summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--execute.c596
-rw-r--r--header.c84
-rw-r--r--ifilter.c236
-rw-r--r--php_suhosin.h46
-rw-r--r--session.c442
-rw-r--r--suhosin.c530
-rw-r--r--ufilter.c252
7 files changed, 1085 insertions, 1101 deletions
diff --git a/execute.c b/execute.c
index e3cd0b3..4d5d41b 100644
--- a/execute.c
+++ b/execute.c
@@ -85,7 +85,7 @@ conts:
85 for (t=h; *n; t++, n++) { 85 for (t=h; *n; t++, n++) {
86 if (toupper(*t) != toupper(*n)) goto conts; 86 if (toupper(*t) != toupper(*n)) goto conts;
87 } 87 }
88 return ((char*)h-1); 88 return ((char*)h-1);
89 } 89 }
90 } 90 }
91 91
@@ -126,7 +126,7 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC)
126 return SUHOSIN_CODE_TYPE_LONGNAME; 126 return SUHOSIN_CODE_TYPE_LONGNAME;
127 } 127 }
128 memcpy(fname, s, len); 128 memcpy(fname, s, len);
129 fname[len] = 0; 129 fname[len] = 0;
130 s = (char *)&fname; 130 s = (char *)&fname;
131 e = s + len; 131 e = s + len;
132 132
@@ -134,14 +134,14 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC)
134 if (len != strlen(s)) { 134 if (len != strlen(s)) {
135 return SUHOSIN_CODE_TYPE_0FILE; 135 return SUHOSIN_CODE_TYPE_0FILE;
136 } 136 }
137 137
138 /* disallow uploaded files */ 138 /* disallow uploaded files */
139 if (SG(rfc1867_uploaded_files)) { 139 if (SG(rfc1867_uploaded_files)) {
140 if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) s, e-s+1)) { 140 if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) s, e-s+1)) {
141 return SUHOSIN_CODE_TYPE_UPLOADED; 141 return SUHOSIN_CODE_TYPE_UPLOADED;
142 } 142 }
143 } 143 }
144 144
145 /* count number of directory traversals */ 145 /* count number of directory traversals */
146 for (i=0; i < len-3; i++) { 146 for (i=0; i < len-3; i++) {
147 if (s[i] == '.' && s[i+1] == '.' && (s[i+2] == '/' || s[i+2] == '\\')) { 147 if (s[i] == '.' && s[i+1] == '.' && (s[i+2] == '/' || s[i+2] == '\\')) {
@@ -152,7 +152,7 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC)
152 if (SUHOSIN_G(executor_include_max_traversal) && SUHOSIN_G(executor_include_max_traversal)<=count) { 152 if (SUHOSIN_G(executor_include_max_traversal) && SUHOSIN_G(executor_include_max_traversal)<=count) {
153 return SUHOSIN_CODE_TYPE_MANYDOTS; 153 return SUHOSIN_CODE_TYPE_MANYDOTS;
154 } 154 }
155 155
156SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist)); 156SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
157 /* no black or whitelist then disallow all */ 157 /* no black or whitelist then disallow all */
158 if (SUHOSIN_G(include_whitelist)==NULL && SUHOSIN_G(include_blacklist)==NULL) { 158 if (SUHOSIN_G(include_whitelist)==NULL && SUHOSIN_G(include_blacklist)==NULL) {
@@ -160,29 +160,29 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
160 if (strstr(s, "://") != NULL || suhosin_strcasestr(s, "data:") != NULL) { 160 if (strstr(s, "://") != NULL || suhosin_strcasestr(s, "data:") != NULL) {
161 return SUHOSIN_CODE_TYPE_BADURL; 161 return SUHOSIN_CODE_TYPE_BADURL;
162 } 162 }
163 } else 163 } else
164 /* whitelist is stronger than blacklist */ 164 /* whitelist is stronger than blacklist */
165 if (SUHOSIN_G(include_whitelist)) { 165 if (SUHOSIN_G(include_whitelist)) {
166 166
167 do { 167 do {
168 isOk = 0; 168 isOk = 0;
169 169
170 h = strstr(s, "://"); 170 h = strstr(s, "://");
171 h2 = suhosin_strcasestr(s, "data:"); 171 h2 = suhosin_strcasestr(s, "data:");
172 h2 = h2 == NULL ? NULL : h2 + 4; 172 h2 = h2 == NULL ? NULL : h2 + 4;
173 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); 173 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
174 if (h == NULL) break; 174 if (h == NULL) break;
175 175
176 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { 176 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
177 t--; 177 t--;
178 } 178 }
179 179
180 tlen = e-t; 180 tlen = e-t;
181 181
182 zend_hash_internal_pointer_reset(SUHOSIN_G(include_whitelist)); 182 zend_hash_internal_pointer_reset(SUHOSIN_G(include_whitelist));
183 do { 183 do {
184 int r = zend_hash_get_current_key_ex(SUHOSIN_G(include_whitelist), &index, &indexlen, &numindex, 0, NULL); 184 int r = zend_hash_get_current_key_ex(SUHOSIN_G(include_whitelist), &index, &indexlen, &numindex, 0, NULL);
185 185
186 if (r==HASH_KEY_NON_EXISTANT) { 186 if (r==HASH_KEY_NON_EXISTANT) {
187 break; 187 break;
188 } 188 }
@@ -194,28 +194,28 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
194 } 194 }
195 } 195 }
196 } 196 }
197 197
198 zend_hash_move_forward(SUHOSIN_G(include_whitelist)); 198 zend_hash_move_forward(SUHOSIN_G(include_whitelist));
199 } while (1); 199 } while (1);
200 200
201 /* not found in whitelist */ 201 /* not found in whitelist */
202 if (!isOk) { 202 if (!isOk) {
203 return SUHOSIN_CODE_TYPE_BADURL; 203 return SUHOSIN_CODE_TYPE_BADURL;
204 } 204 }
205 205
206 s = h + 1; 206 s = h + 1;
207 } while (1); 207 } while (1);
208 } else { 208 } else {
209 209
210 do { 210 do {
211 int tlen; 211 int tlen;
212 212
213 h = strstr(s, "://"); 213 h = strstr(s, "://");
214 h2 = suhosin_strcasestr(s, "data:"); 214 h2 = suhosin_strcasestr(s, "data:");
215 h2 = h2 == NULL ? NULL : h2 + 4; 215 h2 = h2 == NULL ? NULL : h2 + 4;
216 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); 216 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
217 if (h == NULL) break; 217 if (h == NULL) break;
218 218
219 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { 219 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
220 t--; 220 t--;
221 } 221 }
@@ -236,21 +236,21 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
236 } 236 }
237 } 237 }
238 } 238 }
239 239
240 zend_hash_move_forward(SUHOSIN_G(include_blacklist)); 240 zend_hash_move_forward(SUHOSIN_G(include_blacklist));
241 } while (1); 241 } while (1);
242 242
243 s = h + 1; 243 s = h + 1;
244 } while (1); 244 } while (1);
245 } 245 }
246 246
247 /* disallow writable files */ 247 /* disallow writable files */
248 if (!SUHOSIN_G(executor_include_allow_writable_files)) { 248 if (!SUHOSIN_G(executor_include_allow_writable_files)) {
249 /* protection against *REMOTE* attacks, potential 249 /* protection against *REMOTE* attacks, potential
250 race condition of access() is irrelevant */ 250 race condition of access() is irrelevant */
251 if (access(s, W_OK) == 0) { 251 if (access(s, W_OK) == 0) {
252 return SUHOSIN_CODE_TYPE_WRITABLE; 252 return SUHOSIN_CODE_TYPE_WRITABLE;
253 } 253 }
254 } 254 }
255 255
256 return SUHOSIN_CODE_TYPE_GOODFILE; 256 return SUHOSIN_CODE_TYPE_GOODFILE;
@@ -265,39 +265,39 @@ static int suhosin_zend_stream_open(const char *filename, zend_file_handle *fh T
265 exd=EG(current_execute_data); 265 exd=EG(current_execute_data);
266 if (EG(in_execution) && (exd!=NULL) && (exd->opline != NULL) && (exd->opline->opcode == ZEND_INCLUDE_OR_EVAL)) { 266 if (EG(in_execution) && (exd!=NULL) && (exd->opline != NULL) && (exd->opline->opcode == ZEND_INCLUDE_OR_EVAL)) {
267 int filetype = suhosin_check_filename((char *)filename, strlen(filename) TSRMLS_CC); 267 int filetype = suhosin_check_filename((char *)filename, strlen(filename) TSRMLS_CC);
268 268
269 switch (filetype) { 269 switch (filetype) {
270 case SUHOSIN_CODE_TYPE_LONGNAME: 270 case SUHOSIN_CODE_TYPE_LONGNAME:
271 suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename); 271 suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename);
272 suhosin_bailout(TSRMLS_C); 272 suhosin_bailout(TSRMLS_C);
273 break; 273 break;
274 274
275 case SUHOSIN_CODE_TYPE_UPLOADED: 275 case SUHOSIN_CODE_TYPE_UPLOADED:
276 suhosin_log(S_INCLUDE, "Include filename is an uploaded file"); 276 suhosin_log(S_INCLUDE, "Include filename is an uploaded file");
277 suhosin_bailout(TSRMLS_C); 277 suhosin_bailout(TSRMLS_C);
278 break; 278 break;
279 279
280 case SUHOSIN_CODE_TYPE_0FILE: 280 case SUHOSIN_CODE_TYPE_0FILE:
281 suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character"); 281 suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character");
282 suhosin_bailout(TSRMLS_C); 282 suhosin_bailout(TSRMLS_C);
283 break; 283 break;
284 284
285 case SUHOSIN_CODE_TYPE_WRITABLE: 285 case SUHOSIN_CODE_TYPE_WRITABLE:
286 suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename); 286 suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename);
287 suhosin_bailout(TSRMLS_C); 287 suhosin_bailout(TSRMLS_C);
288 break; 288 break;
289 289
290 case SUHOSIN_CODE_TYPE_BLACKURL: 290 case SUHOSIN_CODE_TYPE_BLACKURL:
291 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename); 291 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename);
292 suhosin_bailout(TSRMLS_C); 292 suhosin_bailout(TSRMLS_C);
293 break; 293 break;
294 294
295 case SUHOSIN_CODE_TYPE_BADURL: 295 case SUHOSIN_CODE_TYPE_BADURL:
296 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename); 296 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename);
297 suhosin_bailout(TSRMLS_C); 297 suhosin_bailout(TSRMLS_C);
298 break; 298 break;
299 299
300 case SUHOSIN_CODE_TYPE_MANYDOTS: 300 case SUHOSIN_CODE_TYPE_MANYDOTS:
301 suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename); 301 suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename);
302 suhosin_bailout(TSRMLS_C); 302 suhosin_bailout(TSRMLS_C);
303 break; 303 break;
@@ -313,14 +313,13 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
313 int r; 313 int r;
314 314
315 s = (char *)op_array->filename; 315 s = (char *)op_array->filename;
316 316
317 /* eval, assert, create_function, preg_replace */ 317 /* eval, assert, create_function, preg_replace */
318 if (op_array->type == ZEND_EVAL_CODE) { 318 if (op_array->type == ZEND_EVAL_CODE) {
319
320 if (s == NULL) { 319 if (s == NULL) {
321 return SUHOSIN_CODE_TYPE_UNKNOWN; 320 return SUHOSIN_CODE_TYPE_UNKNOWN;
322 } 321 }
323 322
324 if (strstr(s, "eval()'d code") != NULL) { 323 if (strstr(s, "eval()'d code") != NULL) {
325 return SUHOSIN_CODE_TYPE_EVAL; 324 return SUHOSIN_CODE_TYPE_EVAL;
326 } 325 }
@@ -340,7 +339,7 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
340 if (strstr(s, "runtime-created function") != NULL) { 339 if (strstr(s, "runtime-created function") != NULL) {
341 return SUHOSIN_CODE_TYPE_CFUNC; 340 return SUHOSIN_CODE_TYPE_CFUNC;
342 } 341 }
343 342
344 if (strstr(s, "Command line code") != NULL) { 343 if (strstr(s, "Command line code") != NULL) {
345 return SUHOSIN_CODE_TYPE_COMMANDLINE; 344 return SUHOSIN_CODE_TYPE_COMMANDLINE;
346 } 345 }
@@ -356,22 +355,15 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
356 if (strstr(s, "Command line end code") != NULL) { 355 if (strstr(s, "Command line end code") != NULL) {
357 return SUHOSIN_CODE_TYPE_COMMANDLINE; 356 return SUHOSIN_CODE_TYPE_COMMANDLINE;
358 } 357 }
359 358
360 if (strstr(s, "suhosin internal code") != NULL) { 359 if (strstr(s, "suhosin internal code") != NULL) {
361 return SUHOSIN_CODE_TYPE_SUHOSIN; 360 return SUHOSIN_CODE_TYPE_SUHOSIN;
362 } 361 }
363
364 } else { 362 } else {
365
366 r = suhosin_check_filename(s, strlen(s) TSRMLS_CC); 363 r = suhosin_check_filename(s, strlen(s) TSRMLS_CC);
367/* switch (r) {
368 case SUHOSIN_CODE_TYPE_GOODFILE:
369 break;
370 } */
371 return r; 364 return r;
372
373 } 365 }
374 366
375 return SUHOSIN_CODE_TYPE_UNKNOWN; 367 return SUHOSIN_CODE_TYPE_UNKNOWN;
376} 368}
377 369
@@ -391,12 +383,12 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
391 zval cs; 383 zval cs;
392 zend_uint orig_code_type; 384 zend_uint orig_code_type;
393 unsigned long *suhosin_flags = NULL; 385 unsigned long *suhosin_flags = NULL;
394 386
395 /* log variable dropping statistics */ 387 /* log variable dropping statistics */
396 if (SUHOSIN_G(abort_request)) { 388 if (SUHOSIN_G(abort_request)) {
397 389
398 SUHOSIN_G(abort_request) = 0; /* we only want this to happen the first time */ 390 SUHOSIN_G(abort_request) = 0; /* we only want this to happen the first time */
399 391
400 if (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0) { 392 if (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0) {
401 suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", 393 suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)",
402 SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables), 394 SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables),
@@ -404,33 +396,33 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
404 SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars), 396 SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars),
405 SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars)); 397 SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars));
406 } 398 }
407 399
408 if (!SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) { 400 if (!SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) {
409 401
410 char *action = SUHOSIN_G(filter_action); 402 char *action = SUHOSIN_G(filter_action);
411 long code = -1; 403 long code = -1;
412 404
413 while (*action == ' ' || *action == '\t') action++; 405 while (*action == ' ' || *action == '\t') action++;
414 406
415 if (*action >= '0' && *action <= '9') { 407 if (*action >= '0' && *action <= '9') {
416 char *end = action; 408 char *end = action;
417 while (*end && *end != ',' && *end != ';') end++; 409 while (*end && *end != ',' && *end != ';') end++;
418 code = zend_atoi(action, end-action); 410 code = zend_atoi(action, end-action);
419 action = end; 411 action = end;
420 } 412 }
421 413
422 while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++; 414 while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++;
423 415
424 if (*action) { 416 if (*action) {
425 417
426 if (strncasecmp("http://", action, sizeof("http://")-1)==0 418 if (strncasecmp("http://", action, sizeof("http://")-1)==0
427 || strncasecmp("https://", action, sizeof("https://")-1)==0) { 419 || strncasecmp("https://", action, sizeof("https://")-1)==0) {
428 sapi_header_line ctr = {0}; 420 sapi_header_line ctr = {0};
429 421
430 if (code == -1) { 422 if (code == -1) {
431 code = 302; 423 code = 302;
432 } 424 }
433 425
434 ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); 426 ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action);
435 ctr.response_code = code; 427 ctr.response_code = code;
436 sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); 428 sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
@@ -439,11 +431,11 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
439 zend_file_handle file_handle; 431 zend_file_handle file_handle;
440 zend_op_array *new_op_array; 432 zend_op_array *new_op_array;
441 zval *result = NULL; 433 zval *result = NULL;
442 434
443 if (code == -1) { 435 if (code == -1) {
444 code = 200; 436 code = 200;
445 } 437 }
446 438
447 if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) { 439 if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) {
448 if (!file_handle.opened_path) { 440 if (!file_handle.opened_path) {
449 file_handle.opened_path = estrndup(action, strlen(action)); 441 file_handle.opened_path = estrndup(action, strlen(action));
@@ -472,24 +464,24 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
472 } 464 }
473 } 465 }
474 } 466 }
475 467
476 sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC); 468 sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC);
477 zend_bailout(); 469 zend_bailout();
478 } 470 }
479 } 471 }
480 472
481 SDEBUG("%s %s", op_array->filename, op_array->function_name); 473 SDEBUG("%s %s", op_array->filename, op_array->function_name);
482 474
483 SUHOSIN_G(execution_depth)++; 475 SUHOSIN_G(execution_depth)++;
484 476
485 if (SUHOSIN_G(max_execution_depth) && SUHOSIN_G(execution_depth) > SUHOSIN_G(max_execution_depth)) { 477 if (SUHOSIN_G(max_execution_depth) && SUHOSIN_G(execution_depth) > SUHOSIN_G(max_execution_depth)) {
486 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated"); 478 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated");
487 suhosin_bailout(TSRMLS_C); 479 suhosin_bailout(TSRMLS_C);
488 } 480 }
489 481
490 fn = (char *)op_array->filename; 482 fn = (char *)op_array->filename;
491 len = strlen(fn); 483 len = strlen(fn);
492 484
493 orig_code_type = SUHOSIN_G(in_code_type); 485 orig_code_type = SUHOSIN_G(in_code_type);
494 if (op_array->type == ZEND_EVAL_CODE) { 486 if (op_array->type == ZEND_EVAL_CODE) {
495 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; 487 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL;
@@ -497,7 +489,7 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
497 if (suhosin_zend_extension_entry.resource_number != -1) { 489 if (suhosin_zend_extension_entry.resource_number != -1) {
498 suhosin_flags = (unsigned long *) &op_array->reserved[suhosin_zend_extension_entry.resource_number]; 490 suhosin_flags = (unsigned long *) &op_array->reserved[suhosin_zend_extension_entry.resource_number];
499 SDEBUG("suhosin flags: %08lx", *suhosin_flags); 491 SDEBUG("suhosin flags: %08lx", *suhosin_flags);
500 492
501 if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) { 493 if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) {
502 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; 494 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL;
503 } 495 }
@@ -505,7 +497,7 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
505 goto not_evaled_code; 497 goto not_evaled_code;
506 } 498 }
507 } 499 }
508 500
509 if (strstr(op_array->filename, "eval()'d code")) { 501 if (strstr(op_array->filename, "eval()'d code")) {
510 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; 502 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL;
511 } else { 503 } else {
@@ -523,39 +515,39 @@ not_evaled_code:
523/* if (SUHOSIN_G(deactivate)) { 515/* if (SUHOSIN_G(deactivate)) {
524 goto continue_execution; 516 goto continue_execution;
525 } 517 }
526*/ 518*/
527 519
528 op_array_type = suhosin_detect_codetype(op_array TSRMLS_CC); 520 op_array_type = suhosin_detect_codetype(op_array TSRMLS_CC);
529 521
530 switch (op_array_type) { 522 switch (op_array_type) {
531 case SUHOSIN_CODE_TYPE_EVAL: 523 case SUHOSIN_CODE_TYPE_EVAL:
532 if (SUHOSIN_G(executor_disable_eval)) { 524 if (SUHOSIN_G(executor_disable_eval)) {
533 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of eval is forbidden by configuration"); 525 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of eval is forbidden by configuration");
534 if (!SUHOSIN_G(simulation)) { 526 if (!SUHOSIN_G(simulation)) {
535 zend_error(E_ERROR, "SUHOSIN - Use of eval is forbidden by configuration"); 527 zend_error(E_ERROR, "SUHOSIN - Use of eval is forbidden by configuration");
536 } 528 }
537 } 529 }
538 break; 530 break;
539 531
540 case SUHOSIN_CODE_TYPE_REGEXP: 532 case SUHOSIN_CODE_TYPE_REGEXP:
541 if (SUHOSIN_G(executor_disable_emod)) { 533 if (SUHOSIN_G(executor_disable_emod)) {
542 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration"); 534 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration");
543 if (!SUHOSIN_G(simulation)) { 535 if (!SUHOSIN_G(simulation)) {
544 zend_error(E_ERROR, "SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration"); 536 zend_error(E_ERROR, "SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration");
545 } 537 }
546 } 538 }
547 break; 539 break;
548 540
549 case SUHOSIN_CODE_TYPE_MBREGEXP: 541 case SUHOSIN_CODE_TYPE_MBREGEXP:
550 /* XXX TODO: Do we want to disallow this, too? */ 542 /* XXX TODO: Do we want to disallow this, too? */
551 break; 543 break;
552 544
553 case SUHOSIN_CODE_TYPE_ASSERT: 545 case SUHOSIN_CODE_TYPE_ASSERT:
554 break; 546 break;
555 547
556 case SUHOSIN_CODE_TYPE_CFUNC: 548 case SUHOSIN_CODE_TYPE_CFUNC:
557 break; 549 break;
558 550
559 case SUHOSIN_CODE_TYPE_LONGNAME: 551 case SUHOSIN_CODE_TYPE_LONGNAME:
560 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", op_array->filename); 552 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", op_array->filename);
561 suhosin_bailout(TSRMLS_C); 553 suhosin_bailout(TSRMLS_C);
@@ -565,49 +557,49 @@ not_evaled_code:
565 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", op_array->filename); 557 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", op_array->filename);
566 suhosin_bailout(TSRMLS_C); 558 suhosin_bailout(TSRMLS_C);
567 break; 559 break;
568 560
569 case SUHOSIN_CODE_TYPE_UPLOADED: 561 case SUHOSIN_CODE_TYPE_UPLOADED:
570 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file"); 562 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file");
571 suhosin_bailout(TSRMLS_C); 563 suhosin_bailout(TSRMLS_C);
572 break; 564 break;
573 565
574 case SUHOSIN_CODE_TYPE_0FILE: 566 case SUHOSIN_CODE_TYPE_0FILE:
575 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character"); 567 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character");
576 suhosin_bailout(TSRMLS_C); 568 suhosin_bailout(TSRMLS_C);
577 break; 569 break;
578
579 case SUHOSIN_CODE_TYPE_WRITABLE:
580 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", op_array->filename);
581 suhosin_bailout(TSRMLS_C);
582 break;
583 570
584 case SUHOSIN_CODE_TYPE_BLACKURL: 571 case SUHOSIN_CODE_TYPE_WRITABLE:
572 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", op_array->filename);
573 suhosin_bailout(TSRMLS_C);
574 break;
575
576 case SUHOSIN_CODE_TYPE_BLACKURL:
585 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", op_array->filename); 577 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", op_array->filename);
586 suhosin_bailout(TSRMLS_C); 578 suhosin_bailout(TSRMLS_C);
587 break; 579 break;
588 580
589 case SUHOSIN_CODE_TYPE_BADURL: 581 case SUHOSIN_CODE_TYPE_BADURL:
590 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", op_array->filename); 582 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", op_array->filename);
591 suhosin_bailout(TSRMLS_C); 583 suhosin_bailout(TSRMLS_C);
592 break; 584 break;
593 585
594 case SUHOSIN_CODE_TYPE_BADFILE: 586 case SUHOSIN_CODE_TYPE_BADFILE:
595 cs.type = IS_STRING; 587 cs.type = IS_STRING;
596#define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));" 588#define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));"
597 cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1); 589 cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1);
598 cs.value.str.len = sizeof(DIE_WITH_MSG)-1; 590 cs.value.str.len = sizeof(DIE_WITH_MSG)-1;
599 new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC); 591 new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC);
600 if (new_op_array) { 592 if (new_op_array) {
601 op_array = new_op_array; 593 op_array = new_op_array;
602 goto continue_execution; 594 goto continue_execution;
603 } 595 }
604 suhosin_bailout(TSRMLS_C); 596 suhosin_bailout(TSRMLS_C);
605 break; 597 break;
606 598
607 case SUHOSIN_CODE_TYPE_COMMANDLINE: 599 case SUHOSIN_CODE_TYPE_COMMANDLINE:
608 case SUHOSIN_CODE_TYPE_SUHOSIN: 600 case SUHOSIN_CODE_TYPE_SUHOSIN:
609 case SUHOSIN_CODE_TYPE_UNKNOWN: 601 case SUHOSIN_CODE_TYPE_UNKNOWN:
610 case SUHOSIN_CODE_TYPE_GOODFILE: 602 case SUHOSIN_CODE_TYPE_GOODFILE:
611 goto continue_execution; 603 goto continue_execution;
612 } 604 }
613 605
@@ -640,7 +632,7 @@ static void suhosin_execute(zend_op_array *op_array TSRMLS_DC)
640static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC) 632static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC)
641{ 633{
642 suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC); 634 suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC);
643} 635}
644/* }}} */ 636/* }}} */
645#endif 637#endif
646 638
@@ -676,28 +668,28 @@ int ih_preg_replace(IH_HANDLER_PARAMS)
676 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|ZZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) { 668 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|ZZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) {
677 return (1); 669 return (1);
678 } 670 }
679 671
680 if (Z_TYPE_PP(regex) == IS_ARRAY) { 672 if (Z_TYPE_PP(regex) == IS_ARRAY) {
681 zval **regex_entry; 673 zval **regex_entry;
682 674
683 zend_hash_internal_pointer_reset(Z_ARRVAL_PP(regex)); 675 zend_hash_internal_pointer_reset(Z_ARRVAL_PP(regex));
684 /* For each entry in the regex array, get the entry */ 676 /* For each entry in the regex array, get the entry */
685 while (zend_hash_get_current_data(Z_ARRVAL_PP(regex), (void **)&regex_entry) == SUCCESS) { 677 while (zend_hash_get_current_data(Z_ARRVAL_PP(regex), (void **)&regex_entry) == SUCCESS) {
686 678
687 if (Z_TYPE_PP(regex_entry) == IS_STRING) { 679 if (Z_TYPE_PP(regex_entry) == IS_STRING) {
688 if (strlen(Z_STRVAL_PP(regex_entry)) != Z_STRLEN_PP(regex_entry)) { 680 if (strlen(Z_STRVAL_PP(regex_entry)) != Z_STRLEN_PP(regex_entry)) {
689 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected"); 681 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected");
690 if (!SUHOSIN_G(simulation)) { 682 if (!SUHOSIN_G(simulation)) {
691 RETVAL_FALSE; 683 RETVAL_FALSE;
692 return (1); 684 return (1);
693 } 685 }
694 } 686 }
695 } 687 }
696 688
697 zend_hash_move_forward(Z_ARRVAL_PP(regex)); 689 zend_hash_move_forward(Z_ARRVAL_PP(regex));
698 690
699 } 691 }
700 692
701 } else if (Z_TYPE_PP(regex) == IS_STRING) { 693 } else if (Z_TYPE_PP(regex) == IS_STRING) {
702 if (strlen(Z_STRVAL_PP(regex)) != Z_STRLEN_PP(regex)) { 694 if (strlen(Z_STRVAL_PP(regex)) != Z_STRLEN_PP(regex)) {
703 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected"); 695 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected");
@@ -707,7 +699,7 @@ int ih_preg_replace(IH_HANDLER_PARAMS)
707 } 699 }
708 } 700 }
709 } 701 }
710 702
711 return (0); 703 return (0);
712} 704}
713 705
@@ -716,7 +708,7 @@ int ih_symlink(IH_HANDLER_PARAMS)
716 if (SUHOSIN_G(executor_allow_symlink)) { 708 if (SUHOSIN_G(executor_allow_symlink)) {
717 return (0); 709 return (0);
718 } 710 }
719 711
720 if (PG(open_basedir) && PG(open_basedir)[0]) { 712 if (PG(open_basedir) && PG(open_basedir)[0]) {
721 suhosin_log(S_EXECUTOR, "symlink called during open_basedir"); 713 suhosin_log(S_EXECUTOR, "symlink called during open_basedir");
722 if (!SUHOSIN_G(simulation)) { 714 if (!SUHOSIN_G(simulation)) {
@@ -724,7 +716,7 @@ int ih_symlink(IH_HANDLER_PARAMS)
724 return (1); 716 return (1);
725 } 717 }
726 } 718 }
727 719
728 return (0); 720 return (0);
729} 721}
730 722
@@ -796,7 +788,7 @@ int ih_mail(IH_HANDLER_PARAMS)
796 } 788 }
797 } 789 }
798 } 790 }
799 791
800 if (SUHOSIN_G(mailprotect) > 1) { 792 if (SUHOSIN_G(mailprotect) > 1) {
801 /* search for to, cc or bcc headers */ 793 /* search for to, cc or bcc headers */
802 if (headers_len > 0 && headers != NULL) { 794 if (headers_len > 0 && headers != NULL) {
@@ -807,7 +799,7 @@ int ih_mail(IH_HANDLER_PARAMS)
807 return (1); 799 return (1);
808 } 800 }
809 } 801 }
810 802
811 if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || suhosin_strcasestr(headers, "\ncc:")) { 803 if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || suhosin_strcasestr(headers, "\ncc:")) {
812 suhosin_log(S_MAIL, "mail() - CC: headers aren't allowed in the headers parameter."); 804 suhosin_log(S_MAIL, "mail() - CC: headers aren't allowed in the headers parameter.");
813 if (!SUHOSIN_G(simulation)) { 805 if (!SUHOSIN_G(simulation)) {
@@ -848,18 +840,18 @@ int ih_querycheck(IH_HANDLER_PARAMS)
848 int cnt_union = 0, cnt_select = 0, cnt_comment = 0, cnt_opencomment = 0; 840 int cnt_union = 0, cnt_select = 0, cnt_comment = 0, cnt_opencomment = 0;
849 int mysql_extension = 0; 841 int mysql_extension = 0;
850 842
851 843
852 SDEBUG("function: %s", ih->name); 844 SDEBUG("function: %s", ih->name);
853 arg_count = (unsigned long) *p; 845 arg_count = (unsigned long) *p;
854 846
855 if (ht < (long) ih->arg1) { 847 if (ht < (long) ih->arg1) {
856 return (0); 848 return (0);
857 } 849 }
858 850
859 if ((long) ih->arg2) { 851 if ((long) ih->arg2) {
860 mysql_extension = 1; 852 mysql_extension = 1;
861 } 853 }
862 854
863 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */ 855 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */
864 856
865 backup = *arg; 857 backup = *arg;
@@ -869,125 +861,125 @@ int ih_querycheck(IH_HANDLER_PARAMS)
869 len = Z_STRLEN_P(backup); 861 len = Z_STRLEN_P(backup);
870 query = Z_STRVAL_P(backup); 862 query = Z_STRVAL_P(backup);
871 SDEBUG("SQL |%s|", query); 863 SDEBUG("SQL |%s|", query);
872 864
873 s = query; 865 s = query;
874 e = s+len; 866 e = s+len;
875 867
876 while (s < e) { 868 while (s < e) {
877 switch (state) 869 switch (state)
878 { 870 {
879 case SQLSTATE_SQL: 871 case SQLSTATE_SQL:
880 switch (s[0]) 872 switch (s[0])
881 { 873 {
882 case '`': 874 case '`':
883 state = SQLSTATE_IDENTIFIER; 875 state = SQLSTATE_IDENTIFIER;
884 quote = '`'; 876 quote = '`';
885 break; 877 break;
886 case '\'': 878 case '\'':
887 case '"': 879 case '"':
888 state = SQLSTATE_STRING; 880 state = SQLSTATE_STRING;
889 quote = *s; 881 quote = *s;
890 break; 882 break;
891 case '/': 883 case '/':
892 if (s[1]=='*') { 884 if (s[1]=='*') {
893 if (mysql_extension == 1 && s[2] == '!') { 885 if (mysql_extension == 1 && s[2] == '!') {
894 s += 2; 886 s += 2;
895 break; 887 break;
896 } 888 }
897 s++; 889 s++;
898 state = SQLSTATE_MLCOMMENT; 890 state = SQLSTATE_MLCOMMENT;
899 cnt_comment++; 891 cnt_comment++;
900 } 892 }
901 break; 893 break;
902 case '-': 894 case '-':
903 if (s[1]=='-') { 895 if (s[1]=='-') {
904 s++; 896 s++;
905 state = SQLSTATE_COMMENT; 897 state = SQLSTATE_COMMENT;
906 cnt_comment++; 898 cnt_comment++;
907 } 899 }
908 break; 900 break;
909 case '#': 901 case '#':
910 state = SQLSTATE_COMMENT; 902 state = SQLSTATE_COMMENT;
911 cnt_comment++; 903 cnt_comment++;
912 break; 904 break;
913 case 'u': 905 case 'u':
914 case 'U': 906 case 'U':
915 if (strncasecmp("union", s, 5)==0) { 907 if (strncasecmp("union", s, 5)==0) {
916 s += 4; 908 s += 4;
917 cnt_union++; 909 cnt_union++;
918 } 910 }
919 break; 911 break;
920 case 's': 912 case 's':
921 case 'S': 913 case 'S':
922 if (strncasecmp("select", s, 6)==0) { 914 if (strncasecmp("select", s, 6)==0) {
923 s += 5; 915 s += 5;
924 cnt_select++; 916 cnt_select++;
925 } 917 }
926 break; 918 break;
927 } 919 }
928 break; 920 break;
929 case SQLSTATE_STRING: 921 case SQLSTATE_STRING:
930 case SQLSTATE_IDENTIFIER: 922 case SQLSTATE_IDENTIFIER:
931 if (s[0] == quote) { 923 if (s[0] == quote) {
932 if (s[1] == quote) { 924 if (s[1] == quote) {
933 s++; 925 s++;
934 } else { 926 } else {
935 state = SQLSTATE_SQL; 927 state = SQLSTATE_SQL;
936 } 928 }
937 } 929 }
938 if (s[0] == '\\') { 930 if (s[0] == '\\') {
939 s++; 931 s++;
940 } 932 }
941 break; 933 break;
942 case SQLSTATE_COMMENT: 934 case SQLSTATE_COMMENT:
943 while (s[0] && s[0] != '\n') { 935 while (s[0] && s[0] != '\n') {
944 s++; 936 s++;
945 } 937 }
946 state = SQLSTATE_SQL; 938 state = SQLSTATE_SQL;
947 break; 939 break;
948 case SQLSTATE_MLCOMMENT: 940 case SQLSTATE_MLCOMMENT:
949 while (s[0] && (s[0] != '*' || s[1] != '/')) { 941 while (s[0] && (s[0] != '*' || s[1] != '/')) {
950 s++; 942 s++;
951 } 943 }
952 if (s[0]) { 944 if (s[0]) {
953 state = SQLSTATE_SQL; 945 state = SQLSTATE_SQL;
954 } 946 }
955 break; 947 break;
956 } 948 }
957 s++; 949 s++;
958 } 950 }
959 if (state == SQLSTATE_MLCOMMENT) { 951 if (state == SQLSTATE_MLCOMMENT) {
960 cnt_opencomment = 1; 952 cnt_opencomment = 1;
961 } 953 }
962 954
963 if (cnt_opencomment && SUHOSIN_G(sql_opencomment)>0) { 955 if (cnt_opencomment && SUHOSIN_G(sql_opencomment)>0) {
964 suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query); 956 suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query);
965 if (SUHOSIN_G(sql_opencomment)>1) { 957 if (SUHOSIN_G(sql_opencomment)>1) {
966 suhosin_bailout(TSRMLS_C); 958 suhosin_bailout(TSRMLS_C);
967 } 959 }
968 } 960 }
969 961
970 if (cnt_comment && SUHOSIN_G(sql_comment)>0) { 962 if (cnt_comment && SUHOSIN_G(sql_comment)>0) {
971 suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query); 963 suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query);
972 if (SUHOSIN_G(sql_comment)>1) { 964 if (SUHOSIN_G(sql_comment)>1) {
973 suhosin_bailout(TSRMLS_C); 965 suhosin_bailout(TSRMLS_C);
974 } 966 }
975 } 967 }
976 968
977 if (cnt_union && SUHOSIN_G(sql_union)>0) { 969 if (cnt_union && SUHOSIN_G(sql_union)>0) {
978 suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query); 970 suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query);
979 if (SUHOSIN_G(sql_union)>1) { 971 if (SUHOSIN_G(sql_union)>1) {
980 suhosin_bailout(TSRMLS_C); 972 suhosin_bailout(TSRMLS_C);
981 } 973 }
982 } 974 }
983 975
984 if (cnt_select>1 && SUHOSIN_G(sql_mselect)>0) { 976 if (cnt_select>1 && SUHOSIN_G(sql_mselect)>0) {
985 suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query); 977 suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query);
986 if (SUHOSIN_G(sql_mselect)>1) { 978 if (SUHOSIN_G(sql_mselect)>1) {
987 suhosin_bailout(TSRMLS_C); 979 suhosin_bailout(TSRMLS_C);
988 } 980 }
989 } 981 }
990 982
991 return (0); 983 return (0);
992} 984}
993 985
@@ -1000,19 +992,19 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1000 char *prefix, *postfix, *user, *user_match, *cp; 992 char *prefix, *postfix, *user, *user_match, *cp;
1001 zval *backup, *my_user; 993 zval *backup, *my_user;
1002 int prefix_len, postfix_len, len; 994 int prefix_len, postfix_len, len;
1003 995
1004 SDEBUG("function (fixusername): %s", ih->name); 996 SDEBUG("function (fixusername): %s", ih->name);
1005 997
1006 prefix = SUHOSIN_G(sql_user_prefix); 998 prefix = SUHOSIN_G(sql_user_prefix);
1007 postfix = SUHOSIN_G(sql_user_postfix); 999 postfix = SUHOSIN_G(sql_user_postfix);
1008 user_match = SUHOSIN_G(sql_user_match); 1000 user_match = SUHOSIN_G(sql_user_match);
1009 1001
1010 arg_count = (unsigned long) *p; 1002 arg_count = (unsigned long) *p;
1011 1003
1012 if (ht < (long) ih->arg1) { 1004 if (ht < (long) ih->arg1) {
1013 return (0); 1005 return (0);
1014 } 1006 }
1015 1007
1016 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */ 1008 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */
1017 1009
1018 backup = *arg; 1010 backup = *arg;
@@ -1046,18 +1038,18 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1046 } 1038 }
1047 prefix_len = strlen(prefix); 1039 prefix_len = strlen(prefix);
1048 postfix_len = strlen(postfix); 1040 postfix_len = strlen(postfix);
1049 1041
1050 MAKE_STD_ZVAL(my_user); 1042 MAKE_STD_ZVAL(my_user);
1051 my_user->type = IS_STRING; 1043 my_user->type = IS_STRING;
1052 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix); 1044 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
1053 1045
1054 /* XXX: memory_leak? */ 1046 /* XXX: memory_leak? */
1055 *arg = my_user; 1047 *arg = my_user;
1056 1048
1057 len = Z_STRLEN_P(my_user); 1049 len = Z_STRLEN_P(my_user);
1058 user = Z_STRVAL_P(my_user); 1050 user = Z_STRVAL_P(my_user);
1059 } 1051 }
1060 1052
1061 if (user_match && user_match[0]) { 1053 if (user_match && user_match[0]) {
1062#ifdef HAVE_FNMATCH 1054#ifdef HAVE_FNMATCH
1063 if (fnmatch(user_match, user, 0) != 0) { 1055 if (fnmatch(user_match, user, 0) != 0) {
@@ -1076,7 +1068,7 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1076 } 1068 }
1077#endif 1069#endif
1078 } 1070 }
1079 1071
1080 SDEBUG("function: %s - user: %s", ih->name, user); 1072 SDEBUG("function: %s - user: %s", ih->name, user);
1081 1073
1082 return (0); 1074 return (0);
@@ -1105,7 +1097,7 @@ static int ih_function_exists(IH_HANDLER_PARAMS)
1105 } 1097 }
1106 1098
1107 retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS); 1099 retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS);
1108 1100
1109 /* 1101 /*
1110 * A bit of a hack, but not a bad one: we see if the handler of the function 1102 * A bit of a hack, but not a bad one: we see if the handler of the function
1111 * is actually one that displays "function is disabled" message. 1103 * is actually one that displays "function is disabled" message.
@@ -1130,7 +1122,7 @@ static int ih_function_exists(IH_HANDLER_PARAMS)
1130 } 1122 }
1131 } 1123 }
1132 } 1124 }
1133 1125
1134 if (SUHOSIN_G(func_whitelist) != NULL) { 1126 if (SUHOSIN_G(func_whitelist) != NULL) {
1135 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) { 1127 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) {
1136 retval = 0; 1128 retval = 0;
@@ -1174,7 +1166,7 @@ ret:
1174 1166
1175 Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura, 1167 Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
1176 Copyright (C) 2000 - 2003, Richard J. Wagner 1168 Copyright (C) 2000 - 2003, Richard J. Wagner
1177 All rights reserved. 1169 All rights reserved.
1178 1170
1179 Redistribution and use in source and binary forms, with or without 1171 Redistribution and use in source and binary forms, with or without
1180 modification, are permitted provided that the following conditions 1172 modification, are permitted provided that the following conditions
@@ -1187,8 +1179,8 @@ ret:
1187 notice, this list of conditions and the following disclaimer in the 1179 notice, this list of conditions and the following disclaimer in the
1188 documentation and/or other materials provided with the distribution. 1180 documentation and/or other materials provided with the distribution.
1189 1181
1190 3. The names of its contributors may not be used to endorse or promote 1182 3. The names of its contributors may not be used to endorse or promote
1191 products derived from this software without specific prior written 1183 products derived from this software without specific prior written
1192 permission. 1184 permission.
1193 1185
1194 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 1186 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -1302,14 +1294,14 @@ static php_uint32 suhosin_mt_rand(TSRMLS_D)
1302{ 1294{
1303 /* Pull a 32-bit integer from the generator state 1295 /* Pull a 32-bit integer from the generator state
1304 Every other access function simply transforms the numbers extracted here */ 1296 Every other access function simply transforms the numbers extracted here */
1305 1297
1306 register php_uint32 s1; 1298 register php_uint32 s1;
1307 1299
1308 if (SUHOSIN_G(mt_left) == 0) { 1300 if (SUHOSIN_G(mt_left) == 0) {
1309 suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left)); 1301 suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left));
1310 } 1302 }
1311 --SUHOSIN_G(mt_left); 1303 --SUHOSIN_G(mt_left);
1312 1304
1313 s1 = *SUHOSIN_G(mt_next)++; 1305 s1 = *SUHOSIN_G(mt_next)++;
1314 s1 ^= (s1 >> 11); 1306 s1 ^= (s1 >> 11);
1315 s1 ^= (s1 << 7) & 0x9d2c5680U; 1307 s1 ^= (s1 << 7) & 0x9d2c5680U;
@@ -1329,11 +1321,11 @@ static void suhosin_gen_entropy(php_uint32 *entropybuf TSRMLS_DC)
1329 unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state); 1321 unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state);
1330 suhosin_SHA256_CTX context; 1322 suhosin_SHA256_CTX context;
1331 int fd; 1323 int fd;
1332 1324
1333 code_value ^= code_value >> 32; 1325 code_value ^= code_value >> 32;
1334 stack_value ^= stack_value >> 32; 1326 stack_value ^= stack_value >> 32;
1335 heap_value ^= heap_value >> 32; 1327 heap_value ^= heap_value >> 32;
1336 1328
1337 seedbuf[0] = code_value; 1329 seedbuf[0] = code_value;
1338 seedbuf[1] = stack_value; 1330 seedbuf[1] = stack_value;
1339 seedbuf[2] = heap_value; 1331 seedbuf[2] = heap_value;
@@ -1372,7 +1364,7 @@ static void suhosin_gen_entropy(php_uint32 *entropybuf TSRMLS_DC)
1372 */ 1364 */
1373static void suhosin_srand_auto(TSRMLS_D) 1365static void suhosin_srand_auto(TSRMLS_D)
1374{ 1366{
1375 php_uint32 seed[8]; 1367 php_uint32 seed[8];
1376 suhosin_gen_entropy(&seed[0] TSRMLS_CC); 1368 suhosin_gen_entropy(&seed[0] TSRMLS_CC);
1377 1369
1378 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state)); 1370 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state));
@@ -1387,7 +1379,7 @@ static void suhosin_srand_auto(TSRMLS_D)
1387 */ 1379 */
1388static void suhosin_mt_srand_auto(TSRMLS_D) 1380static void suhosin_mt_srand_auto(TSRMLS_D)
1389{ 1381{
1390 php_uint32 seed[8]; 1382 php_uint32 seed[8];
1391 suhosin_gen_entropy(&seed[0] TSRMLS_CC); 1383 suhosin_gen_entropy(&seed[0] TSRMLS_CC);
1392 1384
1393 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state)); 1385 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state));
@@ -1418,14 +1410,14 @@ static php_uint32 suhosin_rand(TSRMLS_D)
1418{ 1410{
1419 /* Pull a 32-bit integer from the generator state 1411 /* Pull a 32-bit integer from the generator state
1420 Every other access function simply transforms the numbers extracted here */ 1412 Every other access function simply transforms the numbers extracted here */
1421 1413
1422 register php_uint32 s1; 1414 register php_uint32 s1;
1423 1415
1424 if (SUHOSIN_G(r_left) == 0) { 1416 if (SUHOSIN_G(r_left) == 0) {
1425 suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left)); 1417 suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left));
1426 } 1418 }
1427 --SUHOSIN_G(r_left); 1419 --SUHOSIN_G(r_left);
1428 1420
1429 s1 = *SUHOSIN_G(r_next)++; 1421 s1 = *SUHOSIN_G(r_next)++;
1430 s1 ^= (s1 >> 11); 1422 s1 ^= (s1 >> 11);
1431 s1 ^= (s1 << 7) & 0x9d2c5680U; 1423 s1 ^= (s1 << 7) & 0x9d2c5680U;
@@ -1443,7 +1435,7 @@ static int ih_srand(IH_HANDLER_PARAMS)
1443 SUHOSIN_G(r_is_seeded) = 0; 1435 SUHOSIN_G(r_is_seeded) = 0;
1444 return 1; 1436 return 1;
1445 } 1437 }
1446 1438
1447 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) { 1439 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) {
1448 return 1; 1440 return 1;
1449 } 1441 }
@@ -1465,7 +1457,7 @@ static int ih_mt_srand(IH_HANDLER_PARAMS)
1465 SUHOSIN_G(mt_is_seeded) = 0; 1457 SUHOSIN_G(mt_is_seeded) = 0;
1466 return 1; 1458 return 1;
1467 } 1459 }
1468 1460
1469 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) { 1461 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) {
1470 return 1; 1462 return 1;
1471 } 1463 }
@@ -1486,7 +1478,7 @@ static int ih_mt_rand(IH_HANDLER_PARAMS)
1486 long number; 1478 long number;
1487 1479
1488 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { 1480 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
1489 return (1); 1481 return (1);
1490 } 1482 }
1491 1483
1492 if (!SUHOSIN_G(mt_is_seeded)) { 1484 if (!SUHOSIN_G(mt_is_seeded)) {
@@ -1510,7 +1502,7 @@ static int ih_rand(IH_HANDLER_PARAMS)
1510 long number; 1502 long number;
1511 1503
1512 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { 1504 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
1513 return (1); 1505 return (1);
1514 } 1506 }
1515 1507
1516 if (!SUHOSIN_G(r_is_seeded)) { 1508 if (!SUHOSIN_G(r_is_seeded)) {
@@ -1540,16 +1532,16 @@ internal_function_handler ihandlers[] = {
1540 { "preg_replace", ih_preg_replace, NULL, NULL, NULL }, 1532 { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
1541 { "mail", ih_mail, NULL, NULL, NULL }, 1533 { "mail", ih_mail, NULL, NULL, NULL },
1542 { "symlink", ih_symlink, NULL, NULL, NULL }, 1534 { "symlink", ih_symlink, NULL, NULL, NULL },
1543 1535
1544 { "srand", ih_srand, NULL, NULL, NULL }, 1536 { "srand", ih_srand, NULL, NULL, NULL },
1545 { "mt_srand", ih_mt_srand, NULL, NULL, NULL }, 1537 { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
1546 { "rand", ih_rand, NULL, NULL, NULL }, 1538 { "rand", ih_rand, NULL, NULL, NULL },
1547 { "mt_rand", ih_mt_rand, NULL, NULL, NULL }, 1539 { "mt_rand", ih_mt_rand, NULL, NULL, NULL },
1548 { "getrandmax", ih_getrandmax, NULL, NULL, NULL }, 1540 { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
1549 { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL }, 1541 { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
1550 1542
1551 { "function_exists", ih_function_exists, NULL, NULL, NULL }, 1543 { "function_exists", ih_function_exists, NULL, NULL, NULL },
1552 1544
1553 /* Mysqli */ 1545 /* Mysqli */
1554 { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL }, 1546 { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
1555 { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL }, 1547 { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
@@ -1557,7 +1549,7 @@ internal_function_handler ihandlers[] = {
1557 { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL }, 1549 { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
1558 { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL }, 1550 { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
1559 { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL }, 1551 { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
1560 1552
1561 { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL }, 1553 { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
1562 { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1554 { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
1563 { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL }, 1555 { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
@@ -1572,14 +1564,14 @@ internal_function_handler ihandlers[] = {
1572 { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1564 { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
1573 { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1565 { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
1574 // ---- 1566 // ----
1575 1567
1576 /* Mysql API - deprecated in PHP 5.5 */ 1568 /* Mysql API - deprecated in PHP 5.5 */
1577 { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL }, 1569 { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
1578 { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL }, 1570 { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1579 { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL }, 1571 { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
1580 { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1572 { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
1581 { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL }, 1573 { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
1582 1574
1583#ifdef SUHOSIN_EXPERIMENTAL 1575#ifdef SUHOSIN_EXPERIMENTAL
1584 /* MaxDB */ 1576 /* MaxDB */
1585 { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL }, 1577 { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
@@ -1588,7 +1580,7 @@ internal_function_handler ihandlers[] = {
1588 { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL }, 1580 { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
1589 { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL }, 1581 { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
1590 { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL }, 1582 { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
1591 1583
1592 { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL }, 1584 { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
1593 { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL }, 1585 { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
1594 { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL }, 1586 { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
@@ -1607,7 +1599,7 @@ internal_function_handler ihandlers[] = {
1607 { "pdo::query", ih_querycheck, (void *)1, NULL, NULL }, 1599 { "pdo::query", ih_querycheck, (void *)1, NULL, NULL },
1608 { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL }, 1600 { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL },
1609 { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL }, 1601 { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL },
1610 1602
1611 /* Oracle OCI8 */ 1603 /* Oracle OCI8 */
1612 { "ocilogon", ih_fixusername, (void *)1, NULL, NULL }, 1604 { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
1613 { "ociplogon", ih_fixusername, (void *)1, NULL, NULL }, 1605 { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
@@ -1653,7 +1645,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, zend_f
1653 zval **return_value_ptr; 1645 zval **return_value_ptr;
1654 zval *this_ptr; 1646 zval *this_ptr;
1655 int ht; 1647 int ht;
1656 1648
1657 if (fci) { 1649 if (fci) {
1658 return_value = *fci->retval_ptr_ptr; 1650 return_value = *fci->retval_ptr_ptr;
1659 return_value_ptr = fci->retval_ptr_ptr; 1651 return_value_ptr = fci->retval_ptr_ptr;
@@ -1666,7 +1658,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, zend_f
1666 return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL; 1658 return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL;
1667 this_ptr = execute_data_ptr->object; 1659 this_ptr = execute_data_ptr->object;
1668 ht = execute_data_ptr->opline->extended_value; 1660 ht = execute_data_ptr->opline->extended_value;
1669 } 1661 }
1670#else 1662#else
1671static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC) 1663static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC)
1672{ 1664{
@@ -1681,7 +1673,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1681 ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope; 1673 ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope;
1682 lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name; 1674 lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name;
1683 function_name_strlen = strlen(lcname); 1675 function_name_strlen = strlen(lcname);
1684 1676
1685 /* handle methodcalls correctly */ 1677 /* handle methodcalls correctly */
1686 if (ce != NULL) { 1678 if (ce != NULL) {
1687 char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1); 1679 char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1);
@@ -1695,14 +1687,14 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1695 zend_str_tolower(lcname, function_name_strlen); 1687 zend_str_tolower(lcname, function_name_strlen);
1696 } 1688 }
1697 1689
1698#if PHP_VERSION_ID < 50500 1690#if PHP_VERSION_ID < 50500
1699 return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr; 1691 return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr;
1700#endif 1692#endif
1701 1693
1702 SDEBUG("function: %s", lcname); 1694 SDEBUG("function: %s", lcname);
1703 1695
1704 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { 1696 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
1705 1697
1706 if (SUHOSIN_G(eval_whitelist) != NULL) { 1698 if (SUHOSIN_G(eval_whitelist) != NULL) {
1707 if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) { 1699 if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) {
1708 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of eval whitelist called: %s()", lcname); 1700 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of eval whitelist called: %s()", lcname);
@@ -1723,7 +1715,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1723 } 1715 }
1724 } 1716 }
1725 } 1717 }
1726 1718
1727 if (SUHOSIN_G(func_whitelist) != NULL) { 1719 if (SUHOSIN_G(func_whitelist) != NULL) {
1728 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) { 1720 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) {
1729 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of whitelist called: %s()", lcname); 1721 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of whitelist called: %s()", lcname);
@@ -1743,16 +1735,16 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1743 } 1735 }
1744 } 1736 }
1745 } 1737 }
1746 1738
1747 if (zend_hash_find(&ihandler_table, lcname, function_name_strlen+1, (void **)&ih) == SUCCESS) { 1739 if (zend_hash_find(&ihandler_table, lcname, function_name_strlen+1, (void **)&ih) == SUCCESS) {
1748 1740
1749 int retval = 0; 1741 int retval = 0;
1750 void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler; 1742 void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler;
1751 1743
1752 if (handler != ZEND_FN(display_disabled_function)) { 1744 if (handler != ZEND_FN(display_disabled_function)) {
1753 retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU); 1745 retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU);
1754 } 1746 }
1755 1747
1756 if (retval == 0) { 1748 if (retval == 0) {
1757#if PHP_VERSION_ID >= 50500 1749#if PHP_VERSION_ID >= 50500
1758 old_execute_internal(execute_data_ptr, fci, return_value_used TSRMLS_CC); 1750 old_execute_internal(execute_data_ptr, fci, return_value_used TSRMLS_CC);
@@ -1788,12 +1780,10 @@ static int function_lookup(zend_extension *extension)
1788 if (zo_set_oe_ex != NULL) { 1780 if (zo_set_oe_ex != NULL) {
1789 return ZEND_HASH_APPLY_STOP; 1781 return ZEND_HASH_APPLY_STOP;
1790 } 1782 }
1791
1792 if (extension->handle != NULL) {
1793 1783
1794 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex"); 1784 if (extension->handle != NULL) {
1795 1785 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex");
1796 } 1786 }
1797 1787
1798 return 0; 1788 return 0;
1799} 1789}
@@ -1809,19 +1799,19 @@ void suhosin_hook_execute(TSRMLS_D)
1809#if PHP_VERSION_ID >= 50500 1799#if PHP_VERSION_ID >= 50500
1810 old_execute_ex = zend_execute_ex; 1800 old_execute_ex = zend_execute_ex;
1811 zend_execute_ex = suhosin_execute_ex; 1801 zend_execute_ex = suhosin_execute_ex;
1812#else 1802#else
1813 old_execute = zend_execute; 1803 old_execute = zend_execute;
1814 zend_execute = suhosin_execute; 1804 zend_execute = suhosin_execute;
1815#endif 1805#endif
1816 1806
1817/* old_compile_file = zend_compile_file; 1807/* old_compile_file = zend_compile_file;
1818 zend_compile_file = suhosin_compile_file; */ 1808 zend_compile_file = suhosin_compile_file; */
1819 1809
1820#if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED 1810#if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED
1821 if (zo_set_oe_ex == NULL) { 1811 if (zo_set_oe_ex == NULL) {
1822 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex"); 1812 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex");
1823 } 1813 }
1824 if (zo_set_oe_ex == NULL) { 1814 if (zo_set_oe_ex == NULL) {
1825 zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup TSRMLS_CC); 1815 zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup TSRMLS_CC);
1826 } 1816 }
1827 1817
@@ -1829,7 +1819,7 @@ void suhosin_hook_execute(TSRMLS_D)
1829 old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO); 1819 old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO);
1830 } 1820 }
1831#endif 1821#endif
1832 1822
1833 old_execute_internal = zend_execute_internal; 1823 old_execute_internal = zend_execute_internal;
1834 if (old_execute_internal == NULL) { 1824 if (old_execute_internal == NULL) {
1835 old_execute_internal = execute_internal; 1825 old_execute_internal = execute_internal;
@@ -1842,14 +1832,14 @@ void suhosin_hook_execute(TSRMLS_D)
1842 zend_hash_add(&ihandler_table, ih->name, strlen(ih->name)+1, ih, sizeof(internal_function_handler), NULL); 1832 zend_hash_add(&ihandler_table, ih->name, strlen(ih->name)+1, ih, sizeof(internal_function_handler), NULL);
1843 ih++; 1833 ih++;
1844 } 1834 }
1845 1835
1846 1836
1847 /* Add additional protection layer, that SHOULD 1837 /* Add additional protection layer, that SHOULD
1848 catch ZEND_INCLUDE_OR_EVAL *before* the engine tries 1838 catch ZEND_INCLUDE_OR_EVAL *before* the engine tries
1849 to execute */ 1839 to execute */
1850 old_zend_stream_open = zend_stream_open_function; 1840 old_zend_stream_open = zend_stream_open_function;
1851 zend_stream_open_function = suhosin_zend_stream_open; 1841 zend_stream_open_function = suhosin_zend_stream_open;
1852 1842
1853} 1843}
1854/* }}} */ 1844/* }}} */
1855 1845
@@ -1864,12 +1854,12 @@ void suhosin_unhook_execute()
1864 } 1854 }
1865#endif 1855#endif
1866 1856
1867#if PHP_VERSION_ID >= 50500 1857#if PHP_VERSION_ID >= 50500
1868 zend_execute_ex = old_execute_ex; 1858 zend_execute_ex = old_execute_ex;
1869#else 1859#else
1870 zend_execute = old_execute; 1860 zend_execute = old_execute;
1871#endif 1861#endif
1872 1862
1873/* zend_compile_file = old_compile_file; */ 1863/* zend_compile_file = old_compile_file; */
1874 1864
1875 if (old_execute_internal == execute_internal) { 1865 if (old_execute_internal == execute_internal) {
@@ -1877,10 +1867,10 @@ void suhosin_unhook_execute()
1877 } 1867 }
1878 zend_execute_internal = old_execute_internal; 1868 zend_execute_internal = old_execute_internal;
1879 zend_hash_clean(&ihandler_table); 1869 zend_hash_clean(&ihandler_table);
1880 1870
1881 /* remove zend_open protection */ 1871 /* remove zend_open protection */
1882 zend_stream_open_function = old_zend_stream_open; 1872 zend_stream_open_function = old_zend_stream_open;
1883 1873
1884} 1874}
1885/* }}} */ 1875/* }}} */
1886 1876
diff --git a/header.c b/header.c
index 6648df0..71982b6 100644
--- a/header.c
+++ b/header.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -40,12 +40,12 @@ char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int v
40 int l; 40 int l;
41 41
42 buf = estrndup(name, name_len); 42 buf = estrndup(name, name_len);
43 43
44 44
45 name_len = php_url_decode(buf, name_len); 45 name_len = php_url_decode(buf, name_len);
46 normalize_varname(buf); 46 normalize_varname(buf);
47 name_len = strlen(buf); 47 name_len = strlen(buf);
48 48
49 if (SUHOSIN_G(cookie_plainlist)) { 49 if (SUHOSIN_G(cookie_plainlist)) {
50 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { 50 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) {
51encrypt_return_plain: 51encrypt_return_plain:
@@ -57,11 +57,11 @@ encrypt_return_plain:
57 goto encrypt_return_plain; 57 goto encrypt_return_plain;
58 } 58 }
59 } 59 }
60 60
61 buf2 = estrndup(value, value_len); 61 buf2 = estrndup(value, value_len);
62 62
63 value_len = php_url_decode(buf2, value_len); 63 value_len = php_url_decode(buf2, value_len);
64 64
65 d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); 65 d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC);
66 d_url = php_url_encode(d, strlen(d), &l); 66 d_url = php_url_encode(d, strlen(d), &l);
67 efree(d); 67 efree(d);
@@ -72,25 +72,25 @@ encrypt_return_plain:
72 72
73char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC) 73char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC)
74{ 74{
75 int o_name_len = name_len; 75 int o_name_len = name_len;
76 char *buf, *buf2, *d, *d_url; 76 char *buf, *buf2, *d, *d_url;
77 int l; 77 int l;
78 78
79 buf = estrndup(name, name_len); 79 buf = estrndup(name, name_len);
80 80
81 name_len = php_url_decode(buf, name_len); 81 name_len = php_url_decode(buf, name_len);
82 normalize_varname(buf); 82 normalize_varname(buf);
83 name_len = strlen(buf); 83 name_len = strlen(buf);
84 84
85 if (SUHOSIN_G(cookie_plainlist)) { 85 if (SUHOSIN_G(cookie_plainlist)) {
86 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { 86 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) {
87decrypt_return_plain: 87decrypt_return_plain:
88 efree(buf); 88 efree(buf);
89 memcpy(*where, name, o_name_len); 89 memcpy(*where, name, o_name_len);
90 *where += o_name_len; 90 *where += o_name_len;
91 **where = '='; *where +=1; 91 **where = '='; *where +=1;
92 memcpy(*where, value, value_len); 92 memcpy(*where, value, value_len);
93 *where += value_len; 93 *where += value_len;
94 return *where; 94 return *where;
95 } 95 }
96 } else if (SUHOSIN_G(cookie_cryptlist)) { 96 } else if (SUHOSIN_G(cookie_cryptlist)) {
@@ -98,21 +98,21 @@ decrypt_return_plain:
98 goto decrypt_return_plain; 98 goto decrypt_return_plain;
99 } 99 }
100 } 100 }
101 101
102 102
103 buf2 = estrndup(value, value_len); 103 buf2 = estrndup(value, value_len);
104 104
105 value_len = php_url_decode(buf2, value_len); 105 value_len = php_url_decode(buf2, value_len);
106 106
107 d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC); 107 d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC);
108 if (d == NULL) { 108 if (d == NULL) {
109 goto skip_cookie; 109 goto skip_cookie;
110 } 110 }
111 d_url = php_url_encode(d, l, &l); 111 d_url = php_url_encode(d, l, &l);
112 efree(d); 112 efree(d);
113 memcpy(*where, name, o_name_len); 113 memcpy(*where, name, o_name_len);
114 *where += o_name_len; 114 *where += o_name_len;
115 **where = '=';*where += 1; 115 **where = '=';*where += 1;
116 memcpy(*where, d_url, l); 116 memcpy(*where, d_url, l);
117 *where += l; 117 *where += l;
118 efree(d_url); 118 efree(d_url);
@@ -141,28 +141,28 @@ char *suhosin_cookie_decryptor(TSRMLS_D)
141 141
142 ret = decrypted = emalloc(strlen(raw_cookie)*4+1); 142 ret = decrypted = emalloc(strlen(raw_cookie)*4+1);
143 raw_cookie = estrdup(raw_cookie); 143 raw_cookie = estrdup(raw_cookie);
144 SUHOSIN_G(raw_cookie) = estrdup(raw_cookie); 144 SUHOSIN_G(raw_cookie) = estrdup(raw_cookie);
145
145 146
146
147 j = 0; tmp = raw_cookie; 147 j = 0; tmp = raw_cookie;
148 while (*tmp) { 148 while (*tmp) {
149 char *d_url;int varlen; 149 char *d_url;int varlen;
150 while (*tmp == '\t' || *tmp == ' ') tmp++; 150 while (*tmp == '\t' || *tmp == ' ') tmp++;
151 var = tmp; 151 var = tmp;
152 while (*tmp && *tmp != ';' && *tmp != '=') tmp++; 152 while (*tmp && *tmp != ';' && *tmp != '=') tmp++;
153 153
154 varlen = tmp-var; 154 varlen = tmp-var;
155 /*memcpy(decrypted, var, varlen); 155 /*memcpy(decrypted, var, varlen);
156 decrypted += varlen;*/ 156 decrypted += varlen;*/
157 if (*tmp == 0) break; 157 if (*tmp == 0) break;
158 158
159 if (*tmp++ == ';') { 159 if (*tmp++ == ';') {
160 *decrypted++ = ';'; 160 *decrypted++ = ';';
161 continue; 161 continue;
162 } 162 }
163 163
164 /**decrypted++ = '=';*/ 164 /**decrypted++ = '=';*/
165 165
166 val = tmp; 166 val = tmp;
167 while (*tmp && *tmp != ';') tmp++; 167 while (*tmp && *tmp != ';') tmp++;
168 168
@@ -170,16 +170,16 @@ char *suhosin_cookie_decryptor(TSRMLS_D)
170 if (*tmp == ';') { 170 if (*tmp == ';') {
171 *decrypted++ = ';'; 171 *decrypted++ = ';';
172 } 172 }
173 173
174 if (*tmp == 0) break; 174 if (*tmp == 0) break;
175 tmp++; 175 tmp++;
176 } 176 }
177 *decrypted++ = 0; 177 *decrypted++ = 0;
178 ret = erealloc(ret, decrypted-ret); 178 ret = erealloc(ret, decrypted-ret);
179 179
180 SUHOSIN_G(decrypted_cookie) = ret; 180 SUHOSIN_G(decrypted_cookie) = ret;
181 efree(raw_cookie); 181 efree(raw_cookie);
182 182
183 return ret; 183 return ret;
184} 184}
185/* }}} */ 185/* }}} */
@@ -194,9 +194,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
194 if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) { 194 if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) {
195 goto suhosin_skip_header_handling; 195 goto suhosin_skip_header_handling;
196 } 196 }
197 197
198 if (sapi_header && sapi_header->header) { 198 if (sapi_header && sapi_header->header) {
199 199
200 tmp = sapi_header->header; 200 tmp = sapi_header->header;
201 201
202 for (i=0; i<sapi_header->header_len; i++, tmp++) { 202 for (i=0; i<sapi_header->header_len; i++, tmp++) {
@@ -214,7 +214,7 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
214 } 214 }
215 if (SUHOSIN_G(allow_multiheader)) { 215 if (SUHOSIN_G(allow_multiheader)) {
216 continue; 216 continue;
217 } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || 217 } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) ||
218 (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { 218 (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) {
219 char *fname = (char *)get_active_function_name(TSRMLS_C); 219 char *fname = (char *)get_active_function_name(TSRMLS_C);
220 220
@@ -236,8 +236,8 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
236 if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) { 236 if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) {
237 237
238 char *start, *end, *rend, *tmp; 238 char *start, *end, *rend, *tmp;
239 char *name, *value; 239 char *name, *value;
240 int nlen, vlen, len, tlen; 240 int nlen, vlen, len, tlen;
241 char cryptkey[33]; 241 char cryptkey[33];
242 242
243 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); 243 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC);
@@ -264,9 +264,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
264 } 264 }
265 vlen = end-value; 265 vlen = end-value;
266 266
267 value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC); 267 value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC);
268 vlen = strlen(value); 268 vlen = strlen(value);
269 269
270 len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end; 270 len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end;
271 tmp = emalloc(len + 1); 271 tmp = emalloc(len + 1);
272 tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value); 272 tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value);
@@ -321,5 +321,3 @@ void suhosin_unhook_header_handler()
321 * vim600: noet sw=4 ts=4 fdm=marker 321 * vim600: noet sw=4 ts=4 fdm=marker
322 * vim<600: noet sw=4 ts=4 322 * vim<600: noet sw=4 ts=4
323 */ 323 */
324
325
diff --git a/ifilter.c b/ifilter.c
index fc25a55..43df750 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: ifilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: ifilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -67,12 +67,12 @@ size_t suhosin_strncspn(const char *input, size_t n, const char *reject)
67void normalize_varname(char *varname) 67void normalize_varname(char *varname)
68{ 68{
69 char *s=varname, *index=NULL, *indexend=NULL, *p; 69 char *s=varname, *index=NULL, *indexend=NULL, *p;
70 70
71 /* overjump leading space */ 71 /* overjump leading space */
72 while (*s == ' ') { 72 while (*s == ' ') {
73 s++; 73 s++;
74 } 74 }
75 75
76 /* and remove it */ 76 /* and remove it */
77 if (s != varname) { 77 if (s != varname) {
78 memmove(varname, s, strlen(s)+1); 78 memmove(varname, s, strlen(s)+1);
@@ -104,7 +104,7 @@ void normalize_varname(char *varname)
104 } 104 }
105 indexend = strchr(index, ']'); 105 indexend = strchr(index, ']');
106 indexend = indexend ? indexend + 1 : index + strlen(index); 106 indexend = indexend ? indexend + 1 : index + strlen(index);
107 107
108 if (s != index) { 108 if (s != index) {
109 memmove(s, index, strlen(index)+1); 109 memmove(s, index, strlen(index)+1);
110 s += indexend-index; 110 s += indexend-index;
@@ -117,7 +117,7 @@ void normalize_varname(char *varname)
117 index = s; 117 index = s;
118 } else { 118 } else {
119 index = NULL; 119 index = NULL;
120 } 120 }
121 } 121 }
122 *s++='\0'; 122 *s++='\0';
123} 123}
@@ -153,7 +153,7 @@ static void suhosin_server_strip(HashTable *arr, char *key, int klen)
153 153
154 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && 154 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
155 Z_TYPE_PP(tzval) == IS_STRING) { 155 Z_TYPE_PP(tzval) == IS_STRING) {
156 156
157 s = t = (unsigned char *)Z_STRVAL_PP(tzval); 157 s = t = (unsigned char *)Z_STRVAL_PP(tzval);
158 for (; *t; t++) { 158 for (; *t; t++) {
159 if (suhosin_is_dangerous_char[*t]) { 159 if (suhosin_is_dangerous_char[*t]) {
@@ -175,20 +175,20 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen)
175 175
176 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && 176 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
177 Z_TYPE_PP(tzval) == IS_STRING) { 177 Z_TYPE_PP(tzval) == IS_STRING) {
178 178
179 temp = (unsigned char *)Z_STRVAL_PP(tzval); 179 temp = (unsigned char *)Z_STRVAL_PP(tzval);
180 180
181 for (t = temp; *t; t++) { 181 for (t = temp; *t; t++) {
182 if (suhosin_is_dangerous_char[*t]) { 182 if (suhosin_is_dangerous_char[*t]) {
183 extra += 2; 183 extra += 2;
184 } 184 }
185 } 185 }
186 186
187 /* no extra bytes required */ 187 /* no extra bytes required */
188 if (extra == 0) { 188 if (extra == 0) {
189 return; 189 return;
190 } 190 }
191 191
192 n = newv = emalloc(t - temp + 1 + extra); 192 n = newv = emalloc(t - temp + 1 + extra);
193 t = temp; 193 t = temp;
194 for (t = temp; *t; t++, n++) { 194 for (t = temp; *t; t++, n++) {
@@ -201,7 +201,7 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen)
201 } 201 }
202 } 202 }
203 *n = 0; 203 *n = 0;
204 204
205 /* XXX: we leak memory here, but only for the duration of the request */ 205 /* XXX: we leak memory here, but only for the duration of the request */
206 Z_STRVAL_PP(tzval) = (char *)newv; 206 Z_STRVAL_PP(tzval) = (char *)newv;
207 Z_STRLEN_PP(tzval) = n-newv; 207 Z_STRLEN_PP(tzval) = n-newv;
@@ -251,7 +251,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC)
251 if (failure) { 251 if (failure) {
252 suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header"); 252 suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header");
253 } 253 }
254 254
255 if (SUHOSIN_G(raw_cookie)) { 255 if (SUHOSIN_G(raw_cookie)) {
256 zval *z; 256 zval *z;
257 MAKE_STD_ZVAL(z); 257 MAKE_STD_ZVAL(z);
@@ -265,7 +265,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC)
265 zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); 265 zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL);
266 SUHOSIN_G(decrypted_cookie) = NULL; 266 SUHOSIN_G(decrypted_cookie) = NULL;
267 } 267 }
268 268
269 if (SUHOSIN_G(server_encode)) { 269 if (SUHOSIN_G(server_encode)) {
270 /* suhosin_server_encode(svars, "argv", sizeof("argv")); */ 270 /* suhosin_server_encode(svars, "argv", sizeof("argv")); */
271 suhosin_server_encode(svars, "REQUEST_URI", sizeof("REQUEST_URI")); 271 suhosin_server_encode(svars, "REQUEST_URI", sizeof("REQUEST_URI"));
@@ -290,14 +290,14 @@ unsigned int suhosin_input_filter_wrapper(int arg, char *var, char **val, unsign
290{ 290{
291 zend_bool already_scanned = SUHOSIN_G(already_scanned); 291 zend_bool already_scanned = SUHOSIN_G(already_scanned);
292 SUHOSIN_G(already_scanned) = 0; 292 SUHOSIN_G(already_scanned) = 0;
293 293
294 if (SUHOSIN_G(do_not_scan)) { 294 if (SUHOSIN_G(do_not_scan)) {
295 if (new_val_len) { 295 if (new_val_len) {
296 *new_val_len = val_len; 296 *new_val_len = val_len;
297 } 297 }
298 return 1; 298 return 1;
299 } 299 }
300 300
301 if (!already_scanned) { 301 if (!already_scanned) {
302 if (suhosin_input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)==0) { 302 if (suhosin_input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)==0) {
303 SUHOSIN_G(abort_request)=1; 303 SUHOSIN_G(abort_request)=1;
@@ -329,66 +329,66 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
329 } 329 }
330 330
331 /* Drop this variable if the limit was reached */ 331 /* Drop this variable if the limit was reached */
332 switch (arg) {
333 case PARSE_GET:
334 SUHOSIN_G(att_get_vars)++;
335 SUHOSIN_G(att_request_variables)++;
336 if (SUHOSIN_G(no_more_get_variables)) {
337 return 0;
338 }
339 break;
340 case PARSE_POST:
341 SUHOSIN_G(att_post_vars)++;
342 SUHOSIN_G(att_request_variables)++;
343 if (SUHOSIN_G(no_more_post_variables)) {
344 return 0;
345 }
346 break;
347 case PARSE_COOKIE:
348 SUHOSIN_G(att_cookie_vars)++;
349 SUHOSIN_G(att_request_variables)++;
350 if (SUHOSIN_G(no_more_cookie_variables)) {
351 return 0;
352 }
353 break;
354 default: /* we do not want to protect parse_str() and friends */
355 if (new_val_len) {
356 *new_val_len = val_len;
357 }
358 return 1;
359 }
360
361 /* Drop this variable if the limit is now reached */
362 switch (arg) { 332 switch (arg) {
363 case PARSE_GET: 333 case PARSE_GET:
334 SUHOSIN_G(att_get_vars)++;
335 SUHOSIN_G(att_request_variables)++;
336 if (SUHOSIN_G(no_more_get_variables)) {
337 return 0;
338 }
339 break;
340 case PARSE_POST:
341 SUHOSIN_G(att_post_vars)++;
342 SUHOSIN_G(att_request_variables)++;
343 if (SUHOSIN_G(no_more_post_variables)) {
344 return 0;
345 }
346 break;
347 case PARSE_COOKIE:
348 SUHOSIN_G(att_cookie_vars)++;
349 SUHOSIN_G(att_request_variables)++;
350 if (SUHOSIN_G(no_more_cookie_variables)) {
351 return 0;
352 }
353 break;
354 default: /* we do not want to protect parse_str() and friends */
355 if (new_val_len) {
356 *new_val_len = val_len;
357 }
358 return 1;
359 }
360
361/* Drop this variable if the limit is now reached */
362 switch (arg) {
363 case PARSE_GET:
364 if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) { 364 if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) {
365 suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var); 365 suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var);
366 if (!SUHOSIN_G(simulation)) { 366 if (!SUHOSIN_G(simulation)) {
367 SUHOSIN_G(no_more_get_variables) = 1; 367 SUHOSIN_G(no_more_get_variables) = 1;
368 return 0; 368 return 0;
369 } 369 }
370 } 370 }
371 break; 371 break;
372 case PARSE_COOKIE: 372 case PARSE_COOKIE:
373 if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) { 373 if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) {
374 suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var); 374 suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var);
375 if (!SUHOSIN_G(simulation)) { 375 if (!SUHOSIN_G(simulation)) {
376 SUHOSIN_G(no_more_cookie_variables) = 1; 376 SUHOSIN_G(no_more_cookie_variables) = 1;
377 return 0; 377 return 0;
378 } 378 }
379 } 379 }
380 break; 380 break;
381 case PARSE_POST: 381 case PARSE_POST:
382 if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) { 382 if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) {
383 suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var); 383 suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var);
384 if (!SUHOSIN_G(simulation)) { 384 if (!SUHOSIN_G(simulation)) {
385 SUHOSIN_G(no_more_post_variables) = 1; 385 SUHOSIN_G(no_more_post_variables) = 1;
386 return 0; 386 return 0;
387 } 387 }
388 } 388 }
389 break; 389 break;
390 } 390 }
391 391
392 /* Drop this variable if it begins with whitespace which is disallowed */ 392 /* Drop this variable if it begins with whitespace which is disallowed */
393 if (isspace(*var)) { 393 if (isspace(*var)) {
394 if (SUHOSIN_G(disallow_ws)) { 394 if (SUHOSIN_G(disallow_ws)) {
@@ -398,33 +398,33 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
398 } 398 }
399 } 399 }
400 switch (arg) { 400 switch (arg) {
401 case PARSE_GET: 401 case PARSE_GET:
402 if (SUHOSIN_G(disallow_get_ws)) { 402 if (SUHOSIN_G(disallow_get_ws)) {
403 suhosin_log(S_VARS, "GET variable name begins with disallowed whitespace - dropped variable '%s'", var); 403 suhosin_log(S_VARS, "GET variable name begins with disallowed whitespace - dropped variable '%s'", var);
404 if (!SUHOSIN_G(simulation)) { 404 if (!SUHOSIN_G(simulation)) {
405 return 0; 405 return 0;
406 } 406 }
407 } 407 }
408 break; 408 break;
409 case PARSE_POST: 409 case PARSE_POST:
410 if (SUHOSIN_G(disallow_post_ws)) { 410 if (SUHOSIN_G(disallow_post_ws)) {
411 suhosin_log(S_VARS, "POST variable name begins with disallowed whitespace - dropped variable '%s'", var); 411 suhosin_log(S_VARS, "POST variable name begins with disallowed whitespace - dropped variable '%s'", var);
412 if (!SUHOSIN_G(simulation)) { 412 if (!SUHOSIN_G(simulation)) {
413 return 0; 413 return 0;
414 } 414 }
415 } 415 }
416 break; 416 break;
417 case PARSE_COOKIE: 417 case PARSE_COOKIE:
418 if (SUHOSIN_G(disallow_cookie_ws)) { 418 if (SUHOSIN_G(disallow_cookie_ws)) {
419 suhosin_log(S_VARS, "COOKIE variable name begins with disallowed whitespace - dropped variable '%s'", var); 419 suhosin_log(S_VARS, "COOKIE variable name begins with disallowed whitespace - dropped variable '%s'", var);
420 if (!SUHOSIN_G(simulation)) { 420 if (!SUHOSIN_G(simulation)) {
421 return 0; 421 return 0;
422 } 422 }
423 } 423 }
424 break; 424 break;
425 } 425 }
426 } 426 }
427 427
428 /* Drop this variable if it exceeds the value length limit */ 428 /* Drop this variable if it exceeds the value length limit */
429 if (SUHOSIN_G(max_value_length) && SUHOSIN_G(max_value_length) < val_len) { 429 if (SUHOSIN_G(max_value_length) && SUHOSIN_G(max_value_length) < val_len) {
430 suhosin_log(S_VARS, "configured request variable value length limit exceeded - dropped variable '%s'", var); 430 suhosin_log(S_VARS, "configured request variable value length limit exceeded - dropped variable '%s'", var);
@@ -433,7 +433,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
433 } 433 }
434 } 434 }
435 switch (arg) { 435 switch (arg) {
436 case PARSE_GET: 436 case PARSE_GET:
437 if (SUHOSIN_G(max_get_value_length) && SUHOSIN_G(max_get_value_length) < val_len) { 437 if (SUHOSIN_G(max_get_value_length) && SUHOSIN_G(max_get_value_length) < val_len) {
438 suhosin_log(S_VARS, "configured GET variable value length limit exceeded - dropped variable '%s'", var); 438 suhosin_log(S_VARS, "configured GET variable value length limit exceeded - dropped variable '%s'", var);
439 if (!SUHOSIN_G(simulation)) { 439 if (!SUHOSIN_G(simulation)) {
@@ -441,7 +441,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
441 } 441 }
442 } 442 }
443 break; 443 break;
444 case PARSE_COOKIE: 444 case PARSE_COOKIE:
445 if (SUHOSIN_G(max_cookie_value_length) && SUHOSIN_G(max_cookie_value_length) < val_len) { 445 if (SUHOSIN_G(max_cookie_value_length) && SUHOSIN_G(max_cookie_value_length) < val_len) {
446 suhosin_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped variable '%s'", var); 446 suhosin_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped variable '%s'", var);
447 if (!SUHOSIN_G(simulation)) { 447 if (!SUHOSIN_G(simulation)) {
@@ -449,7 +449,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
449 } 449 }
450 } 450 }
451 break; 451 break;
452 case PARSE_POST: 452 case PARSE_POST:
453 if (SUHOSIN_G(max_post_value_length) && SUHOSIN_G(max_post_value_length) < val_len) { 453 if (SUHOSIN_G(max_post_value_length) && SUHOSIN_G(max_post_value_length) < val_len) {
454 suhosin_log(S_VARS, "configured POST variable value length limit exceeded - dropped variable '%s'", var); 454 suhosin_log(S_VARS, "configured POST variable value length limit exceeded - dropped variable '%s'", var);
455 if (!SUHOSIN_G(simulation)) { 455 if (!SUHOSIN_G(simulation)) {
@@ -458,15 +458,15 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
458 } 458 }
459 break; 459 break;
460 } 460 }
461 461
462 /* Normalize the variable name */ 462 /* Normalize the variable name */
463 normalize_varname(var); 463 normalize_varname(var);
464 464
465 /* Find length of variable name */ 465 /* Find length of variable name */
466 index = strchr(var, '['); 466 index = strchr(var, '[');
467 total_len = strlen(var); 467 total_len = strlen(var);
468 var_len = index ? index-var : total_len; 468 var_len = index ? index-var : total_len;
469 469
470 /* Drop this variable if it exceeds the varname/total length limit */ 470 /* Drop this variable if it exceeds the varname/total length limit */
471 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) { 471 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) {
472 suhosin_log(S_VARS, "configured request variable name length limit exceeded - dropped variable '%s'", var); 472 suhosin_log(S_VARS, "configured request variable name length limit exceeded - dropped variable '%s'", var);
@@ -481,7 +481,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
481 } 481 }
482 } 482 }
483 switch (arg) { 483 switch (arg) {
484 case PARSE_GET: 484 case PARSE_GET:
485 if (SUHOSIN_G(max_get_name_length) && SUHOSIN_G(max_get_name_length) < var_len) { 485 if (SUHOSIN_G(max_get_name_length) && SUHOSIN_G(max_get_name_length) < var_len) {
486 suhosin_log(S_VARS, "configured GET variable name length limit exceeded - dropped variable '%s'", var); 486 suhosin_log(S_VARS, "configured GET variable name length limit exceeded - dropped variable '%s'", var);
487 if (!SUHOSIN_G(simulation)) { 487 if (!SUHOSIN_G(simulation)) {
@@ -495,7 +495,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
495 } 495 }
496 } 496 }
497 break; 497 break;
498 case PARSE_COOKIE: 498 case PARSE_COOKIE:
499 if (SUHOSIN_G(max_cookie_name_length) && SUHOSIN_G(max_cookie_name_length) < var_len) { 499 if (SUHOSIN_G(max_cookie_name_length) && SUHOSIN_G(max_cookie_name_length) < var_len) {
500 suhosin_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped variable '%s'", var); 500 suhosin_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped variable '%s'", var);
501 if (!SUHOSIN_G(simulation)) { 501 if (!SUHOSIN_G(simulation)) {
@@ -509,7 +509,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
509 } 509 }
510 } 510 }
511 break; 511 break;
512 case PARSE_POST: 512 case PARSE_POST:
513 if (SUHOSIN_G(max_post_name_length) && SUHOSIN_G(max_post_name_length) < var_len) { 513 if (SUHOSIN_G(max_post_name_length) && SUHOSIN_G(max_post_name_length) < var_len) {
514 suhosin_log(S_VARS, "configured POST variable name length limit exceeded - dropped variable '%s'", var); 514 suhosin_log(S_VARS, "configured POST variable name length limit exceeded - dropped variable '%s'", var);
515 if (!SUHOSIN_G(simulation)) { 515 if (!SUHOSIN_G(simulation)) {
@@ -524,59 +524,59 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
524 } 524 }
525 break; 525 break;
526 } 526 }
527 527
528 /* Find out array depth */ 528 /* Find out array depth */
529 while (index) { 529 while (index) {
530 char *index_end; 530 char *index_end;
531 unsigned int index_length; 531 unsigned int index_length;
532 532
533 /* overjump '[' */ 533 /* overjump '[' */
534 index++; 534 index++;
535 535
536 /* increase array depth */ 536 /* increase array depth */
537 depth++; 537 depth++;
538 538
539 index_end = strchr(index, ']'); 539 index_end = strchr(index, ']');
540 if (index_end == NULL) { 540 if (index_end == NULL) {
541 index_end = index+strlen(index); 541 index_end = index+strlen(index);
542 } 542 }
543 543
544 index_length = index_end - index; 544 index_length = index_end - index;
545 545
546 /* max. array index length */ 546 /* max. array index length */
547 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { 547 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
548 suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var); 548 suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
549 if (!SUHOSIN_G(simulation)) { 549 if (!SUHOSIN_G(simulation)) {
550 return 0; 550 return 0;
551 } 551 }
552 } 552 }
553 switch (arg) { 553 switch (arg) {
554 case PARSE_GET: 554 case PARSE_GET:
555 if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) { 555 if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) {
556 suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var); 556 suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var);
557 if (!SUHOSIN_G(simulation)) { 557 if (!SUHOSIN_G(simulation)) {
558 return 0; 558 return 0;
559 } 559 }
560 } 560 }
561 break; 561 break;
562 case PARSE_COOKIE: 562 case PARSE_COOKIE:
563 if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) { 563 if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) {
564 suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var); 564 suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var);
565 if (!SUHOSIN_G(simulation)) { 565 if (!SUHOSIN_G(simulation)) {
566 return 0; 566 return 0;
567 } 567 }
568 } 568 }
569 break; 569 break;
570 case PARSE_POST: 570 case PARSE_POST:
571 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) { 571 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) {
572 suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var); 572 suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var);
573 if (!SUHOSIN_G(simulation)) { 573 if (!SUHOSIN_G(simulation)) {
574 return 0; 574 return 0;
575 } 575 }
576 } 576 }
577 break; 577 break;
578 } 578 }
579 579
580 /* index whitelist/blacklist */ 580 /* index whitelist/blacklist */
581 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { 581 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
582 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { 582 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
@@ -593,10 +593,10 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
593 } 593 }
594 } 594 }
595 } 595 }
596 596
597 index = strchr(index, '['); 597 index = strchr(index, '[');
598 } 598 }
599 599
600 /* Drop this variable if it exceeds the array depth limit */ 600 /* Drop this variable if it exceeds the array depth limit */
601 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) { 601 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) {
602 suhosin_log(S_VARS, "configured request variable array depth limit exceeded - dropped variable '%s'", var); 602 suhosin_log(S_VARS, "configured request variable array depth limit exceeded - dropped variable '%s'", var);
@@ -605,7 +605,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
605 } 605 }
606 } 606 }
607 switch (arg) { 607 switch (arg) {
608 case PARSE_GET: 608 case PARSE_GET:
609 if (SUHOSIN_G(max_get_array_depth) && SUHOSIN_G(max_get_array_depth) < depth) { 609 if (SUHOSIN_G(max_get_array_depth) && SUHOSIN_G(max_get_array_depth) < depth) {
610 suhosin_log(S_VARS, "configured GET variable array depth limit exceeded - dropped variable '%s'", var); 610 suhosin_log(S_VARS, "configured GET variable array depth limit exceeded - dropped variable '%s'", var);
611 if (!SUHOSIN_G(simulation)) { 611 if (!SUHOSIN_G(simulation)) {
@@ -613,7 +613,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
613 } 613 }
614 } 614 }
615 break; 615 break;
616 case PARSE_COOKIE: 616 case PARSE_COOKIE:
617 if (SUHOSIN_G(max_cookie_array_depth) && SUHOSIN_G(max_cookie_array_depth) < depth) { 617 if (SUHOSIN_G(max_cookie_array_depth) && SUHOSIN_G(max_cookie_array_depth) < depth) {
618 suhosin_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped variable '%s'", var); 618 suhosin_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped variable '%s'", var);
619 if (!SUHOSIN_G(simulation)) { 619 if (!SUHOSIN_G(simulation)) {
@@ -621,7 +621,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
621 } 621 }
622 } 622 }
623 break; 623 break;
624 case PARSE_POST: 624 case PARSE_POST:
625 if (SUHOSIN_G(max_post_array_depth) && SUHOSIN_G(max_post_array_depth) < depth) { 625 if (SUHOSIN_G(max_post_array_depth) && SUHOSIN_G(max_post_array_depth) < depth) {
626 suhosin_log(S_VARS, "configured POST variable array depth limit exceeded - dropped variable '%s'", var); 626 suhosin_log(S_VARS, "configured POST variable array depth limit exceeded - dropped variable '%s'", var);
627 if (!SUHOSIN_G(simulation)) { 627 if (!SUHOSIN_G(simulation)) {
@@ -632,9 +632,9 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
632 } 632 }
633 633
634 /* Check if variable value is truncated by a \0 */ 634 /* Check if variable value is truncated by a \0 */
635 635
636 if (val && *val && val_len != strnlen(*val, val_len)) { 636 if (val && *val && val_len != strnlen(*val, val_len)) {
637 637
638 if (SUHOSIN_G(disallow_nul)) { 638 if (SUHOSIN_G(disallow_nul)) {
639 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var); 639 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var);
640 if (!SUHOSIN_G(simulation)) { 640 if (!SUHOSIN_G(simulation)) {
@@ -642,7 +642,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
642 } 642 }
643 } 643 }
644 switch (arg) { 644 switch (arg) {
645 case PARSE_GET: 645 case PARSE_GET:
646 if (SUHOSIN_G(disallow_get_nul)) { 646 if (SUHOSIN_G(disallow_get_nul)) {
647 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within GET variables - dropped variable '%s'", var); 647 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within GET variables - dropped variable '%s'", var);
648 if (!SUHOSIN_G(simulation)) { 648 if (!SUHOSIN_G(simulation)) {
@@ -650,7 +650,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
650 } 650 }
651 } 651 }
652 break; 652 break;
653 case PARSE_COOKIE: 653 case PARSE_COOKIE:
654 if (SUHOSIN_G(disallow_cookie_nul)) { 654 if (SUHOSIN_G(disallow_cookie_nul)) {
655 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within COOKIE variables - dropped variable '%s'", var); 655 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within COOKIE variables - dropped variable '%s'", var);
656 if (!SUHOSIN_G(simulation)) { 656 if (!SUHOSIN_G(simulation)) {
@@ -658,7 +658,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
658 } 658 }
659 } 659 }
660 break; 660 break;
661 case PARSE_POST: 661 case PARSE_POST:
662 if (SUHOSIN_G(disallow_post_nul)) { 662 if (SUHOSIN_G(disallow_post_nul)) {
663 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within POST variables - dropped variable '%s'", var); 663 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within POST variables - dropped variable '%s'", var);
664 if (!SUHOSIN_G(simulation)) { 664 if (!SUHOSIN_G(simulation)) {
@@ -668,7 +668,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
668 break; 668 break;
669 } 669 }
670 } 670 }
671 671
672 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ 672 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
673 /* This is to protect several silly scripts that do globalizing themself */ 673 /* This is to protect several silly scripts that do globalizing themself */
674 if (suhosin_is_protected_varname(var, var_len)) { 674 if (suhosin_is_protected_varname(var, var_len)) {
@@ -681,17 +681,17 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
681 /* Okay let PHP register this variable */ 681 /* Okay let PHP register this variable */
682 SUHOSIN_G(cur_request_variables)++; 682 SUHOSIN_G(cur_request_variables)++;
683 switch (arg) { 683 switch (arg) {
684 case PARSE_GET: 684 case PARSE_GET:
685 SUHOSIN_G(cur_get_vars)++; 685 SUHOSIN_G(cur_get_vars)++;
686 break; 686 break;
687 case PARSE_COOKIE: 687 case PARSE_COOKIE:
688 SUHOSIN_G(cur_cookie_vars)++; 688 SUHOSIN_G(cur_cookie_vars)++;
689 break; 689 break;
690 case PARSE_POST: 690 case PARSE_POST:
691 SUHOSIN_G(cur_post_vars)++; 691 SUHOSIN_G(cur_post_vars)++;
692 break; 692 break;
693 } 693 }
694 694
695 if (new_val_len) { 695 if (new_val_len) {
696 *new_val_len = val_len; 696 *new_val_len = val_len;
697 } 697 }
@@ -722,5 +722,3 @@ void suhosin_hook_register_server_variables()
722 * vim600: noet sw=4 ts=4 fdm=marker 722 * vim600: noet sw=4 ts=4 fdm=marker
723 * vim<600: noet sw=4 ts=4 723 * vim<600: noet sw=4 ts=4
724 */ 724 */
725
726
diff --git a/php_suhosin.h b/php_suhosin.h
index 326ceb2..a3d6de1 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -36,7 +36,7 @@
36 {FILE *f;f=fopen(SUHOSIN_LOG, "a+");if(f){fprintf(f,"[%u] ",getpid());fprintf(f, msg);fprintf(f,"\n");fclose(f);}} 36 {FILE *f;f=fopen(SUHOSIN_LOG, "a+");if(f){fprintf(f,"[%u] ",getpid());fprintf(f, msg);fprintf(f,"\n");fclose(f);}}
37#else 37#else
38#define SDEBUG(msg...) 38#define SDEBUG(msg...)
39#endif 39#endif
40#endif 40#endif
41 41
42#ifndef PHP_VERSION_ID 42#ifndef PHP_VERSION_ID
@@ -124,7 +124,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
124 zend_uint in_code_type; 124 zend_uint in_code_type;
125 long execution_depth; 125 long execution_depth;
126 zend_bool simulation; 126 zend_bool simulation;
127 zend_bool stealth; 127 zend_bool stealth;
128 zend_bool protectkey; 128 zend_bool protectkey;
129 zend_bool executor_allow_symlink; 129 zend_bool executor_allow_symlink;
130 char *filter_action; 130 char *filter_action;
@@ -135,7 +135,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
135 long sql_opencomment; 135 long sql_opencomment;
136 long sql_union; 136 long sql_union;
137 long sql_mselect; 137 long sql_mselect;
138 138
139 long max_execution_depth; 139 long max_execution_depth;
140 zend_bool abort_request; 140 zend_bool abort_request;
141 long executor_include_max_traversal; 141 long executor_include_max_traversal;
@@ -212,7 +212,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
212 zend_bool upload_allow_utf8; 212 zend_bool upload_allow_utf8;
213#endif 213#endif
214 char *upload_verification_script; 214 char *upload_verification_script;
215 215
216 zend_bool no_more_variables; 216 zend_bool no_more_variables;
217 zend_bool no_more_get_variables; 217 zend_bool no_more_get_variables;
218 zend_bool no_more_post_variables; 218 zend_bool no_more_post_variables;
@@ -237,13 +237,13 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
237 char *log_filename; 237 char *log_filename;
238 zend_bool log_file_time; 238 zend_bool log_file_time;
239 long log_max_error_length; 239 long log_max_error_length;
240 240
241/* header handler */ 241/* header handler */
242 zend_bool allow_multiheader; 242 zend_bool allow_multiheader;
243 243
244/* mailprotect */ 244/* mailprotect */
245 long mailprotect; 245 long mailprotect;
246 246
247/* memory_limit */ 247/* memory_limit */
248 long memory_limit; 248 long memory_limit;
249 long hard_memory_limit; 249 long hard_memory_limit;
@@ -263,18 +263,18 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
263 BYTE fi[24],ri[24]; 263 BYTE fi[24],ri[24];
264 WORD fkey[120]; 264 WORD fkey[120];
265 WORD rkey[120]; 265 WORD rkey[120];
266 266
267 zend_bool session_encrypt; 267 zend_bool session_encrypt;
268 char* session_cryptkey; 268 char* session_cryptkey;
269 zend_bool session_cryptua; 269 zend_bool session_cryptua;
270 zend_bool session_cryptdocroot; 270 zend_bool session_cryptdocroot;
271 long session_cryptraddr; 271 long session_cryptraddr;
272 long session_checkraddr; 272 long session_checkraddr;
273 273
274 long session_max_id_length; 274 long session_max_id_length;
275 275
276 char* decrypted_cookie; 276 char* decrypted_cookie;
277 char* raw_cookie; 277 char* raw_cookie;
278 zend_bool cookie_encrypt; 278 zend_bool cookie_encrypt;
279 char* cookie_cryptkey; 279 char* cookie_cryptkey;
280 zend_bool cookie_cryptua; 280 zend_bool cookie_cryptua;
@@ -283,30 +283,30 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
283 long cookie_checkraddr; 283 long cookie_checkraddr;
284 HashTable *cookie_plainlist; 284 HashTable *cookie_plainlist;
285 HashTable *cookie_cryptlist; 285 HashTable *cookie_cryptlist;
286 286
287 zend_bool coredump; 287 zend_bool coredump;
288 zend_bool apc_bug_workaround; 288 zend_bool apc_bug_workaround;
289 zend_bool already_scanned; 289 zend_bool already_scanned;
290 zend_bool do_not_scan; 290 zend_bool do_not_scan;
291 291
292 zend_bool server_encode; 292 zend_bool server_encode;
293 zend_bool server_strip; 293 zend_bool server_strip;
294 294
295 zend_bool disable_display_errors; 295 zend_bool disable_display_errors;
296 296
297 php_uint32 r_state[625]; 297 php_uint32 r_state[625];
298 php_uint32 *r_next; 298 php_uint32 *r_next;
299 int r_left; 299 int r_left;
300 zend_bool srand_ignore; 300 zend_bool srand_ignore;
301 zend_bool mt_srand_ignore; 301 zend_bool mt_srand_ignore;
302 php_uint32 mt_state[625]; 302 php_uint32 mt_state[625];
303 php_uint32 *mt_next; 303 php_uint32 *mt_next;
304 int mt_left; 304 int mt_left;
305 305
306 char *seedingkey; 306 char *seedingkey;
307 zend_bool reseed_every_request; 307 zend_bool reseed_every_request;
308 308
309 zend_bool r_is_seeded; 309 zend_bool r_is_seeded;
310 zend_bool mt_is_seeded; 310 zend_bool mt_is_seeded;
311 311
312 /* PERDIR Handling */ 312 /* PERDIR Handling */
diff --git a/session.c b/session.c
index 10c1652..b89aa7f 100644
--- a/session.c
+++ b/session.c
@@ -18,7 +18,7 @@
18 +----------------------------------------------------------------------+ 18 +----------------------------------------------------------------------+
19*/ 19*/
20/* 20/*
21 $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 21 $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
22*/ 22*/
23 23
24#ifdef HAVE_CONFIG_H 24#ifdef HAVE_CONFIG_H
@@ -57,55 +57,55 @@ ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL;
57 57
58int suhosin_session_encode(char **newstr, int *newlen TSRMLS_DC) 58int suhosin_session_encode(char **newstr, int *newlen TSRMLS_DC)
59{ 59{
60 smart_str buf = {0}; 60 smart_str buf = {0};
61 php_serialize_data_t var_hash; 61 php_serialize_data_t var_hash;
62 PS_ENCODE_VARS; 62 PS_ENCODE_VARS;
63 63
64 PHP_VAR_SERIALIZE_INIT(var_hash); 64 PHP_VAR_SERIALIZE_INIT(var_hash);
65 65
66 PS_ENCODE_LOOP( 66 PS_ENCODE_LOOP(
67 smart_str_appendl(&buf, key, key_length); 67 smart_str_appendl(&buf, key, key_length);
68 if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) { 68 if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) {
69 PHP_VAR_SERIALIZE_DESTROY(var_hash); 69 PHP_VAR_SERIALIZE_DESTROY(var_hash);
70 smart_str_free(&buf); 70 smart_str_free(&buf);
71 return FAILURE; 71 return FAILURE;
72 } 72 }
73 smart_str_appendc(&buf, PS_DELIMITER); 73 smart_str_appendc(&buf, PS_DELIMITER);
74 74
75 php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); 75 php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
76 } else { 76 } else {
77 smart_str_appendc(&buf, PS_UNDEF_MARKER); 77 smart_str_appendc(&buf, PS_UNDEF_MARKER);
78 smart_str_appendl(&buf, key, key_length); 78 smart_str_appendl(&buf, key, key_length);
79 smart_str_appendc(&buf, PS_DELIMITER); 79 smart_str_appendc(&buf, PS_DELIMITER);
80 ); 80 );
81 81
82 if (newlen) { 82 if (newlen) {
83 *newlen = buf.len; 83 *newlen = buf.len;
84 } 84 }
85 smart_str_0(&buf); 85 smart_str_0(&buf);
86 *newstr = buf.c; 86 *newstr = buf.c;
87 87
88 PHP_VAR_SERIALIZE_DESTROY(var_hash); 88 PHP_VAR_SERIALIZE_DESTROY(var_hash);
89 return SUCCESS; 89 return SUCCESS;
90} 90}
91 91
92static void suhosin_send_cookie(TSRMLS_D) 92static void suhosin_send_cookie(TSRMLS_D)
93{ 93{
94 int * session_send_cookie = &SESSION_G(send_cookie); 94 int * session_send_cookie = &SESSION_G(send_cookie);
95 char * base; 95 char * base;
96 zend_ini_entry *ini_entry; 96 zend_ini_entry *ini_entry;
97 97
98 /* The following is requires to be 100% compatible to PHP 98 /* The following is requires to be 100% compatible to PHP
99 versions where the hash extension is not available by default */ 99 versions where the hash extension is not available by default */
100 if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) { 100 if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) {
101#ifndef ZTS 101#ifndef ZTS
102 base = (char *) ini_entry->mh_arg2; 102 base = (char *) ini_entry->mh_arg2;
103#else 103#else
104 base = (char *) ts_resource(*((int *) ini_entry->mh_arg2)); 104 base = (char *) ts_resource(*((int *) ini_entry->mh_arg2));
105#endif 105#endif
106 session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long)); 106 session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long));
107 } 107 }
108 *session_send_cookie = 1; 108 *session_send_cookie = 1;
109} 109}
110 110
111 111
@@ -115,255 +115,255 @@ static int (*old_SessionRINIT)(INIT_FUNC_ARGS) = NULL;
115 115
116static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC) 116static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC)
117{ 117{
118 int r; 118 int r;
119 119
120 int i;char *v,*KEY=(char *)key; 120 int i;char *v,*KEY=(char *)key;
121 121
122 /* protect session vars */ 122 /* protect session vars */
123/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { 123/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
124 SESSION_G(http_session_vars)->refcount++; 124 SESSION_G(http_session_vars)->refcount++;
125 }*/ 125 }*/
126 126
127 /* protect dumb session handlers */ 127 /* protect dumb session handlers */
128 if (key == NULL || !key[0] || 128 if (key == NULL || !key[0] ||
129 (*mod_data == NULL 129 (*mod_data == NULL
130 && !SESSION_G(mod_user_implemented) 130 && !SESSION_G(mod_user_implemented)
131 )) { 131 )) {
132regenerate: 132regenerate:
133 SDEBUG("regenerating key is %s", key); 133 SDEBUG("regenerating key is %s", key);
134 KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC); 134 KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
135 suhosin_send_cookie(TSRMLS_C); 135 suhosin_send_cookie(TSRMLS_C);
136 } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) { 136 } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) {
137 suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY); 137 suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY);
138 if (!SUHOSIN_G(simulation)) { 138 if (!SUHOSIN_G(simulation)) {
139 goto regenerate; 139 goto regenerate;
140 } 140 }
141 } 141 }
142
143 r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC);
142 144
143 r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC); 145 if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) {
146 char cryptkey[33];
144 147
145 if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) { 148 SUHOSIN_G(do_not_scan) = 1;
146 char cryptkey[33]; 149 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
147 150
148 SUHOSIN_G(do_not_scan) = 1; 151 v = *val;
149 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); 152 i = *vallen;
150 153 *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC);
151 v = *val; 154 SUHOSIN_G(do_not_scan) = 0;
152 i = *vallen; 155 if (*val == NULL) {
153 *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC); 156 *val = estrndup("", 0);
154 SUHOSIN_G(do_not_scan) = 0; 157 *vallen = 0;
155 if (*val == NULL) { 158 }
156 *val = estrndup("", 0); 159 efree(v);
157 *vallen = 0; 160 }
158 } 161
159 efree(v); 162 return r;
160 }
161
162 return r;
163} 163}
164 164
165static int suhosin_hook_s_write(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC) 165static int suhosin_hook_s_write(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC)
166{ 166{
167 int r; 167 int r;
168/* int nullify = 0;*/ 168/* int nullify = 0;*/
169 char *v = (char *)val; 169 char *v = (char *)val;
170 170
171 /* protect dumb session handlers */ 171 /* protect dumb session handlers */
172 if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || 172 if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
173 (*mod_data == NULL 173 (*mod_data == NULL
174 && !SESSION_G(mod_user_implemented) 174 && !SESSION_G(mod_user_implemented)
175 )) { 175 )) {
176 r = FAILURE; 176 r = FAILURE;
177 goto return_write; 177 goto return_write;
178 } 178 }
179 179
180 r = vallen; 180 r = vallen;
181 181
182 if (r > 0 && SUHOSIN_G(session_encrypt)) { 182 if (r > 0 && SUHOSIN_G(session_encrypt)) {
183 char cryptkey[33]; 183 char cryptkey[33];
184 184
185 SUHOSIN_G(do_not_scan) = 1; 185 SUHOSIN_G(do_not_scan) = 1;
186 186
187 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); 187 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
188 188
189 v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC); 189 v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC);
190 190
191 SUHOSIN_G(do_not_scan) = 0; 191 SUHOSIN_G(do_not_scan) = 0;
192 r = strlen(v); 192 r = strlen(v);
193 } 193 }
194
195 r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
194 196
195 r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
196
197return_write: 197return_write:
198 /* protect session vars */ 198 /* protect session vars */
199/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { 199/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
200 if (SESSION_G(http_session_vars)->refcount==1) { 200 if (SESSION_G(http_session_vars)->refcount==1) {
201 nullify = 1; 201 nullify = 1;
202 } 202 }
203 zval_ptr_dtor(&SESSION_G(http_session_vars)); 203 zval_ptr_dtor(&SESSION_G(http_session_vars));
204 if (nullify) { 204 if (nullify) {
205 suhosin_log(S_SESSION, "possible session variables double free attack stopped"); 205 suhosin_log(S_SESSION, "possible session variables double free attack stopped");
206 SESSION_G(http_session_vars) = NULL; 206 SESSION_G(http_session_vars) = NULL;
207 } 207 }
208 }*/ 208 }*/
209 209
210 return r; 210 return r;
211} 211}
212 212
213static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC) 213static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC)
214{ 214{
215 int r; 215 int r;
216 216
217 /* protect dumb session handlers */ 217 /* protect dumb session handlers */
218 if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || 218 if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
219 (*mod_data == NULL 219 (*mod_data == NULL
220 && !SESSION_G(mod_user_implemented) 220 && !SESSION_G(mod_user_implemented)
221 )) { 221 )) {
222 return FAILURE; 222 return FAILURE;
223 } 223 }
224 224
225 r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC); 225 r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC);
226 226
227 return r; 227 return r;
228} 228}
229 229
230static void suhosin_hook_session_module(TSRMLS_D) 230static void suhosin_hook_session_module(TSRMLS_D)
231{ 231{
232 ps_module *old_mod = SESSION_G(mod), *mod; 232 ps_module *old_mod = SESSION_G(mod), *mod;
233 233
234 if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) { 234 if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) {
235 return; 235 return;
236 } 236 }
237 237
238 if (SUHOSIN_G(s_module) == NULL) { 238 if (SUHOSIN_G(s_module) == NULL) {
239 SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module)); 239 SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
240 if (mod == NULL) { 240 if (mod == NULL) {
241 return; 241 return;
242 } 242 }
243 } 243 }
244 244
245 SUHOSIN_G(s_original_mod) = old_mod; 245 SUHOSIN_G(s_original_mod) = old_mod;
246 246
247 mod = SUHOSIN_G(s_module); 247 mod = SUHOSIN_G(s_module);
248 memcpy(mod, old_mod, sizeof(ps_module)); 248 memcpy(mod, old_mod, sizeof(ps_module));
249 249
250 SUHOSIN_G(old_s_read) = mod->s_read; 250 SUHOSIN_G(old_s_read) = mod->s_read;
251 mod->s_read = suhosin_hook_s_read; 251 mod->s_read = suhosin_hook_s_read;
252 SUHOSIN_G(old_s_write) = mod->s_write; 252 SUHOSIN_G(old_s_write) = mod->s_write;
253 mod->s_write = suhosin_hook_s_write; 253 mod->s_write = suhosin_hook_s_write;
254 SUHOSIN_G(old_s_destroy) = mod->s_destroy; 254 SUHOSIN_G(old_s_destroy) = mod->s_destroy;
255 mod->s_destroy = suhosin_hook_s_destroy; 255 mod->s_destroy = suhosin_hook_s_destroy;
256 256
257 SESSION_G(mod) = mod; 257 SESSION_G(mod) = mod;
258} 258}
259 259
260static PHP_INI_MH(suhosin_OnUpdateSaveHandler) 260static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
261{ 261{
262 int r; 262 int r;
263 263
264 if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod) 264 if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
265 && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) { 265 && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
266 return SUCCESS; 266 return SUCCESS;
267 } 267 }
268 268
269 SESSION_G(mod) = SUHOSIN_G(s_original_mod); 269 SESSION_G(mod) = SUHOSIN_G(s_original_mod);
270 270
271 r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); 271 r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
272
273 suhosin_hook_session_module(TSRMLS_C);
274 272
275 return r; 273 suhosin_hook_session_module(TSRMLS_C);
274
275 return r;
276} 276}
277 277
278 278
279static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS) 279static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS)
280{ 280{
281 if (SESSION_G(mod) == NULL) { 281 if (SESSION_G(mod) == NULL) {
282 char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0); 282 char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
283 283
284 if (value) { 284 if (value) {
285 suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC); 285 suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC);
286 } 286 }
287 } 287 }
288 return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU); 288 return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
289} 289}
290 290
291void suhosin_hook_session(TSRMLS_D) 291void suhosin_hook_session(TSRMLS_D)
292{ 292{
293 ps_serializer *serializer; 293 ps_serializer *serializer;
294 zend_ini_entry *ini_entry; 294 zend_ini_entry *ini_entry;
295 zend_module_entry *module; 295 zend_module_entry *module;
296#ifdef ZTS 296#ifdef ZTS
297 ts_rsrc_id *ps_globals_id_ptr; 297 ts_rsrc_id *ps_globals_id_ptr;
298#endif 298#endif
299 299
300 if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) { 300 if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) {
301 return; 301 return;
302 } 302 }
303 /* retrieve globals from module entry struct if possible */ 303 /* retrieve globals from module entry struct if possible */
304#ifdef ZTS 304#ifdef ZTS
305 if (session_globals_id == 0) { 305 if (session_globals_id == 0) {
306 session_globals_id = *module->globals_id_ptr; 306 session_globals_id = *module->globals_id_ptr;
307 } 307 }
308#else 308#else
309 if (session_globals == NULL) { 309 if (session_globals == NULL) {
310 session_globals = module->globals_ptr; 310 session_globals = module->globals_ptr;
311 } 311 }
312#endif 312#endif
313
314 if (old_OnUpdateSaveHandler != NULL) {
315 return;
316 }
317
318 /* hook request startup function of session module */
319 old_SessionRINIT = module->request_startup_func;
320 module->request_startup_func = suhosin_hook_session_RINIT;
321
322 /* retrieve pointer to session.save_handler ini entry */
323 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
324 return;
325 }
326 SUHOSIN_G(s_module) = NULL;
327 313
328 /* replace OnUpdateMemoryLimit handler */ 314 if (old_OnUpdateSaveHandler != NULL) {
329 old_OnUpdateSaveHandler = ini_entry->on_modify; 315 return;
330 ini_entry->on_modify = suhosin_OnUpdateSaveHandler; 316 }
331
332 suhosin_hook_session_module(TSRMLS_C);
333
334 /* Protect the PHP serializer from ! attacks */
335 serializer = (ps_serializer *) SESSION_G(serializer);
336 if (serializer != NULL && strcmp(serializer->name, "php")==0) {
337 serializer->encode = suhosin_session_encode;
338 }
339 317
340 /* increase session identifier entropy */ 318 /* hook request startup function of session module */
341 if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) { 319 old_SessionRINIT = module->request_startup_func;
320 module->request_startup_func = suhosin_hook_session_RINIT;
321
322 /* retrieve pointer to session.save_handler ini entry */
323 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
324 return;
325 }
326 SUHOSIN_G(s_module) = NULL;
327
328 /* replace OnUpdateMemoryLimit handler */
329 old_OnUpdateSaveHandler = ini_entry->on_modify;
330 ini_entry->on_modify = suhosin_OnUpdateSaveHandler;
331
332 suhosin_hook_session_module(TSRMLS_C);
333
334 /* Protect the PHP serializer from ! attacks */
335 serializer = (ps_serializer *) SESSION_G(serializer);
336 if (serializer != NULL && strcmp(serializer->name, "php")==0) {
337 serializer->encode = suhosin_session_encode;
338 }
339
340 /* increase session identifier entropy */
341 if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
342#ifndef PHP_WIN32 342#ifndef PHP_WIN32
343 /* ensure that /dev/urandom exists */ 343 /* ensure that /dev/urandom exists */
344 int fd = VCWD_OPEN("/dev/urandom", O_RDONLY); 344 int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
345 if (fd >= 0) { 345 if (fd >= 0) {
346 close(fd); 346 close(fd);
347 SESSION_G(entropy_length) = 16; 347 SESSION_G(entropy_length) = 16;
348 SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1); 348 SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
349 } 349 }
350#endif 350#endif
351 } 351 }
352} 352}
353 353
354void suhosin_unhook_session(TSRMLS_D) 354void suhosin_unhook_session(TSRMLS_D)
355{ 355{
356 if (old_OnUpdateSaveHandler != NULL) { 356 if (old_OnUpdateSaveHandler != NULL) {
357 zend_ini_entry *ini_entry; 357 zend_ini_entry *ini_entry;
358 358
359 /* retrieve pointer to session.save_handler ini entry */ 359 /* retrieve pointer to session.save_handler ini entry */
360 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) { 360 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
361 return; 361 return;
362 } 362 }
363 ini_entry->on_modify = old_OnUpdateSaveHandler; 363 ini_entry->on_modify = old_OnUpdateSaveHandler;
364 364
365 old_OnUpdateSaveHandler = NULL; 365 old_OnUpdateSaveHandler = NULL;
366 } 366 }
367 367
368} 368}
369 369
diff --git a/suhosin.c b/suhosin.c
index 8336561..11f99f7 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -77,7 +77,7 @@ STATIC zend_extension suhosin_zend_extension_entry = {
77 NULL, 77 NULL,
78 suhosin_op_array_ctor, 78 suhosin_op_array_ctor,
79 suhosin_op_array_dtor, 79 suhosin_op_array_dtor,
80 80
81 STANDARD_ZEND_EXTENSION_PROPERTIES 81 STANDARD_ZEND_EXTENSION_PROPERTIES
82}; 82};
83 83
@@ -86,15 +86,15 @@ static void suhosin_op_array_ctor(zend_op_array *op_array)
86 TSRMLS_FETCH(); 86 TSRMLS_FETCH();
87 87
88 if (suhosin_zend_extension_entry.resource_number != -1) { 88 if (suhosin_zend_extension_entry.resource_number != -1) {
89 89
90 unsigned long suhosin_flags = 0; 90 unsigned long suhosin_flags = 0;
91 91
92 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { 92 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
93 suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL; 93 suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL;
94 } 94 }
95 95
96 op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags; 96 op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags;
97 97
98 } 98 }
99} 99}
100 100
@@ -112,16 +112,16 @@ static void suhosin_op_array_dtor(zend_op_array *op_array)
112static void stealth_op_array_ctor(zend_op_array *op_array) 112static void stealth_op_array_ctor(zend_op_array *op_array)
113{ 113{
114 if (orig_op_array_ctor != NULL) { 114 if (orig_op_array_ctor != NULL) {
115 orig_op_array_ctor(op_array); 115 orig_op_array_ctor(op_array);
116 } 116 }
117 suhosin_op_array_ctor(op_array); 117 suhosin_op_array_ctor(op_array);
118} 118}
119 119
120static void stealth_op_array_dtor(zend_op_array *op_array) 120static void stealth_op_array_dtor(zend_op_array *op_array)
121{ 121{
122 if (orig_op_array_dtor != NULL) { 122 if (orig_op_array_dtor != NULL) {
123 orig_op_array_dtor(op_array); 123 orig_op_array_dtor(op_array);
124 } 124 }
125 suhosin_op_array_dtor(op_array); 125 suhosin_op_array_dtor(op_array);
126} 126}
127 127
@@ -129,14 +129,14 @@ static int stealth_module_startup(zend_extension *extension)
129{ 129{
130 int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension); 130 int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension);
131 suhosin_module_startup(extension); 131 suhosin_module_startup(extension);
132 return r; 132 return r;
133} 133}
134 134
135static void stealth_module_shutdown(zend_extension *extension) 135static void stealth_module_shutdown(zend_extension *extension)
136{ 136{
137 if (orig_module_shutdown != NULL) { 137 if (orig_module_shutdown != NULL) {
138 orig_module_shutdown(extension); 138 orig_module_shutdown(extension);
139 } 139 }
140 suhosin_shutdown(extension); 140 suhosin_shutdown(extension);
141} 141}
142 142
@@ -146,22 +146,22 @@ static int suhosin_module_startup(zend_extension *extension)
146 zend_module_entry *module_entry_ptr; 146 zend_module_entry *module_entry_ptr;
147 int resid; 147 int resid;
148 TSRMLS_FETCH(); 148 TSRMLS_FETCH();
149 149
150/* zend_register_module(&suhosin_module_entry TSRMLS_CC); */ 150/* zend_register_module(&suhosin_module_entry TSRMLS_CC); */
151 151
152 if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) { 152 if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) {
153 153
154 if (extension) { 154 if (extension) {
155 extension->handle = module_entry_ptr->handle; 155 extension->handle = module_entry_ptr->handle;
156 } else { 156 } else {
157 zend_extension ext; 157 zend_extension ext;
158 ext = suhosin_zend_extension_entry; 158 ext = suhosin_zend_extension_entry;
159 ext.handle = module_entry_ptr->handle; 159 ext.handle = module_entry_ptr->handle;
160 /* 160 /*
161 zend_llist_add_element(&zend_extensions, &ext); 161 zend_llist_add_element(&zend_extensions, &ext);
162 extension = zend_llist_get_last(&zend_extensions); 162 extension = zend_llist_get_last(&zend_extensions);
163 */ 163 */
164 extension = &suhosin_zend_extension_entry; 164 extension = &suhosin_zend_extension_entry;
165 } 165 }
166 module_entry_ptr->handle = NULL; 166 module_entry_ptr->handle = NULL;
167 167
@@ -198,14 +198,13 @@ static void suhosin_shutdown(zend_extension *extension)
198 suhosin_unhook_header_handler(); 198 suhosin_unhook_header_handler();
199 suhosin_unhook_post_handlers(TSRMLS_C); 199 suhosin_unhook_post_handlers(TSRMLS_C);
200 /* suhosin_unhook_session(); - enabling this causes compability problems */ 200 /* suhosin_unhook_session(); - enabling this causes compability problems */
201 201
202 if (ze != NULL) { 202 if (ze != NULL) {
203 ze->startup = orig_module_startup; 203 ze->startup = orig_module_startup;
204 ze->shutdown = orig_module_shutdown; 204 ze->shutdown = orig_module_shutdown;
205 ze->op_array_ctor = orig_op_array_ctor; 205 ze->op_array_ctor = orig_op_array_ctor;
206 ze->op_array_dtor = orig_op_array_dtor; 206 ze->op_array_dtor = orig_op_array_dtor;
207 } 207 }
208
209} 208}
210 209
211 210
@@ -216,10 +215,10 @@ static int suhosin_startup_wrapper(zend_extension *ext)
216 char *new_info; 215 char *new_info;
217 int new_info_length; 216 int new_info_length;
218 TSRMLS_FETCH(); 217 TSRMLS_FETCH();
219 218
220 /* Ugly but working hack */ 219 /* Ugly but working hack */
221 new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n") 220 new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n")
222 + strlen(ext->author) 221 + strlen(ext->author)
223 + strlen(ex->name) 222 + strlen(ex->name)
224 + strlen(ex->version) 223 + strlen(ex->version)
225 + strlen(ex->copyright) 224 + strlen(ex->copyright)
@@ -230,43 +229,42 @@ static int suhosin_startup_wrapper(zend_extension *ext)
230 ext->author = new_info; 229 ext->author = new_info;
231 230
232 ze->startup = old_startup; 231 ze->startup = old_startup;
233 232
234 /* Stealth Mode */ 233 /* Stealth Mode */
235 orig_module_startup = ze->startup; 234 orig_module_startup = ze->startup;
236 orig_module_shutdown = ze->shutdown; 235 orig_module_shutdown = ze->shutdown;
237 orig_op_array_ctor = ze->op_array_ctor; 236 orig_op_array_ctor = ze->op_array_ctor;
238 orig_op_array_dtor = ze->op_array_dtor; 237 orig_op_array_dtor = ze->op_array_dtor;
239 238
240 /*if (SUHOSIN_G(stealth) != 0) {*/ 239 /*if (SUHOSIN_G(stealth) != 0) {*/
241 ze->startup = stealth_module_startup; 240 ze->startup = stealth_module_startup;
242 ze->shutdown = stealth_module_shutdown; 241 ze->shutdown = stealth_module_shutdown;
243 ze->op_array_ctor = stealth_op_array_ctor; 242 ze->op_array_ctor = stealth_op_array_ctor;
244 ze->op_array_dtor = stealth_op_array_dtor; 243 ze->op_array_dtor = stealth_op_array_dtor;
245 /*}*/ 244 /*}*/
246 245
247 if (old_startup != NULL) { 246 if (old_startup != NULL) {
248 res = old_startup(ext); 247 res = old_startup(ext);
249 } 248 }
250 249
251/* ex->name = NULL; 250/* ex->name = NULL;
252 ex->author = NULL; 251 ex->author = NULL;
253 ex->copyright = NULL; 252 ex->copyright = NULL;
254 ex->version = NULL;*/ 253 ex->version = NULL;*/
255 254
256 /*zend_extensions.head=NULL;*/ 255 /*zend_extensions.head=NULL;*/
257 256
258 suhosin_module_startup(NULL); 257 suhosin_module_startup(NULL);
259 258
260
261 return res; 259 return res;
262} 260}
263 261
264/*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/ 262/*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/
265 263
266#define PERDIR_CHECK(upper, lower) \ 264#define PERDIR_CHECK(upper, lower) \
267 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \ 265 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \
268 return FAILURE; \ 266 return FAILURE; \
269 } 267 }
270 268
271#define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log) 269#define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log)
272#define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec) 270#define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec)
@@ -283,94 +281,94 @@ static int suhosin_startup_wrapper(zend_extension *ext)
283 281
284static ZEND_INI_MH(OnUpdateSuhosin_perdir) 282static ZEND_INI_MH(OnUpdateSuhosin_perdir)
285{ 283{
286 char *tmp; 284 char *tmp;
287 285
288 if (SUHOSIN_G(perdir)) { 286 if (SUHOSIN_G(perdir)) {
289 pefree(SUHOSIN_G(perdir), 1); 287 pefree(SUHOSIN_G(perdir), 1);
290 } 288 }
291 SUHOSIN_G(perdir) = NULL; 289 SUHOSIN_G(perdir) = NULL;
292 290
293 /* Initialize the perdir flags */ 291 /* Initialize the perdir flags */
294 SUHOSIN_G(log_perdir) = 0; 292 SUHOSIN_G(log_perdir) = 0;
295 SUHOSIN_G(exec_perdir) = 0; 293 SUHOSIN_G(exec_perdir) = 0;
296 SUHOSIN_G(get_perdir) = 0; 294 SUHOSIN_G(get_perdir) = 0;
297 SUHOSIN_G(cookie_perdir) = 0; 295 SUHOSIN_G(cookie_perdir) = 0;
298 SUHOSIN_G(post_perdir) = 0; 296 SUHOSIN_G(post_perdir) = 0;
299 SUHOSIN_G(request_perdir) = 0; 297 SUHOSIN_G(request_perdir) = 0;
300 SUHOSIN_G(sql_perdir) = 0; 298 SUHOSIN_G(sql_perdir) = 0;
301 SUHOSIN_G(upload_perdir) = 0; 299 SUHOSIN_G(upload_perdir) = 0;
302 SUHOSIN_G(misc_perdir) = 0; 300 SUHOSIN_G(misc_perdir) = 0;
303 301
304 if (new_value == NULL) { 302 if (new_value == NULL) {
305 return SUCCESS; 303 return SUCCESS;
306 } 304 }
307 305
308 tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1); 306 tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1);
309 307
310 /* trim the whitespace */ 308 /* trim the whitespace */
311 while (isspace(*tmp)) tmp++; 309 while (isspace(*tmp)) tmp++;
312 310
313 /* should we deactivate perdir completely? */ 311 /* should we deactivate perdir completely? */
314 if (*tmp == 0 || *tmp == '0') { 312 if (*tmp == 0 || *tmp == '0') {
315 return SUCCESS; 313 return SUCCESS;
316 } 314 }
317 315
318 /* no deactivation so check the flags */ 316 /* no deactivation so check the flags */
319 while (*tmp) { 317 while (*tmp) {
320 switch (*tmp) { 318 switch (*tmp) {
321 case 'l': 319 case 'l':
322 case 'L': 320 case 'L':
323 SUHOSIN_G(log_perdir) = 1; 321 SUHOSIN_G(log_perdir) = 1;
324 break; 322 break;
325 case 'e': 323 case 'e':
326 case 'E': 324 case 'E':
327 SUHOSIN_G(exec_perdir) = 1; 325 SUHOSIN_G(exec_perdir) = 1;
328 break; 326 break;
329 case 'g': 327 case 'g':
330 case 'G': 328 case 'G':
331 SUHOSIN_G(get_perdir) = 1; 329 SUHOSIN_G(get_perdir) = 1;
332 break; 330 break;
333 case 'c': 331 case 'c':
334 case 'C': 332 case 'C':
335 SUHOSIN_G(cookie_perdir) = 1; 333 SUHOSIN_G(cookie_perdir) = 1;
336 break; 334 break;
337 case 'p': 335 case 'p':
338 case 'P': 336 case 'P':
339 SUHOSIN_G(post_perdir) = 1; 337 SUHOSIN_G(post_perdir) = 1;
340 break; 338 break;
341 case 'r': 339 case 'r':
342 case 'R': 340 case 'R':
343 SUHOSIN_G(request_perdir) = 1; 341 SUHOSIN_G(request_perdir) = 1;
344 break; 342 break;
345 case 's': 343 case 's':
346 case 'S': 344 case 'S':
347 SUHOSIN_G(sql_perdir) = 1; 345 SUHOSIN_G(sql_perdir) = 1;
348 break; 346 break;
349 case 'u': 347 case 'u':
350 case 'U': 348 case 'U':
351 SUHOSIN_G(upload_perdir) = 1; 349 SUHOSIN_G(upload_perdir) = 1;
352 break; 350 break;
353 case 'm': 351 case 'm':
354 case 'M': 352 case 'M':
355 SUHOSIN_G(misc_perdir) = 1; 353 SUHOSIN_G(misc_perdir) = 1;
356 break; 354 break;
357 } 355 }
358 tmp++; 356 tmp++;
359 } 357 }
360 return SUCCESS; 358 return SUCCESS;
361} 359}
362 360
363#define dohandler(handler, name, upper, lower) \ 361#define dohandler(handler, name, upper, lower) \
364 static ZEND_INI_MH(OnUpdate ## name ## handler) \ 362 static ZEND_INI_MH(OnUpdate ## name ## handler) \
365 { \ 363 { \
366 PERDIR_CHECK(upper, lower) \ 364 PERDIR_CHECK(upper, lower) \
367 return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \ 365 return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \
368 } \ 366 } \
369 367
370#define dohandlers(name, upper, lower) \ 368#define dohandlers(name, upper, lower) \
371 dohandler(Bool, name, upper, lower) \ 369 dohandler(Bool, name, upper, lower) \
372 dohandler(String, name, upper, lower) \ 370 dohandler(String, name, upper, lower) \
373 dohandler(Long, name, upper, lower) \ 371 dohandler(Long, name, upper, lower) \
374 372
375dohandlers(Log, LOG, log) 373dohandlers(Log, LOG, log)
376dohandlers(Exec, EXEC, exec) 374dohandlers(Exec, EXEC, exec)
@@ -384,7 +382,7 @@ dohandlers(SQL, SQL, sql)
384 382
385static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) 383static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
386{ 384{
387 LOG_PERDIR_CHECK() 385 LOG_PERDIR_CHECK()
388 if (!new_value) { 386 if (!new_value) {
389 SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY; 387 SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY;
390 } else { 388 } else {
@@ -399,7 +397,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
399} 397}
400static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) 398static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
401{ 399{
402 LOG_PERDIR_CHECK() 400 LOG_PERDIR_CHECK()
403 if (!new_value) { 401 if (!new_value) {
404 SUHOSIN_G(log_syslog_facility) = LOG_USER; 402 SUHOSIN_G(log_syslog_facility) = LOG_USER;
405 } else { 403 } else {
@@ -409,7 +407,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
409} 407}
410static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) 408static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
411{ 409{
412 LOG_PERDIR_CHECK() 410 LOG_PERDIR_CHECK()
413 if (!new_value) { 411 if (!new_value) {
414 SUHOSIN_G(log_syslog_priority) = LOG_ALERT; 412 SUHOSIN_G(log_syslog_priority) = LOG_ALERT;
415 } else { 413 } else {
@@ -419,7 +417,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
419} 417}
420static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) 418static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
421{ 419{
422 LOG_PERDIR_CHECK() 420 LOG_PERDIR_CHECK()
423 if (!new_value) { 421 if (!new_value) {
424 SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL); 422 SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL);
425 } else { 423 } else {
@@ -434,7 +432,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
434} 432}
435static ZEND_INI_MH(OnUpdateSuhosin_log_stdout) 433static ZEND_INI_MH(OnUpdateSuhosin_log_stdout)
436{ 434{
437 LOG_PERDIR_CHECK() 435 LOG_PERDIR_CHECK()
438 if (!new_value) { 436 if (!new_value) {
439 SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL); 437 SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL);
440 } else { 438 } else {
@@ -449,7 +447,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_stdout)
449} 447}
450static ZEND_INI_MH(OnUpdateSuhosin_log_script) 448static ZEND_INI_MH(OnUpdateSuhosin_log_script)
451{ 449{
452 LOG_PERDIR_CHECK() 450 LOG_PERDIR_CHECK()
453 if (!new_value) { 451 if (!new_value) {
454 SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY; 452 SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY;
455 } else { 453 } else {
@@ -464,11 +462,11 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_script)
464} 462}
465static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) 463static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
466{ 464{
467 LOG_PERDIR_CHECK() 465 LOG_PERDIR_CHECK()
468 if (SUHOSIN_G(log_scriptname)) { 466 if (SUHOSIN_G(log_scriptname)) {
469 pefree(SUHOSIN_G(log_scriptname),1); 467 pefree(SUHOSIN_G(log_scriptname),1);
470 } 468 }
471 SUHOSIN_G(log_scriptname) = NULL; 469 SUHOSIN_G(log_scriptname) = NULL;
472 if (new_value) { 470 if (new_value) {
473 SUHOSIN_G(log_scriptname) = pestrdup(new_value,1); 471 SUHOSIN_G(log_scriptname) = pestrdup(new_value,1);
474 } 472 }
@@ -476,7 +474,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
476} 474}
477static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) 475static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
478{ 476{
479 LOG_PERDIR_CHECK() 477 LOG_PERDIR_CHECK()
480 if (!new_value) { 478 if (!new_value) {
481 SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY; 479 SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY;
482 } else { 480 } else {
@@ -491,7 +489,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
491} 489}
492static ZEND_INI_MH(OnUpdateSuhosin_log_file) 490static ZEND_INI_MH(OnUpdateSuhosin_log_file)
493{ 491{
494 LOG_PERDIR_CHECK() 492 LOG_PERDIR_CHECK()
495 if (!new_value) { 493 if (!new_value) {
496 SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY; 494 SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY;
497 } else { 495 } else {
@@ -509,7 +507,7 @@ static void parse_list(HashTable **ht, char *list, zend_bool lc)
509{ 507{
510 char *s = NULL, *e, *val; 508 char *s = NULL, *e, *val;
511 unsigned long dummy = 1; 509 unsigned long dummy = 1;
512 510
513 if (list == NULL) { 511 if (list == NULL) {
514list_destroy: 512list_destroy:
515 if (*ht) { 513 if (*ht) {
@@ -523,17 +521,17 @@ list_destroy:
523 if (*list == 0) { 521 if (*list == 0) {
524 goto list_destroy; 522 goto list_destroy;
525 } 523 }
526 524
527 *ht = pemalloc(sizeof(HashTable), 1); 525 *ht = pemalloc(sizeof(HashTable), 1);
528 zend_hash_init(*ht, 5, NULL, NULL, 1); 526 zend_hash_init(*ht, 5, NULL, NULL, 1);
529 527
530 if (lc) { 528 if (lc) {
531 val = suhosin_str_tolower_dup(list, strlen(list)); 529 val = suhosin_str_tolower_dup(list, strlen(list));
532 } else { 530 } else {
533 val = estrndup(list, strlen(list)); 531 val = estrndup(list, strlen(list));
534 } 532 }
535 e = val; 533 e = val;
536 534
537 while (*e) { 535 while (*e) {
538 switch (*e) { 536 switch (*e) {
539 case ' ': 537 case ' ':
@@ -561,42 +559,42 @@ list_destroy:
561 559
562static ZEND_INI_MH(OnUpdate_include_blacklist) 560static ZEND_INI_MH(OnUpdate_include_blacklist)
563{ 561{
564 EXEC_PERDIR_CHECK() 562 EXEC_PERDIR_CHECK()
565 parse_list(&SUHOSIN_G(include_blacklist), new_value, 1); 563 parse_list(&SUHOSIN_G(include_blacklist), new_value, 1);
566 return SUCCESS; 564 return SUCCESS;
567} 565}
568 566
569static ZEND_INI_MH(OnUpdate_include_whitelist) 567static ZEND_INI_MH(OnUpdate_include_whitelist)
570{ 568{
571 EXEC_PERDIR_CHECK() 569 EXEC_PERDIR_CHECK()
572 parse_list(&SUHOSIN_G(include_whitelist), new_value, 1); 570 parse_list(&SUHOSIN_G(include_whitelist), new_value, 1);
573 return SUCCESS; 571 return SUCCESS;
574} 572}
575 573
576static ZEND_INI_MH(OnUpdate_func_blacklist) 574static ZEND_INI_MH(OnUpdate_func_blacklist)
577{ 575{
578 EXEC_PERDIR_CHECK() 576 EXEC_PERDIR_CHECK()
579 parse_list(&SUHOSIN_G(func_blacklist), new_value, 1); 577 parse_list(&SUHOSIN_G(func_blacklist), new_value, 1);
580 return SUCCESS; 578 return SUCCESS;
581} 579}
582 580
583static ZEND_INI_MH(OnUpdate_func_whitelist) 581static ZEND_INI_MH(OnUpdate_func_whitelist)
584{ 582{
585 EXEC_PERDIR_CHECK() 583 EXEC_PERDIR_CHECK()
586 parse_list(&SUHOSIN_G(func_whitelist), new_value, 1); 584 parse_list(&SUHOSIN_G(func_whitelist), new_value, 1);
587 return SUCCESS; 585 return SUCCESS;
588} 586}
589 587
590static ZEND_INI_MH(OnUpdate_eval_blacklist) 588static ZEND_INI_MH(OnUpdate_eval_blacklist)
591{ 589{
592 EXEC_PERDIR_CHECK() 590 EXEC_PERDIR_CHECK()
593 parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1); 591 parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1);
594 return SUCCESS; 592 return SUCCESS;
595} 593}
596 594
597static ZEND_INI_MH(OnUpdate_eval_whitelist) 595static ZEND_INI_MH(OnUpdate_eval_whitelist)
598{ 596{
599 EXEC_PERDIR_CHECK() 597 EXEC_PERDIR_CHECK()
600 parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1); 598 parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1);
601 return SUCCESS; 599 return SUCCESS;
602} 600}
@@ -662,16 +660,16 @@ static PHP_FUNCTION(suhosin_encrypt_cookie)
662 char *name, *value; 660 char *name, *value;
663 int name_len, value_len; 661 int name_len, value_len;
664 char cryptkey[33]; 662 char cryptkey[33];
665 663
666 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) { 664 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) {
667 return; 665 return;
668 } 666 }
669 667
670 if (!SUHOSIN_G(cookie_encrypt)) { 668 if (!SUHOSIN_G(cookie_encrypt)) {
671return_plain: 669return_plain:
672 RETURN_STRINGL(value, value_len, 1); 670 RETURN_STRINGL(value, value_len, 1);
673 } 671 }
674 672
675 if (SUHOSIN_G(cookie_plainlist)) { 673 if (SUHOSIN_G(cookie_plainlist)) {
676 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) { 674 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) {
677 goto return_plain; 675 goto return_plain;
@@ -681,10 +679,10 @@ return_plain:
681 goto return_plain; 679 goto return_plain;
682 } 680 }
683 } 681 }
684 682
685 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); 683 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC);
686 value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC); 684 value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC);
687 685
688 RETVAL_STRING(value, 0); 686 RETVAL_STRING(value, 0);
689} 687}
690/* }}} */ 688/* }}} */
@@ -697,9 +695,9 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
697 zval *array_ptr = return_value; 695 zval *array_ptr = return_value;
698 char *strtok_buf = NULL; 696 char *strtok_buf = NULL;
699 int val_len; 697 int val_len;
700 698
701 array_init(array_ptr); 699 array_init(array_ptr);
702 700
703 if (SUHOSIN_G(raw_cookie)) { 701 if (SUHOSIN_G(raw_cookie)) {
704 res = estrdup(SUHOSIN_G(raw_cookie)); 702 res = estrdup(SUHOSIN_G(raw_cookie));
705 } else { 703 } else {
@@ -715,7 +713,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
715 var = res; 713 var = res;
716 } 714 }
717 if (!*var) { continue; } 715 if (!*var) { continue; }
718 716
719 val = strchr(var, '='); 717 val = strchr(var, '=');
720 if (val) { /* have a value */ 718 if (val) { /* have a value */
721 *val++ = '\0'; 719 *val++ = '\0';
@@ -727,7 +725,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
727 val = ""; 725 val = "";
728 } 726 }
729 php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); 727 php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
730 728
731 } 729 }
732 730
733 efree(res); 731 efree(res);
@@ -787,7 +785,7 @@ static zend_ini_entry shared_ini_entries[] = {
787 STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals) 785 STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals)
788 STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) 786 STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals)
789ZEND_INI_END() 787ZEND_INI_END()
790 788
791PHP_INI_BEGIN() 789PHP_INI_BEGIN()
792 STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals) 790 STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals)
793 ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir) 791 ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)
@@ -795,7 +793,7 @@ PHP_INI_BEGIN()
795 ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist) 793 ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist)
796 ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist) 794 ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist)
797 STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals) 795 STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals)
798 ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist) 796 ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist)
799 ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist) 797 ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist)
800 ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist) 798 ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist)
801 ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist) 799 ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist)
@@ -805,71 +803,71 @@ PHP_INI_BEGIN()
805 STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals) 803 STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals)
806 STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals) 804 STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals)
807 805
808 806
809 STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals) 807 STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals)
810 STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals) 808 STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals)
811 STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals) 809 STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals)
812 STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals) 810 STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals)
813 STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals) 811 STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals)
814 812
815 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals) 813 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals)
816 STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals) 814 STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals)
817 STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals) 815 STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals)
818 STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals) 816 STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals)
819 STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals) 817 STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals)
820
821
822 818
823 STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals)
824 STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals)
825 STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals)
826 STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals)
827 STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
828 STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
829 STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
830 STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
831 STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
832 STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
833
834 STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals)
835 STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals)
836 STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals)
837 STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals)
838 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals)
839 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals)
840 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals)
841 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals)
842 819
843 STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals)
844 STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals)
845 STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals)
846 STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals)
847 STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals)
848 STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals)
849 STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals)
850 STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals)
851 820
852 STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals) 821 STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals)
853 STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals) 822 STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals)
854 STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals) 823 STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals)
855 STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals) 824 STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals)
856 STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals) 825 STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
857 STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals) 826 STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
858 STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals) 827 STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
859 STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals) 828 STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
829 STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
830 STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
860 831
861 STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals) 832 STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals)
862 STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals) 833 STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals)
863 STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) 834 STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals)
864 STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) 835 STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals)
865 STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) 836 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals)
866#ifdef SUHOSIN_EXPERIMENTAL 837 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals)
867 STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) 838 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals)
868#endif 839 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals)
869 STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) 840
841 STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals)
842 STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals)
843 STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals)
844 STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals)
845 STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals)
846 STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals)
847 STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals)
848 STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals)
849
850 STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals)
851 STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals)
852 STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals)
853 STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals)
854 STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals)
855 STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals)
856 STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals)
857 STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals)
858
859 STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals)
860 STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals)
861 STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals)
862 STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals)
863 STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals)
864 #ifdef SUHOSIN_EXPERIMENTAL
865 STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals)
866 #endif
867 STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals)
870 868
871 869
872 STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals) 870 STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals)
873 STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals) 871 STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals)
874 STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals) 872 STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals)
875 STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals) 873 STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals)
@@ -883,8 +881,8 @@ PHP_INI_BEGIN()
883 STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals) 881 STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals)
884 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals) 882 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals)
885 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals) 883 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals)
886 STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals) 884 STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals)
887 STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals) 885 STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals)
888 STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals) 886 STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals)
889#else /* HAVE_PHP_SESSION */ 887#else /* HAVE_PHP_SESSION */
890#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT 888#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT
@@ -895,8 +893,8 @@ PHP_INI_BEGIN()
895 STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals) 893 STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals)
896 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals) 894 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals)
897 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals) 895 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals)
898 STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals) 896 STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals)
899 STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals) 897 STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals)
900 ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist) 898 ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist)
901 ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist) 899 ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist)
902 900
@@ -916,7 +914,7 @@ PHP_INI_END()
916 */ 914 */
917char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC) 915char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC)
918{ 916{
919 if (sapi_module.getenv) { 917 if (sapi_module.getenv) {
920 char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC); 918 char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC);
921 if (tmp) { 919 if (tmp) {
922 value = estrdup(tmp); 920 value = estrdup(tmp);
@@ -927,7 +925,7 @@ char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC)
927 } else { 925 } else {
928 /* fallback to the system's getenv() function */ 926 /* fallback to the system's getenv() function */
929 char *tmp; 927 char *tmp;
930 928
931 name = estrndup(name, name_len); 929 name = estrndup(name, name_len);
932 tmp = getenv(name); 930 tmp = getenv(name);
933 efree(name); 931 efree(name);
@@ -979,25 +977,25 @@ PHP_MINIT_FUNCTION(suhosin)
979 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); 977 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
980 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); 978 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
981 } 979 }
982 980
983 /* check if shared ini directives are already known (maybe a patched PHP) */ 981 /* check if shared ini directives are already known (maybe a patched PHP) */
984 if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) { 982 if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) {
985 983
986 /* and update them */ 984 /* and update them */
987 zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries; 985 zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries;
988 986
989 while (p->name) { 987 while (p->name) {
990 988
991 zend_ini_entry *i; 989 zend_ini_entry *i;
992 990
993 if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) { 991 if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) {
994 /* continue registering them */ 992 /* continue registering them */
995 zend_register_ini_entries(p, module_number TSRMLS_CC); 993 zend_register_ini_entries(p, module_number TSRMLS_CC);
996 break; 994 break;
997 } 995 }
998 996
999 SDEBUG("updating ini %s=%s", i->name, i->value); 997 SDEBUG("updating ini %s=%s", i->name, i->value);
1000 998
1001 i->modifiable = p->modifiable; 999 i->modifiable = p->modifiable;
1002 i->module_number = module_number; 1000 i->module_number = module_number;
1003 i->on_modify = p->on_modify; 1001 i->on_modify = p->on_modify;
@@ -1008,15 +1006,15 @@ PHP_MINIT_FUNCTION(suhosin)
1008 p++; 1006 p++;
1009 } 1007 }
1010 } else { 1008 } else {
1011 1009
1012 /* not registered yet, then simply use the API */ 1010 /* not registered yet, then simply use the API */
1013 zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC); 1011 zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC);
1014 1012
1015 } 1013 }
1016 1014
1017 /* and register the rest of the ini entries */ 1015 /* and register the rest of the ini entries */
1018 REGISTER_INI_ENTRIES(); 1016 REGISTER_INI_ENTRIES();
1019 1017
1020 /* Force display_errors=off */ 1018 /* Force display_errors=off */
1021 if (SUHOSIN_G(disable_display_errors)) { 1019 if (SUHOSIN_G(disable_display_errors)) {
1022 zend_ini_entry *i; 1020 zend_ini_entry *i;
@@ -1034,14 +1032,14 @@ PHP_MINIT_FUNCTION(suhosin)
1034 } 1032 }
1035 } 1033 }
1036 } 1034 }
1037 1035
1038 /* Load invisible to other Zend Extensions */ 1036 /* Load invisible to other Zend Extensions */
1039 if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) { 1037 if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) {
1040 zend_extension extension; 1038 zend_extension extension;
1041 extension = suhosin_zend_extension_entry; 1039 extension = suhosin_zend_extension_entry;
1042 extension.handle = NULL; 1040 extension.handle = NULL;
1043 zend_llist_add_element(&zend_extensions, &extension); 1041 zend_llist_add_element(&zend_extensions, &extension);
1044 ze = NULL; 1042 ze = NULL;
1045 } else { 1043 } else {
1046 ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp); 1044 ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp);
1047 old_startup = ze->startup; 1045 old_startup = ze->startup;
@@ -1099,12 +1097,12 @@ PHP_RINIT_FUNCTION(suhosin)
1099PHP_RSHUTDOWN_FUNCTION(suhosin) 1097PHP_RSHUTDOWN_FUNCTION(suhosin)
1100{ 1098{
1101 SDEBUG("(RSHUTDOWN)"); 1099 SDEBUG("(RSHUTDOWN)");
1102 1100
1103 /* We need to clear the input filtering 1101 /* We need to clear the input filtering
1104 variables in the request shutdown 1102 variables in the request shutdown
1105 because input filtering is done before 1103 because input filtering is done before
1106 RINIT */ 1104 RINIT */
1107 1105
1108 SUHOSIN_G(cur_request_variables) = 0; 1106 SUHOSIN_G(cur_request_variables) = 0;
1109 SUHOSIN_G(cur_cookie_vars) = 0; 1107 SUHOSIN_G(cur_cookie_vars) = 0;
1110 SUHOSIN_G(cur_get_vars) = 0; 1108 SUHOSIN_G(cur_get_vars) = 0;
@@ -1115,28 +1113,28 @@ PHP_RSHUTDOWN_FUNCTION(suhosin)
1115 SUHOSIN_G(att_post_vars) = 0; 1113 SUHOSIN_G(att_post_vars) = 0;
1116 SUHOSIN_G(num_uploads) = 0; 1114 SUHOSIN_G(num_uploads) = 0;
1117 1115
1118 SUHOSIN_G(no_more_variables) = 0; 1116 SUHOSIN_G(no_more_variables) = 0;
1119 SUHOSIN_G(no_more_get_variables) = 0; 1117 SUHOSIN_G(no_more_get_variables) = 0;
1120 SUHOSIN_G(no_more_post_variables) = 0; 1118 SUHOSIN_G(no_more_post_variables) = 0;
1121 SUHOSIN_G(no_more_cookie_variables) = 0; 1119 SUHOSIN_G(no_more_cookie_variables) = 0;
1122 SUHOSIN_G(no_more_uploads) = 0; 1120 SUHOSIN_G(no_more_uploads) = 0;
1123 1121
1124 SUHOSIN_G(abort_request) = 0; 1122 SUHOSIN_G(abort_request) = 0;
1125 1123
1126 if (SUHOSIN_G(reseed_every_request)) { 1124 if (SUHOSIN_G(reseed_every_request)) {
1127 SUHOSIN_G(r_is_seeded) = 0; 1125 SUHOSIN_G(r_is_seeded) = 0;
1128 SUHOSIN_G(mt_is_seeded) = 0; 1126 SUHOSIN_G(mt_is_seeded) = 0;
1129 } 1127 }
1130 1128
1131 if (SUHOSIN_G(decrypted_cookie)) { 1129 if (SUHOSIN_G(decrypted_cookie)) {
1132 efree(SUHOSIN_G(decrypted_cookie)); 1130 efree(SUHOSIN_G(decrypted_cookie));
1133 SUHOSIN_G(decrypted_cookie)=NULL; 1131 SUHOSIN_G(decrypted_cookie)=NULL;
1134 } 1132 }
1135 if (SUHOSIN_G(raw_cookie)) { 1133 if (SUHOSIN_G(raw_cookie)) {
1136 efree(SUHOSIN_G(raw_cookie)); 1134 efree(SUHOSIN_G(raw_cookie));
1137 SUHOSIN_G(raw_cookie)=NULL; 1135 SUHOSIN_G(raw_cookie)=NULL;
1138 } 1136 }
1139 1137
1140 return SUCCESS; 1138 return SUCCESS;
1141} 1139}
1142/* }}} */ 1140/* }}} */
@@ -1145,9 +1143,9 @@ PHP_RSHUTDOWN_FUNCTION(suhosin)
1145 */ 1143 */
1146static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type) 1144static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type)
1147{ 1145{
1148 TSRMLS_FETCH(); 1146 TSRMLS_FETCH();
1149 1147
1150 PHPWRITE("[ protected ]", strlen("[ protected ]")); 1148 PHPWRITE("[ protected ]", strlen("[ protected ]"));
1151} 1149}
1152/* }}} */ 1150/* }}} */
1153 1151
@@ -1181,35 +1179,35 @@ PHP_MINFO_FUNCTION(suhosin)
1181 } 1179 }
1182 php_info_print_box_end(); 1180 php_info_print_box_end();
1183 1181
1184 if (SUHOSIN_G(protectkey)) { 1182 if (SUHOSIN_G(protectkey)) {
1185 zend_ini_entry *i; 1183 zend_ini_entry *i;
1186 1184
1187 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { 1185 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) {
1188 i->displayer = suhosin_ini_displayer; 1186 i->displayer = suhosin_ini_displayer;
1189 } 1187 }
1190 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { 1188 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) {
1191 i->displayer = suhosin_ini_displayer; 1189 i->displayer = suhosin_ini_displayer;
1192 } 1190 }
1193 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { 1191 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) {
1194 i->displayer = suhosin_ini_displayer; 1192 i->displayer = suhosin_ini_displayer;
1195 } 1193 }
1196 } 1194 }
1197 1195
1198 DISPLAY_INI_ENTRIES(); 1196 DISPLAY_INI_ENTRIES();
1199 1197
1200 if (SUHOSIN_G(protectkey)) { 1198 if (SUHOSIN_G(protectkey)) {
1201 zend_ini_entry *i; 1199 zend_ini_entry *i;
1202 1200
1203 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { 1201 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) {
1204 i->displayer = NULL; 1202 i->displayer = NULL;
1205 } 1203 }
1206 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { 1204 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) {
1207 i->displayer = NULL; 1205 i->displayer = NULL;
1208 } 1206 }
1209 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { 1207 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) {
1210 i->displayer = NULL; 1208 i->displayer = NULL;
1211 } 1209 }
1212 } 1210 }
1213 1211
1214} 1212}
1215/* }}} */ 1213/* }}} */
diff --git a/ufilter.c b/ufilter.c
index 203d76c..73573ad 100644
--- a/ufilter.c
+++ b/ufilter.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: ufilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: ufilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -48,12 +48,12 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
48 48
49 /* Normalize the variable name */ 49 /* Normalize the variable name */
50 normalize_varname(var); 50 normalize_varname(var);
51 51
52 /* Find length of variable name */ 52 /* Find length of variable name */
53 index = strchr(var, '['); 53 index = strchr(var, '[');
54 total_len = strlen(var); 54 total_len = strlen(var);
55 var_len = index ? index-var : total_len; 55 var_len = index ? index-var : total_len;
56 56
57 /* Drop this variable if it exceeds the varname/total length limit */ 57 /* Drop this variable if it exceeds the varname/total length limit */
58 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) { 58 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) {
59 suhosin_log(S_FILES, "configured request variable name length limit exceeded - dropped variable '%s'", var); 59 suhosin_log(S_FILES, "configured request variable name length limit exceeded - dropped variable '%s'", var);
@@ -79,38 +79,38 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
79 goto return_failure; 79 goto return_failure;
80 } 80 }
81 } 81 }
82 82
83 /* Find out array depth */ 83 /* Find out array depth */
84 while (index) { 84 while (index) {
85 char *index_end; 85 char *index_end;
86 unsigned int index_length; 86 unsigned int index_length;
87 87
88 /* overjump '[' */ 88 /* overjump '[' */
89 index++; 89 index++;
90 90
91 /* increase array depth */ 91 /* increase array depth */
92 depth++; 92 depth++;
93 93
94 index_end = strchr(index, ']'); 94 index_end = strchr(index, ']');
95 if (index_end == NULL) { 95 if (index_end == NULL) {
96 index_end = index+strlen(index); 96 index_end = index+strlen(index);
97 } 97 }
98 98
99 index_length = index_end - index; 99 index_length = index_end - index;
100 100
101 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { 101 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
102 suhosin_log(S_FILES, "configured request variable array index length limit exceeded - dropped variable '%s'", var); 102 suhosin_log(S_FILES, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
103 if (!SUHOSIN_G(simulation)) { 103 if (!SUHOSIN_G(simulation)) {
104 goto return_failure; 104 goto return_failure;
105 } 105 }
106 } 106 }
107 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) { 107 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) {
108 suhosin_log(S_FILES, "configured POST variable array index length limit exceeded - dropped variable '%s'", var); 108 suhosin_log(S_FILES, "configured POST variable array index length limit exceeded - dropped variable '%s'", var);
109 if (!SUHOSIN_G(simulation)) { 109 if (!SUHOSIN_G(simulation)) {
110 goto return_failure; 110 goto return_failure;
111 } 111 }
112 } 112 }
113 113
114 /* index whitelist/blacklist */ 114 /* index whitelist/blacklist */
115 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { 115 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
116 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { 116 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
@@ -127,11 +127,11 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
127 } 127 }
128 } 128 }
129 } 129 }
130 130
131 131
132 index = strchr(index, '['); 132 index = strchr(index, '[');
133 } 133 }
134 134
135 /* Drop this variable if it exceeds the array depth limit */ 135 /* Drop this variable if it exceeds the array depth limit */
136 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) { 136 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) {
137 suhosin_log(S_FILES, "configured request variable array depth limit exceeded - dropped variable '%s'", var); 137 suhosin_log(S_FILES, "configured request variable array depth limit exceeded - dropped variable '%s'", var);
@@ -145,8 +145,8 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
145 goto return_failure; 145 goto return_failure;
146 } 146 }
147 } 147 }
148 148
149 149
150 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ 150 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
151 /* This is to protect several silly scripts that do globalizing themself */ 151 /* This is to protect several silly scripts that do globalizing themself */
152 if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE || suhosin_is_protected_varname(var, var_len)) { 152 if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE || suhosin_is_protected_varname(var, var_len)) {
@@ -158,10 +158,10 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
158 158
159 efree(var); 159 efree(var);
160 return SUCCESS; 160 return SUCCESS;
161 161
162return_failure: 162return_failure:
163 efree(var); 163 efree(var);
164 return FAILURE; 164 return FAILURE;
165} 165}
166/* }}} */ 166/* }}} */
167 167
@@ -200,54 +200,54 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
200 SDEBUG("rfc1867_filter %u", event); 200 SDEBUG("rfc1867_filter %u", event);
201 201
202 switch (event) { 202 switch (event) {
203 case MULTIPART_EVENT_START: 203 case MULTIPART_EVENT_START:
204 case MULTIPART_EVENT_FORMDATA: 204 case MULTIPART_EVENT_FORMDATA:
205 /* nothing todo */ 205 /* nothing todo */
206 break; 206 break;
207 207
208 case MULTIPART_EVENT_FILE_START: 208 case MULTIPART_EVENT_FILE_START:
209 { 209 {
210 multipart_event_file_start *mefs = (multipart_event_file_start *) event_data; 210 multipart_event_file_start *mefs = (multipart_event_file_start *) event_data;
211 211
212 /* Drop if no more variables flag is set */ 212 /* Drop if no more variables flag is set */
213 if (SUHOSIN_G(no_more_uploads)) { 213 if (SUHOSIN_G(no_more_uploads)) {
214 goto continue_with_failure; 214 goto continue_with_failure;
215 } 215 }
216 216
217 /* Drop this fileupload if the limit is reached */ 217 /* Drop this fileupload if the limit is reached */
218 if (SUHOSIN_G(upload_limit) && SUHOSIN_G(upload_limit) <= SUHOSIN_G(num_uploads)) { 218 if (SUHOSIN_G(upload_limit) && SUHOSIN_G(upload_limit) <= SUHOSIN_G(num_uploads)) {
219 suhosin_log(S_FILES, "configured fileupload limit exceeded - file dropped"); 219 suhosin_log(S_FILES, "configured fileupload limit exceeded - file dropped");
220 if (!SUHOSIN_G(simulation)) { 220 if (!SUHOSIN_G(simulation)) {
221 SUHOSIN_G(no_more_uploads) = 1; 221 SUHOSIN_G(no_more_uploads) = 1;
222 goto continue_with_failure; 222 goto continue_with_failure;
223 } 223 }
224 } 224 }
225
226
227 if (check_fileupload_varname(mefs->name TSRMLS_CC) == FAILURE) {
228 goto continue_with_failure;
229 }
230 }
231
232 break;
233 225
234 case MULTIPART_EVENT_FILE_DATA:
235 226
236 if (SUHOSIN_G(upload_disallow_elf)) { 227 if (check_fileupload_varname(mefs->name TSRMLS_CC) == FAILURE) {
237 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; 228 goto continue_with_failure;
238 229 }
239 if (mefd->offset == 0 && mefd->length > 10) { 230 }
240 if (mefd->data[0] == 0x7F && mefd->data[1] == 'E' && mefd->data[2] == 'L' && mefd->data[3] == 'F') { 231
241 suhosin_log(S_FILES, "uploaded file is an ELF executable - file dropped"); 232 break;
242 if (!SUHOSIN_G(simulation)) { 233
243 goto continue_with_failure; 234 case MULTIPART_EVENT_FILE_DATA:
244 } 235
245 } 236 if (SUHOSIN_G(upload_disallow_elf)) {
246 } 237 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data;
247 } 238
248 239 if (mefd->offset == 0 && mefd->length > 10) {
240 if (mefd->data[0] == 0x7F && mefd->data[1] == 'E' && mefd->data[2] == 'L' && mefd->data[3] == 'F') {
241 suhosin_log(S_FILES, "uploaded file is an ELF executable - file dropped");
242 if (!SUHOSIN_G(simulation)) {
243 goto continue_with_failure;
244 }
245 }
246 }
247 }
248
249 if (SUHOSIN_G(upload_disallow_binary)) { 249 if (SUHOSIN_G(upload_disallow_binary)) {
250 250
251 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; 251 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data;
252 252
253 char *cp, *cpend; 253 char *cp, *cpend;
@@ -275,11 +275,11 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
275 } 275 }
276 276
277 if (SUHOSIN_G(upload_remove_binary)) { 277 if (SUHOSIN_G(upload_remove_binary)) {
278 278
279 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; 279 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data;
280 size_t i, j; 280 size_t i, j;
281 int n; 281 int n;
282 282
283 for (i=0, j=0; i<mefd->length; i++) { 283 for (i=0, j=0; i<mefd->length; i++) {
284 if (mefd->data[i] >= 32 || isspace(mefd->data[i])) { 284 if (mefd->data[i] >= 32 || isspace(mefd->data[i])) {
285 mefd->data[j++] = mefd->data[i]; 285 mefd->data[j++] = mefd->data[i];
@@ -296,7 +296,7 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
296#endif 296#endif
297 } 297 }
298 mefd->data[j] = '\0'; 298 mefd->data[j] = '\0';
299 299
300 SDEBUG("removing binary %zu %zu",i,j); 300 SDEBUG("removing binary %zu %zu",i,j);
301 /* IMPORTANT FOR DAISY CHAINING */ 301 /* IMPORTANT FOR DAISY CHAINING */
302 mefd->length = j; 302 mefd->length = j;
@@ -304,31 +304,31 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
304 *mefd->newlength = j; 304 *mefd->newlength = j;
305 } 305 }
306 } 306 }
307
308 break;
309 307
310 case MULTIPART_EVENT_FILE_END: 308 break;
311 309
312 if (SUHOSIN_G(upload_verification_script)) { 310 case MULTIPART_EVENT_FILE_END:
313 multipart_event_file_end *mefe = (multipart_event_file_end *) event_data; 311
314 char cmd[8192]; 312 if (SUHOSIN_G(upload_verification_script)) {
315 FILE *in; 313 multipart_event_file_end *mefe = (multipart_event_file_end *) event_data;
316 int first=1; 314 char cmd[8192];
315 FILE *in;
316 int first=1;
317 struct stat st; 317 struct stat st;
318 char *sname = SUHOSIN_G(upload_verification_script); 318 char *sname = SUHOSIN_G(upload_verification_script);
319 319
320 /* ignore files that will get deleted anyway */ 320 /* ignore files that will get deleted anyway */
321 if (mefe->cancel_upload) { 321 if (mefe->cancel_upload) {
322 break; 322 break;
323 } 323 }
324 324
325 /* ignore empty scriptnames */ 325 /* ignore empty scriptnames */
326 while (isspace(*sname)) ++sname; 326 while (isspace(*sname)) ++sname;
327 if (*sname == 0) { 327 if (*sname == 0) {
328 SUHOSIN_G(num_uploads)++; 328 SUHOSIN_G(num_uploads)++;
329 break; 329 break;
330 } 330 }
331 331
332 if (VCWD_STAT(sname, &st) < 0) { 332 if (VCWD_STAT(sname, &st) < 0) {
333 suhosin_log(S_FILES, "unable to find fileupload verification script %s - file dropped", sname); 333 suhosin_log(S_FILES, "unable to find fileupload verification script %s - file dropped", sname);
334 if (!SUHOSIN_G(simulation)) { 334 if (!SUHOSIN_G(simulation)) {
@@ -343,29 +343,29 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
343 goto continue_with_failure; 343 goto continue_with_failure;
344 } else { 344 } else {
345 goto continue_with_next; 345 goto continue_with_next;
346 } 346 }
347 } 347 }
348
349 ap_php_snprintf(cmd, sizeof(cmd), "%s %s 2>&1", sname, mefe->temp_filename);
350 348
351 if ((in=VCWD_POPEN(cmd, "r"))==NULL) { 349 ap_php_snprintf(cmd, sizeof(cmd), "%s %s 2>&1", sname, mefe->temp_filename);
352 suhosin_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", sname); 350
353 if (!SUHOSIN_G(simulation)) { 351 if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
354 goto continue_with_failure; 352 suhosin_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", sname);
355 } else { 353 if (!SUHOSIN_G(simulation)) {
356 goto continue_with_next; 354 goto continue_with_failure;
357 } 355 } else {
358 } 356 goto continue_with_next;
359 357 }
360 retval = FAILURE; 358 }
361 359
362 /* read and forget the result */ 360 retval = FAILURE;
363 while (1) { 361
364 int readbytes = fread(cmd, 1, sizeof(cmd), in); 362 /* read and forget the result */
365 if (readbytes<=0) { 363 while (1) {
366 break; 364 int readbytes = fread(cmd, 1, sizeof(cmd), in);
367 } 365 if (readbytes<=0) {
368 if (first) { 366 break;
367 }
368 if (first) {
369 if (strncmp(cmd, "sh: ", 4) == 0) { 369 if (strncmp(cmd, "sh: ", 4) == 0) {
370 /* assume this is an error */ 370 /* assume this is an error */
371 suhosin_log(S_FILES, "error while executing fileupload verification script %s - file dropped", sname); 371 suhosin_log(S_FILES, "error while executing fileupload verification script %s - file dropped", sname);
@@ -378,30 +378,30 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
378 retval = atoi(cmd) == 1 ? SUCCESS : FAILURE; 378 retval = atoi(cmd) == 1 ? SUCCESS : FAILURE;
379 first = 0; 379 first = 0;
380 } 380 }
381 } 381 }
382 } 382 }
383 pclose(in); 383 pclose(in);
384 } 384 }
385
386 if (retval != SUCCESS) {
387 suhosin_log(S_FILES, "fileupload verification script disallows file - file dropped");
388 if (!SUHOSIN_G(simulation)) {
389 goto continue_with_failure;
390 }
391 }
385 392
386 if (retval != SUCCESS) { 393 SUHOSIN_G(num_uploads)++;
387 suhosin_log(S_FILES, "fileupload verification script disallows file - file dropped"); 394 break;
388 if (!SUHOSIN_G(simulation)) {
389 goto continue_with_failure;
390 }
391 }
392 395
393 SUHOSIN_G(num_uploads)++; 396 case MULTIPART_EVENT_END:
394 break; 397 /* nothing todo */
398 break;
395 399
396 case MULTIPART_EVENT_END: 400 default:
397 /* nothing todo */ 401 /* unknown: return failure */
398 break; 402 goto continue_with_failure;
399
400 default:
401 /* unknown: return failure */
402 goto continue_with_failure;
403 } 403 }
404continue_with_next: 404continue_with_next:
405#if HAVE_RFC1867_CALLBACK 405#if HAVE_RFC1867_CALLBACK
406 if (php_rfc1867_callback != NULL) { 406 if (php_rfc1867_callback != NULL) {
407 return php_rfc1867_callback(event, event_data, extra TSRMLS_CC); 407 return php_rfc1867_callback(event, event_data, extra TSRMLS_CC);
@@ -409,7 +409,7 @@ continue_with_next:
409#endif 409#endif
410 return SUCCESS; 410 return SUCCESS;
411continue_with_failure: 411continue_with_failure:
412 SUHOSIN_G(abort_request) = 1; 412 SUHOSIN_G(abort_request) = 1;
413 return FAILURE; 413 return FAILURE;
414} 414}
415 415