	346	close(fd);
347	SESSION_G(entropy_length) = 16;	347	SESSION_G(entropy_length) = 16;
348	SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);	348	SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
349	}	349	}
350	#endif	350	#endif
351	}	351	}
352	}	352	}
353		353
354	void suhosin_unhook_session(TSRMLS_D)	354	void suhosin_unhook_session(TSRMLS_D)
355	{	355	{
356	if (old_OnUpdateSaveHandler != NULL) {	356	if (old_OnUpdateSaveHandler != NULL) {
357	zend_ini_entry *ini_entry;	357	zend_ini_entry *ini_entry;
358		358
359	/* retrieve pointer to session.save_handler ini entry */	359	/* retrieve pointer to session.save_handler ini entry */
360	if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {	360	if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
361	return;	361	return;
362	}	362	}
363	ini_entry->on_modify = old_OnUpdateSaveHandler;	363	ini_entry->on_modify = old_OnUpdateSaveHandler;
364		364
365	old_OnUpdateSaveHandler = NULL;	365	old_OnUpdateSaveHandler = NULL;
366	}	366	}
367		367
368	}	368	}
369		369