summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.travis.yml24
-rw-r--r--Changelog6
-rw-r--r--crypt.c66
-rw-r--r--execute.c660
-rw-r--r--header.c84
-rw-r--r--ifilter.c236
-rw-r--r--log.c9
-rw-r--r--php_suhosin.h47
-rw-r--r--rfc1867_new.c11
-rw-r--r--session.c445
-rw-r--r--suhosin.c533
-rw-r--r--tests/executor/memory_limit_negative.phpt (renamed from tests/executor/negative_memory_limit.phpt)0
-rw-r--r--tests/filter/cookie_disallow_nul.phpt (renamed from tests/filter/input_filter_cookie_disallow_nul.phpt)0
-rw-r--r--tests/filter/cookie_disallow_ws.phpt (renamed from tests/filter/get_filter_cookie_disallow_ws.phpt)0
-rw-r--r--tests/filter/cookie_max_array_depth.phpt (renamed from tests/filter/input_filter_cookie_max_array_depth.phpt)0
-rw-r--r--tests/filter/cookie_max_array_index_length.phpt (renamed from tests/filter/input_filter_cookie_max_array_index_length.phpt)0
-rw-r--r--tests/filter/cookie_max_name_length.phpt (renamed from tests/filter/input_filter_cookie_max_name_length.phpt)0
-rw-r--r--tests/filter/cookie_max_totalname_length.phpt (renamed from tests/filter/input_filter_cookie_max_totalname_length.phpt)0
-rw-r--r--tests/filter/cookie_max_value_length.phpt (renamed from tests/filter/input_filter_cookie_max_value_length.phpt)0
-rw-r--r--tests/filter/cookie_max_vars.phpt (renamed from tests/filter/input_filter_cookie_max_vars.phpt)0
-rw-r--r--tests/filter/get_allow_ws.phpt (renamed from tests/filter/get_filter_allow_ws.phpt)0
-rw-r--r--tests/filter/get_disallow_nul.phpt (renamed from tests/filter/input_filter_get_disallow_nul.phpt)0
-rw-r--r--tests/filter/get_disallow_ws.phpt (renamed from tests/filter/get_filter_get_disallow_ws.phpt)0
-rw-r--r--tests/filter/get_max_array_depth.phpt (renamed from tests/filter/input_filter_get_max_array_depth.phpt)0
-rw-r--r--tests/filter/get_max_array_index_length.phpt (renamed from tests/filter/input_filter_get_max_array_index_length.phpt)0
-rw-r--r--tests/filter/get_max_name_length.phpt (renamed from tests/filter/input_filter_get_max_name_length.phpt)0
-rw-r--r--tests/filter/get_max_totalname_length.phpt (renamed from tests/filter/input_filter_get_max_totalname_length.phpt)0
-rw-r--r--tests/filter/get_max_value_length.phpt (renamed from tests/filter/input_filter_get_max_value_length.phpt)0
-rw-r--r--tests/filter/post_disallow_nul.phpt (renamed from tests/filter/input_filter_post_disallow_nul.phpt)0
-rw-r--r--tests/filter/post_disallow_nul_rfc1867.phpt (renamed from tests/filter/input_filter_post_disallow_nul_rfc1867.phpt)bin1508 -> 1508 bytes
-rw-r--r--tests/filter/post_disallow_ws.phpt (renamed from tests/filter/get_filter_post_disallow_ws.phpt)0
-rw-r--r--tests/filter/post_fileupload_array_index_blacklist.phpt2
-rw-r--r--tests/filter/post_fileupload_array_index_whitelist.phpt2
-rw-r--r--tests/filter/post_max_array_depth.phpt (renamed from tests/filter/input_filter_post_max_array_depth.phpt)0
-rw-r--r--tests/filter/post_max_array_depth_rfc1867.phpt (renamed from tests/filter/input_filter_post_max_array_depth_rfc1867.phpt)0
-rw-r--r--tests/filter/post_max_array_index_length.phpt (renamed from tests/filter/input_filter_post_max_array_index_length.phpt)0
-rw-r--r--tests/filter/post_max_array_index_length_rfc1867.phpt (renamed from tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt)0
-rw-r--r--tests/filter/post_max_name_length.phpt (renamed from tests/filter/input_filter_post_max_name_length.phpt)0
-rw-r--r--tests/filter/post_max_name_length_rfc1867.phpt (renamed from tests/filter/input_filter_post_max_name_length_rfc1867.phpt)0
-rw-r--r--tests/filter/post_max_totalname_length.phpt (renamed from tests/filter/input_filter_post_max_totalname_length.phpt)0
-rw-r--r--tests/filter/post_max_totalname_length_rfc1867.phpt (renamed from tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt)0
-rw-r--r--tests/filter/post_max_value_length.phpt (renamed from tests/filter/input_filter_post_max_value_length.phpt)0
-rw-r--r--tests/filter/post_max_value_length_rfc1867.phpt (renamed from tests/filter/input_filter_post_max_value_length_rfc1867.phpt)bin1912 -> 1912 bytes
-rw-r--r--tests/filter/request_array_index_blacklist.phpt (renamed from tests/filter/input_filter_request_array_index_blacklist.phpt)2
-rw-r--r--tests/filter/request_array_index_whitelist.phpt (renamed from tests/filter/input_filter_request_array_index_whitelist.phpt)2
-rw-r--r--tests/filter/request_disallow_nul.phpt (renamed from tests/filter/input_filter_request_disallow_nul.phpt)0
-rw-r--r--tests/filter/request_disallow_ws.phpt (renamed from tests/filter/get_filter_request_disallow_ws.phpt)0
-rw-r--r--tests/filter/request_max_array_depth.phpt (renamed from tests/filter/input_filter_request_max_array_depth.phpt)0
-rw-r--r--tests/filter/request_max_array_index_length.phpt (renamed from tests/filter/input_filter_request_max_array_index_length.phpt)0
-rw-r--r--tests/filter/request_max_name_length.phpt (renamed from tests/filter/input_filter_request_max_name_length.phpt)0
-rw-r--r--tests/filter/request_max_totalname_length.phpt (renamed from tests/filter/input_filter_request_max_totalname_length.phpt)0
-rw-r--r--tests/logging/log_max_error_length.phpt19
-rw-r--r--treat_data.c34
-rw-r--r--ufilter.c252
54 files changed, 1242 insertions, 1192 deletions
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..86b9f92
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,24 @@
1language: php
2os: linux
3
4php:
5 - 5.6
6 - 5.5
7 - 5.4
8
9env:
10 - CC=gcc CFLAGS=""
11 - CC=clang CFLAGS=""
12
13before_install:
14 - lsb_release -a
15 - uname -a
16
17before_script:
18 - phpize
19 - ./configure --enable-suhosin-experimental
20 - make -j2 CFLAGS="-DSUHOSIN_DEBUG=1"
21 - phpenv config-rm xdebug.ini
22
23script:
24 - make test NO_INTERACTION=1
diff --git a/Changelog b/Changelog
index 874e00b..3ee375d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,8 @@
12016-xx-xx - 0.9.39dev 12016-xx-xx - 0.9.39dev2
2 - some improvements for Windows (NewEraCracker)
3 - fixes for test cases (NewEraCracker)
4 - new feature: suhosin.log.max_error_length to limit the error output
5 - fixed function_exists wrapper to ignore backslash-prefixes (#92)
2 - backport of PHP bug 71152: mt_rand() returns the different values from original mt19937ar.c 6 - backport of PHP bug 71152: mt_rand() returns the different values from original mt19937ar.c
3 - removed dead code 7 - removed dead code
4 - better debian integration 8 - better debian integration
diff --git a/crypt.c b/crypt.c
index e6867e1..318bd6c 100644
--- a/crypt.c
+++ b/crypt.c
@@ -30,7 +30,7 @@
30 30
31static void suhosin_get_ipv4(char *buf TSRMLS_DC) 31static void suhosin_get_ipv4(char *buf TSRMLS_DC)
32{ 32{
33 char *raddr = suhosin_getenv("REMOTE_ADDR", sizeof("REMOTE_ADDR")-1 TSRMLS_CC); 33 char *raddr = suhosin_getenv(ZEND_STRL("REMOTE_ADDR") TSRMLS_CC);
34 int i; 34 int i;
35 35
36 36
@@ -38,7 +38,7 @@ static void suhosin_get_ipv4(char *buf TSRMLS_DC)
38 memset(buf, 0, 4); 38 memset(buf, 0, 4);
39 return; 39 return;
40 } 40 }
41 41
42 for (i=0; i<4; i++) { 42 for (i=0; i<4; i++) {
43 if (raddr[0] == 0) { 43 if (raddr[0] == 0) {
44 buf[i] = 0; 44 buf[i] = 0;
@@ -56,7 +56,7 @@ char *suhosin_encrypt_string(char *str, int len, char *var, int vlen, char *key
56 int padded_len, i, slen; 56 int padded_len, i, slen;
57 unsigned char *crypted, *tmp; 57 unsigned char *crypted, *tmp;
58 unsigned int check = 0x13579BDF; 58 unsigned int check = 0x13579BDF;
59 59
60 if (str == NULL) { 60 if (str == NULL) {
61 return NULL; 61 return NULL;
62 } 62 }
@@ -83,10 +83,10 @@ char *suhosin_encrypt_string(char *str, int len, char *var, int vlen, char *key
83 check += check << 1; 83 check += check << 1;
84 check ^= (unsigned char)str[i]; 84 check ^= (unsigned char)str[i];
85 } 85 }
86 86
87 /* store ip value */ 87 /* store ip value */
88 suhosin_get_ipv4((char *)crypted+4 TSRMLS_CC); 88 suhosin_get_ipv4((char *)crypted+4 TSRMLS_CC);
89 89
90 /* store check value */ 90 /* store check value */
91 crypted[8] = check & 0xff; 91 crypted[8] = check & 0xff;
92 crypted[9] = (check >> 8) & 0xff; 92 crypted[9] = (check >> 8) & 0xff;
@@ -98,7 +98,7 @@ char *suhosin_encrypt_string(char *str, int len, char *var, int vlen, char *key
98 crypted[13] = (len >> 8) & 0xff; 98 crypted[13] = (len >> 8) & 0xff;
99 crypted[14] = (len >> 16) & 0xff; 99 crypted[14] = (len >> 16) & 0xff;
100 crypted[15] = (len >> 24) & 0xff; 100 crypted[15] = (len >> 24) & 0xff;
101 101
102 for (i=0, tmp=crypted; i<padded_len+16; i+=16, tmp+=16) { 102 for (i=0, tmp=crypted; i<padded_len+16; i+=16, tmp+=16) {
103 if (i > 0) { 103 if (i > 0) {
104 int j; 104 int j;
@@ -106,7 +106,7 @@ char *suhosin_encrypt_string(char *str, int len, char *var, int vlen, char *key
106 } 106 }
107 suhosin_aes_encrypt((char *)tmp TSRMLS_CC); 107 suhosin_aes_encrypt((char *)tmp TSRMLS_CC);
108 } 108 }
109 109
110 tmp = php_base64_encode(crypted, padded_len+16, NULL); 110 tmp = php_base64_encode(crypted, padded_len+16, NULL);
111 efree(crypted); 111 efree(crypted);
112 slen=strlen((char *)tmp); 112 slen=strlen((char *)tmp);
@@ -126,11 +126,11 @@ char *suhosin_decrypt_string(char *str, int padded_len, char *var, int vlen, cha
126 unsigned char *decrypted, *tmp; 126 unsigned char *decrypted, *tmp;
127 unsigned int check = 0x13579BDF; 127 unsigned int check = 0x13579BDF;
128 char buf[4]; 128 char buf[4];
129 129
130 if (str == NULL) { 130 if (str == NULL) {
131 return NULL; 131 return NULL;
132 } 132 }
133 133
134 if (padded_len == 0) { 134 if (padded_len == 0) {
135 if (orig_len) { 135 if (orig_len) {
136 *orig_len = 0; 136 *orig_len = 0;
@@ -146,7 +146,7 @@ char *suhosin_decrypt_string(char *str, int padded_len, char *var, int vlen, cha
146 case '_': str[i]='+'; break; 146 case '_': str[i]='+'; break;
147 } 147 }
148 } 148 }
149 149
150 decrypted = php_base64_decode((unsigned char *)str, padded_len, &len); 150 decrypted = php_base64_decode((unsigned char *)str, padded_len, &len);
151 if (decrypted == NULL || len < 2*16 || (len % 16) != 0) { 151 if (decrypted == NULL || len < 2*16 || (len % 16) != 0) {
152error_out: 152error_out:
@@ -158,7 +158,7 @@ error_out:
158 } 158 }
159 return NULL; 159 return NULL;
160 } 160 }
161 161
162 for (i=len-16, tmp=decrypted+i; i>=0; i-=16, tmp-=16) { 162 for (i=len-16, tmp=decrypted+i; i>=0; i-=16, tmp-=16) {
163 suhosin_aes_decrypt((char *)tmp TSRMLS_CC); 163 suhosin_aes_decrypt((char *)tmp TSRMLS_CC);
164 if (i > 0) { 164 if (i > 0) {
@@ -166,7 +166,7 @@ error_out:
166 for (j=0; j<16; j++) tmp[j] ^= tmp[j-16]; 166 for (j=0; j<16; j++) tmp[j] ^= tmp[j-16];
167 } 167 }
168 } 168 }
169 169
170 /* retrieve orig_len */ 170 /* retrieve orig_len */
171 o_len = decrypted[15]; 171 o_len = decrypted[15];
172 o_len <<= 8; 172 o_len <<= 8;
@@ -175,7 +175,7 @@ error_out:
175 o_len |= decrypted[13]; 175 o_len |= decrypted[13];
176 o_len <<= 8; 176 o_len <<= 8;
177 o_len |= decrypted[12]; 177 o_len |= decrypted[12];
178 178
179 if (o_len < 0 || o_len > len-16) { 179 if (o_len < 0 || o_len > len-16) {
180 goto error_out; 180 goto error_out;
181 } 181 }
@@ -191,13 +191,13 @@ error_out:
191 check += check << 1; 191 check += check << 1;
192 check ^= decrypted[16+i]; 192 check ^= decrypted[16+i];
193 } 193 }
194 194
195 /* check value */ 195 /* check value */
196 invalid = (decrypted[8] != (check & 0xff)) || 196 invalid = (decrypted[8] != (check & 0xff)) ||
197 (decrypted[9] != ((check >> 8) & 0xff)) || 197 (decrypted[9] != ((check >> 8) & 0xff)) ||
198 (decrypted[10] != ((check >> 16) & 0xff)) || 198 (decrypted[10] != ((check >> 16) & 0xff)) ||
199 (decrypted[11] != ((check >> 24) & 0xff)); 199 (decrypted[11] != ((check >> 24) & 0xff));
200 200
201 /* check IP */ 201 /* check IP */
202 if (check_ra > 0) { 202 if (check_ra > 0) {
203 if (check_ra > 4) { 203 if (check_ra > 4) {
@@ -208,19 +208,19 @@ error_out:
208 goto error_out; 208 goto error_out;
209 } 209 }
210 } 210 }
211 211
212 if (invalid) { 212 if (invalid) {
213 goto error_out; 213 goto error_out;
214 } 214 }
215 215
216 if (orig_len) { 216 if (orig_len) {
217 *orig_len = o_len; 217 *orig_len = o_len;
218 } 218 }
219 219
220 memmove(decrypted, decrypted+16, o_len); 220 memmove(decrypted, decrypted+16, o_len);
221 decrypted[o_len] = 0; 221 decrypted[o_len] = 0;
222 /* we do not realloc() here because 16 byte less 222 /* we do not realloc() here because 16 byte less
223 is simply not worth the overhead */ 223 is simply not worth the overhead */
224 return (char *)decrypted; 224 return (char *)decrypted;
225} 225}
226 226
@@ -230,21 +230,21 @@ char *suhosin_generate_key(char *key, zend_bool ua, zend_bool dr, long raddr, ch
230 char *_dr = NULL; 230 char *_dr = NULL;
231 char *_ra = NULL; 231 char *_ra = NULL;
232 suhosin_SHA256_CTX ctx; 232 suhosin_SHA256_CTX ctx;
233 233
234 if (ua) { 234 if (ua) {
235 _ua = suhosin_getenv("HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT")-1 TSRMLS_CC); 235 _ua = suhosin_getenv(ZEND_STRL("HTTP_USER_AGENT") TSRMLS_CC);
236 } 236 }
237 237
238 if (dr) { 238 if (dr) {
239 _dr = suhosin_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT")-1 TSRMLS_CC); 239 _dr = suhosin_getenv(ZEND_STRL("DOCUMENT_ROOT") TSRMLS_CC);
240 } 240 }
241 241
242 if (raddr > 0) { 242 if (raddr > 0) {
243 _ra = suhosin_getenv("REMOTE_ADDR", sizeof("REMOTE_ADDR")-1 TSRMLS_CC); 243 _ra = suhosin_getenv(ZEND_STRL("REMOTE_ADDR") TSRMLS_CC);
244 } 244 }
245 245
246 SDEBUG("(suhosin_generate_key) KEY: %s - UA: %s - DR: %s - RA: %s", key,_ua,_dr,_ra); 246 SDEBUG("(suhosin_generate_key) KEY: %s - UA: %s - DR: %s - RA: %s", key,_ua,_dr,_ra);
247 247
248 suhosin_SHA256Init(&ctx); 248 suhosin_SHA256Init(&ctx);
249 if (key == NULL || *key == 0) { 249 if (key == NULL || *key == 0) {
250 suhosin_SHA256Update(&ctx, (unsigned char*)"D3F4UL7", strlen("D3F4UL7")); 250 suhosin_SHA256Update(&ctx, (unsigned char*)"D3F4UL7", strlen("D3F4UL7"));
@@ -263,7 +263,7 @@ char *suhosin_generate_key(char *key, zend_bool ua, zend_bool dr, long raddr, ch
263 } else { 263 } else {
264 long dots = 0; 264 long dots = 0;
265 char *tmp = _ra; 265 char *tmp = _ra;
266 266
267 while (*tmp) { 267 while (*tmp) {
268 if (*tmp == '.') { 268 if (*tmp == '.') {
269 dots++; 269 dots++;
@@ -278,6 +278,6 @@ char *suhosin_generate_key(char *key, zend_bool ua, zend_bool dr, long raddr, ch
278 } 278 }
279 suhosin_SHA256Final((unsigned char *)cryptkey, &ctx); 279 suhosin_SHA256Final((unsigned char *)cryptkey, &ctx);
280 cryptkey[32] = 0; /* uhmm... not really a string */ 280 cryptkey[32] = 0; /* uhmm... not really a string */
281 281
282 return cryptkey; 282 return cryptkey;
283} 283}
diff --git a/execute.c b/execute.c
index aa236e2..2d38c3a 100644
--- a/execute.c
+++ b/execute.c
@@ -85,7 +85,7 @@ conts:
85 for (t=h; *n; t++, n++) { 85 for (t=h; *n; t++, n++) {
86 if (toupper(*t) != toupper(*n)) goto conts; 86 if (toupper(*t) != toupper(*n)) goto conts;
87 } 87 }
88 return ((char*)h-1); 88 return ((char*)h-1);
89 } 89 }
90 } 90 }
91 91
@@ -126,7 +126,7 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC)
126 return SUHOSIN_CODE_TYPE_LONGNAME; 126 return SUHOSIN_CODE_TYPE_LONGNAME;
127 } 127 }
128 memcpy(fname, s, len); 128 memcpy(fname, s, len);
129 fname[len] = 0; 129 fname[len] = 0;
130 s = (char *)&fname; 130 s = (char *)&fname;
131 e = s + len; 131 e = s + len;
132 132
@@ -134,14 +134,14 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC)
134 if (len != strlen(s)) { 134 if (len != strlen(s)) {
135 return SUHOSIN_CODE_TYPE_0FILE; 135 return SUHOSIN_CODE_TYPE_0FILE;
136 } 136 }
137 137
138 /* disallow uploaded files */ 138 /* disallow uploaded files */
139 if (SG(rfc1867_uploaded_files)) { 139 if (SG(rfc1867_uploaded_files)) {
140 if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) s, e-s+1)) { 140 if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) s, e-s+1)) {
141 return SUHOSIN_CODE_TYPE_UPLOADED; 141 return SUHOSIN_CODE_TYPE_UPLOADED;
142 } 142 }
143 } 143 }
144 144
145 /* count number of directory traversals */ 145 /* count number of directory traversals */
146 for (i=0; i < len-3; i++) { 146 for (i=0; i < len-3; i++) {
147 if (s[i] == '.' && s[i+1] == '.' && (s[i+2] == '/' || s[i+2] == '\\')) { 147 if (s[i] == '.' && s[i+1] == '.' && (s[i+2] == '/' || s[i+2] == '\\')) {
@@ -152,7 +152,7 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC)
152 if (SUHOSIN_G(executor_include_max_traversal) && SUHOSIN_G(executor_include_max_traversal)<=count) { 152 if (SUHOSIN_G(executor_include_max_traversal) && SUHOSIN_G(executor_include_max_traversal)<=count) {
153 return SUHOSIN_CODE_TYPE_MANYDOTS; 153 return SUHOSIN_CODE_TYPE_MANYDOTS;
154 } 154 }
155 155
156SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist)); 156SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
157 /* no black or whitelist then disallow all */ 157 /* no black or whitelist then disallow all */
158 if (SUHOSIN_G(include_whitelist)==NULL && SUHOSIN_G(include_blacklist)==NULL) { 158 if (SUHOSIN_G(include_whitelist)==NULL && SUHOSIN_G(include_blacklist)==NULL) {
@@ -160,29 +160,29 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
160 if (strstr(s, "://") != NULL || suhosin_strcasestr(s, "data:") != NULL) { 160 if (strstr(s, "://") != NULL || suhosin_strcasestr(s, "data:") != NULL) {
161 return SUHOSIN_CODE_TYPE_BADURL; 161 return SUHOSIN_CODE_TYPE_BADURL;
162 } 162 }
163 } else 163 } else
164 /* whitelist is stronger than blacklist */ 164 /* whitelist is stronger than blacklist */
165 if (SUHOSIN_G(include_whitelist)) { 165 if (SUHOSIN_G(include_whitelist)) {
166 166
167 do { 167 do {
168 isOk = 0; 168 isOk = 0;
169 169
170 h = strstr(s, "://"); 170 h = strstr(s, "://");
171 h2 = suhosin_strcasestr(s, "data:"); 171 h2 = suhosin_strcasestr(s, "data:");
172 h2 = h2 == NULL ? NULL : h2 + 4; 172 h2 = h2 == NULL ? NULL : h2 + 4;
173 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); 173 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
174 if (h == NULL) break; 174 if (h == NULL) break;
175 175
176 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { 176 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
177 t--; 177 t--;
178 } 178 }
179 179
180 tlen = e-t; 180 tlen = e-t;
181 181
182 zend_hash_internal_pointer_reset(SUHOSIN_G(include_whitelist)); 182 zend_hash_internal_pointer_reset(SUHOSIN_G(include_whitelist));
183 do { 183 do {
184 int r = zend_hash_get_current_key_ex(SUHOSIN_G(include_whitelist), &index, &indexlen, &numindex, 0, NULL); 184 int r = zend_hash_get_current_key_ex(SUHOSIN_G(include_whitelist), &index, &indexlen, &numindex, 0, NULL);
185 185
186 if (r==HASH_KEY_NON_EXISTANT) { 186 if (r==HASH_KEY_NON_EXISTANT) {
187 break; 187 break;
188 } 188 }
@@ -194,28 +194,28 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
194 } 194 }
195 } 195 }
196 } 196 }
197 197
198 zend_hash_move_forward(SUHOSIN_G(include_whitelist)); 198 zend_hash_move_forward(SUHOSIN_G(include_whitelist));
199 } while (1); 199 } while (1);
200 200
201 /* not found in whitelist */ 201 /* not found in whitelist */
202 if (!isOk) { 202 if (!isOk) {
203 return SUHOSIN_CODE_TYPE_BADURL; 203 return SUHOSIN_CODE_TYPE_BADURL;
204 } 204 }
205 205
206 s = h + 1; 206 s = h + 1;
207 } while (1); 207 } while (1);
208 } else { 208 } else {
209 209
210 do { 210 do {
211 int tlen; 211 int tlen;
212 212
213 h = strstr(s, "://"); 213 h = strstr(s, "://");
214 h2 = suhosin_strcasestr(s, "data:"); 214 h2 = suhosin_strcasestr(s, "data:");
215 h2 = h2 == NULL ? NULL : h2 + 4; 215 h2 = h2 == NULL ? NULL : h2 + 4;
216 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); 216 t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
217 if (h == NULL) break; 217 if (h == NULL) break;
218 218
219 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { 219 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
220 t--; 220 t--;
221 } 221 }
@@ -236,21 +236,21 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist));
236 } 236 }
237 } 237 }
238 } 238 }
239 239
240 zend_hash_move_forward(SUHOSIN_G(include_blacklist)); 240 zend_hash_move_forward(SUHOSIN_G(include_blacklist));
241 } while (1); 241 } while (1);
242 242
243 s = h + 1; 243 s = h + 1;
244 } while (1); 244 } while (1);
245 } 245 }
246 246
247 /* disallow writable files */ 247 /* disallow writable files */
248 if (!SUHOSIN_G(executor_include_allow_writable_files)) { 248 if (!SUHOSIN_G(executor_include_allow_writable_files)) {
249 /* protection against *REMOTE* attacks, potential 249 /* protection against *REMOTE* attacks, potential
250 race condition of access() is irrelevant */ 250 race condition of access() is irrelevant */
251 if (access(s, W_OK) == 0) { 251 if (access(s, W_OK) == 0) {
252 return SUHOSIN_CODE_TYPE_WRITABLE; 252 return SUHOSIN_CODE_TYPE_WRITABLE;
253 } 253 }
254 } 254 }
255 255
256 return SUHOSIN_CODE_TYPE_GOODFILE; 256 return SUHOSIN_CODE_TYPE_GOODFILE;
@@ -265,39 +265,39 @@ static int suhosin_zend_stream_open(const char *filename, zend_file_handle *fh T
265 exd=EG(current_execute_data); 265 exd=EG(current_execute_data);
266 if (EG(in_execution) && (exd!=NULL) && (exd->opline != NULL) && (exd->opline->opcode == ZEND_INCLUDE_OR_EVAL)) { 266 if (EG(in_execution) && (exd!=NULL) && (exd->opline != NULL) && (exd->opline->opcode == ZEND_INCLUDE_OR_EVAL)) {
267 int filetype = suhosin_check_filename((char *)filename, strlen(filename) TSRMLS_CC); 267 int filetype = suhosin_check_filename((char *)filename, strlen(filename) TSRMLS_CC);
268 268
269 switch (filetype) { 269 switch (filetype) {
270 case SUHOSIN_CODE_TYPE_LONGNAME: 270 case SUHOSIN_CODE_TYPE_LONGNAME:
271 suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename); 271 suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename);
272 suhosin_bailout(TSRMLS_C); 272 suhosin_bailout(TSRMLS_C);
273 break; 273 break;
274 274
275 case SUHOSIN_CODE_TYPE_UPLOADED: 275 case SUHOSIN_CODE_TYPE_UPLOADED:
276 suhosin_log(S_INCLUDE, "Include filename is an uploaded file"); 276 suhosin_log(S_INCLUDE, "Include filename is an uploaded file");
277 suhosin_bailout(TSRMLS_C); 277 suhosin_bailout(TSRMLS_C);
278 break; 278 break;
279 279
280 case SUHOSIN_CODE_TYPE_0FILE: 280 case SUHOSIN_CODE_TYPE_0FILE:
281 suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character"); 281 suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character");
282 suhosin_bailout(TSRMLS_C); 282 suhosin_bailout(TSRMLS_C);
283 break; 283 break;
284 284
285 case SUHOSIN_CODE_TYPE_WRITABLE: 285 case SUHOSIN_CODE_TYPE_WRITABLE:
286 suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename); 286 suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename);
287 suhosin_bailout(TSRMLS_C); 287 suhosin_bailout(TSRMLS_C);
288 break; 288 break;
289 289
290 case SUHOSIN_CODE_TYPE_BLACKURL: 290 case SUHOSIN_CODE_TYPE_BLACKURL:
291 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename); 291 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename);
292 suhosin_bailout(TSRMLS_C); 292 suhosin_bailout(TSRMLS_C);
293 break; 293 break;
294 294
295 case SUHOSIN_CODE_TYPE_BADURL: 295 case SUHOSIN_CODE_TYPE_BADURL:
296 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename); 296 suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename);
297 suhosin_bailout(TSRMLS_C); 297 suhosin_bailout(TSRMLS_C);
298 break; 298 break;
299 299
300 case SUHOSIN_CODE_TYPE_MANYDOTS: 300 case SUHOSIN_CODE_TYPE_MANYDOTS:
301 suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename); 301 suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename);
302 suhosin_bailout(TSRMLS_C); 302 suhosin_bailout(TSRMLS_C);
303 break; 303 break;
@@ -313,14 +313,13 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
313 int r; 313 int r;
314 314
315 s = (char *)op_array->filename; 315 s = (char *)op_array->filename;
316 316
317 /* eval, assert, create_function, preg_replace */ 317 /* eval, assert, create_function, preg_replace */
318 if (op_array->type == ZEND_EVAL_CODE) { 318 if (op_array->type == ZEND_EVAL_CODE) {
319
320 if (s == NULL) { 319 if (s == NULL) {
321 return SUHOSIN_CODE_TYPE_UNKNOWN; 320 return SUHOSIN_CODE_TYPE_UNKNOWN;
322 } 321 }
323 322
324 if (strstr(s, "eval()'d code") != NULL) { 323 if (strstr(s, "eval()'d code") != NULL) {
325 return SUHOSIN_CODE_TYPE_EVAL; 324 return SUHOSIN_CODE_TYPE_EVAL;
326 } 325 }
@@ -340,7 +339,7 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
340 if (strstr(s, "runtime-created function") != NULL) { 339 if (strstr(s, "runtime-created function") != NULL) {
341 return SUHOSIN_CODE_TYPE_CFUNC; 340 return SUHOSIN_CODE_TYPE_CFUNC;
342 } 341 }
343 342
344 if (strstr(s, "Command line code") != NULL) { 343 if (strstr(s, "Command line code") != NULL) {
345 return SUHOSIN_CODE_TYPE_COMMANDLINE; 344 return SUHOSIN_CODE_TYPE_COMMANDLINE;
346 } 345 }
@@ -356,28 +355,21 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
356 if (strstr(s, "Command line end code") != NULL) { 355 if (strstr(s, "Command line end code") != NULL) {
357 return SUHOSIN_CODE_TYPE_COMMANDLINE; 356 return SUHOSIN_CODE_TYPE_COMMANDLINE;
358 } 357 }
359 358
360 if (strstr(s, "suhosin internal code") != NULL) { 359 if (strstr(s, "suhosin internal code") != NULL) {
361 return SUHOSIN_CODE_TYPE_SUHOSIN; 360 return SUHOSIN_CODE_TYPE_SUHOSIN;
362 } 361 }
363
364 } else { 362 } else {
365
366 r = suhosin_check_filename(s, strlen(s) TSRMLS_CC); 363 r = suhosin_check_filename(s, strlen(s) TSRMLS_CC);
367/* switch (r) {
368 case SUHOSIN_CODE_TYPE_GOODFILE:
369 break;
370 } */
371 return r; 364 return r;
372
373 } 365 }
374 366
375 return SUHOSIN_CODE_TYPE_UNKNOWN; 367 return SUHOSIN_CODE_TYPE_UNKNOWN;
376} 368}
377 369
378/* {{{ void suhosin_execute_ex(zend_op_array *op_array TSRMLS_DC) 370/* {{{ void suhosin_execute_ex(zend_op_array *op_array TSRMLS_DC)
379 * This function provides a hook for execution */ 371 * This function provides a hook for execution */
380#if PHP_VERSION_ID > 50500 372#if PHP_VERSION_ID >= 50500
381static void suhosin_execute_ex(zend_execute_data *execute_data TSRMLS_DC) 373static void suhosin_execute_ex(zend_execute_data *execute_data TSRMLS_DC)
382{ 374{
383 zend_op_array *op_array = execute_data->op_array; 375 zend_op_array *op_array = execute_data->op_array;
@@ -391,12 +383,12 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
391 zval cs; 383 zval cs;
392 zend_uint orig_code_type; 384 zend_uint orig_code_type;
393 unsigned long *suhosin_flags = NULL; 385 unsigned long *suhosin_flags = NULL;
394 386
395 /* log variable dropping statistics */ 387 /* log variable dropping statistics */
396 if (SUHOSIN_G(abort_request)) { 388 if (SUHOSIN_G(abort_request)) {
397 389
398 SUHOSIN_G(abort_request) = 0; /* we only want this to happen the first time */ 390 SUHOSIN_G(abort_request) = 0; /* we only want this to happen the first time */
399 391
400 if (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0) { 392 if (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0) {
401 suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", 393 suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)",
402 SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables), 394 SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables),
@@ -404,33 +396,33 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
404 SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars), 396 SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars),
405 SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars)); 397 SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars));
406 } 398 }
407 399
408 if (!SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) { 400 if (!SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) {
409 401
410 char *action = SUHOSIN_G(filter_action); 402 char *action = SUHOSIN_G(filter_action);
411 long code = -1; 403 long code = -1;
412 404
413 while (*action == ' ' || *action == '\t') action++; 405 while (*action == ' ' || *action == '\t') action++;
414 406
415 if (*action >= '0' && *action <= '9') { 407 if (*action >= '0' && *action <= '9') {
416 char *end = action; 408 char *end = action;
417 while (*end && *end != ',' && *end != ';') end++; 409 while (*end && *end != ',' && *end != ';') end++;
418 code = zend_atoi(action, end-action); 410 code = zend_atoi(action, end-action);
419 action = end; 411 action = end;
420 } 412 }
421 413
422 while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++; 414 while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++;
423 415
424 if (*action) { 416 if (*action) {
425 417
426 if (strncasecmp("http://", action, sizeof("http://")-1)==0 418 if (strncasecmp("http://", action, sizeof("http://")-1)==0
427 || strncasecmp("https://", action, sizeof("https://")-1)==0) { 419 || strncasecmp("https://", action, sizeof("https://")-1)==0) {
428 sapi_header_line ctr = {0}; 420 sapi_header_line ctr = {0};
429 421
430 if (code == -1) { 422 if (code == -1) {
431 code = 302; 423 code = 302;
432 } 424 }
433 425
434 ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); 426 ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action);
435 ctr.response_code = code; 427 ctr.response_code = code;
436 sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); 428 sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
@@ -439,11 +431,11 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
439 zend_file_handle file_handle; 431 zend_file_handle file_handle;
440 zend_op_array *new_op_array; 432 zend_op_array *new_op_array;
441 zval *result = NULL; 433 zval *result = NULL;
442 434
443 if (code == -1) { 435 if (code == -1) {
444 code = 200; 436 code = 200;
445 } 437 }
446 438
447 if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) { 439 if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) {
448 if (!file_handle.opened_path) { 440 if (!file_handle.opened_path) {
449 file_handle.opened_path = estrndup(action, strlen(action)); 441 file_handle.opened_path = estrndup(action, strlen(action));
@@ -472,24 +464,24 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
472 } 464 }
473 } 465 }
474 } 466 }
475 467
476 sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC); 468 sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC);
477 zend_bailout(); 469 zend_bailout();
478 } 470 }
479 } 471 }
480 472
481 SDEBUG("%s %s", op_array->filename, op_array->function_name); 473 SDEBUG("%s %s", op_array->filename, op_array->function_name);
482 474
483 SUHOSIN_G(execution_depth)++; 475 SUHOSIN_G(execution_depth)++;
484 476
485 if (SUHOSIN_G(max_execution_depth) && SUHOSIN_G(execution_depth) > SUHOSIN_G(max_execution_depth)) { 477 if (SUHOSIN_G(max_execution_depth) && SUHOSIN_G(execution_depth) > SUHOSIN_G(max_execution_depth)) {
486 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated"); 478 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated");
487 suhosin_bailout(TSRMLS_C); 479 suhosin_bailout(TSRMLS_C);
488 } 480 }
489 481
490 fn = (char *)op_array->filename; 482 fn = (char *)op_array->filename;
491 len = strlen(fn); 483 len = strlen(fn);
492 484
493 orig_code_type = SUHOSIN_G(in_code_type); 485 orig_code_type = SUHOSIN_G(in_code_type);
494 if (op_array->type == ZEND_EVAL_CODE) { 486 if (op_array->type == ZEND_EVAL_CODE) {
495 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; 487 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL;
@@ -497,7 +489,7 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
497 if (suhosin_zend_extension_entry.resource_number != -1) { 489 if (suhosin_zend_extension_entry.resource_number != -1) {
498 suhosin_flags = (unsigned long *) &op_array->reserved[suhosin_zend_extension_entry.resource_number]; 490 suhosin_flags = (unsigned long *) &op_array->reserved[suhosin_zend_extension_entry.resource_number];
499 SDEBUG("suhosin flags: %08lx", *suhosin_flags); 491 SDEBUG("suhosin flags: %08lx", *suhosin_flags);
500 492
501 if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) { 493 if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) {
502 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; 494 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL;
503 } 495 }
@@ -505,7 +497,7 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
505 goto not_evaled_code; 497 goto not_evaled_code;
506 } 498 }
507 } 499 }
508 500
509 if (strstr(op_array->filename, "eval()'d code")) { 501 if (strstr(op_array->filename, "eval()'d code")) {
510 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; 502 SUHOSIN_G(in_code_type) = SUHOSIN_EVAL;
511 } else { 503 } else {
@@ -523,39 +515,39 @@ not_evaled_code:
523/* if (SUHOSIN_G(deactivate)) { 515/* if (SUHOSIN_G(deactivate)) {
524 goto continue_execution; 516 goto continue_execution;
525 } 517 }
526*/ 518*/
527 519
528 op_array_type = suhosin_detect_codetype(op_array TSRMLS_CC); 520 op_array_type = suhosin_detect_codetype(op_array TSRMLS_CC);
529 521
530 switch (op_array_type) { 522 switch (op_array_type) {
531 case SUHOSIN_CODE_TYPE_EVAL: 523 case SUHOSIN_CODE_TYPE_EVAL:
532 if (SUHOSIN_G(executor_disable_eval)) { 524 if (SUHOSIN_G(executor_disable_eval)) {
533 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of eval is forbidden by configuration"); 525 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of eval is forbidden by configuration");
534 if (!SUHOSIN_G(simulation)) { 526 if (!SUHOSIN_G(simulation)) {
535 zend_error(E_ERROR, "SUHOSIN - Use of eval is forbidden by configuration"); 527 zend_error(E_ERROR, "SUHOSIN - Use of eval is forbidden by configuration");
536 } 528 }
537 } 529 }
538 break; 530 break;
539 531
540 case SUHOSIN_CODE_TYPE_REGEXP: 532 case SUHOSIN_CODE_TYPE_REGEXP:
541 if (SUHOSIN_G(executor_disable_emod)) { 533 if (SUHOSIN_G(executor_disable_emod)) {
542 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration"); 534 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration");
543 if (!SUHOSIN_G(simulation)) { 535 if (!SUHOSIN_G(simulation)) {
544 zend_error(E_ERROR, "SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration"); 536 zend_error(E_ERROR, "SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration");
545 } 537 }
546 } 538 }
547 break; 539 break;
548 540
549 case SUHOSIN_CODE_TYPE_MBREGEXP: 541 case SUHOSIN_CODE_TYPE_MBREGEXP:
550 /* XXX TODO: Do we want to disallow this, too? */ 542 /* XXX TODO: Do we want to disallow this, too? */
551 break; 543 break;
552 544
553 case SUHOSIN_CODE_TYPE_ASSERT: 545 case SUHOSIN_CODE_TYPE_ASSERT:
554 break; 546 break;
555 547
556 case SUHOSIN_CODE_TYPE_CFUNC: 548 case SUHOSIN_CODE_TYPE_CFUNC:
557 break; 549 break;
558 550
559 case SUHOSIN_CODE_TYPE_LONGNAME: 551 case SUHOSIN_CODE_TYPE_LONGNAME:
560 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", op_array->filename); 552 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", op_array->filename);
561 suhosin_bailout(TSRMLS_C); 553 suhosin_bailout(TSRMLS_C);
@@ -565,49 +557,49 @@ not_evaled_code:
565 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", op_array->filename); 557 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", op_array->filename);
566 suhosin_bailout(TSRMLS_C); 558 suhosin_bailout(TSRMLS_C);
567 break; 559 break;
568 560
569 case SUHOSIN_CODE_TYPE_UPLOADED: 561 case SUHOSIN_CODE_TYPE_UPLOADED:
570 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file"); 562 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file");
571 suhosin_bailout(TSRMLS_C); 563 suhosin_bailout(TSRMLS_C);
572 break; 564 break;
573 565
574 case SUHOSIN_CODE_TYPE_0FILE: 566 case SUHOSIN_CODE_TYPE_0FILE:
575 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character"); 567 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character");
576 suhosin_bailout(TSRMLS_C); 568 suhosin_bailout(TSRMLS_C);
577 break; 569 break;
578
579 case SUHOSIN_CODE_TYPE_WRITABLE:
580 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", op_array->filename);
581 suhosin_bailout(TSRMLS_C);
582 break;
583 570
584 case SUHOSIN_CODE_TYPE_BLACKURL: 571 case SUHOSIN_CODE_TYPE_WRITABLE:
572 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", op_array->filename);
573 suhosin_bailout(TSRMLS_C);
574 break;
575
576 case SUHOSIN_CODE_TYPE_BLACKURL:
585 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", op_array->filename); 577 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", op_array->filename);
586 suhosin_bailout(TSRMLS_C); 578 suhosin_bailout(TSRMLS_C);
587 break; 579 break;
588 580
589 case SUHOSIN_CODE_TYPE_BADURL: 581 case SUHOSIN_CODE_TYPE_BADURL:
590 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", op_array->filename); 582 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", op_array->filename);
591 suhosin_bailout(TSRMLS_C); 583 suhosin_bailout(TSRMLS_C);
592 break; 584 break;
593 585
594 case SUHOSIN_CODE_TYPE_BADFILE: 586 case SUHOSIN_CODE_TYPE_BADFILE:
595 cs.type = IS_STRING; 587 cs.type = IS_STRING;
596#define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));" 588#define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));"
597 cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1); 589 cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1);
598 cs.value.str.len = sizeof(DIE_WITH_MSG)-1; 590 cs.value.str.len = sizeof(DIE_WITH_MSG)-1;
599 new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC); 591 new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC);
600 if (new_op_array) { 592 if (new_op_array) {
601 op_array = new_op_array; 593 op_array = new_op_array;
602 goto continue_execution; 594 goto continue_execution;
603 } 595 }
604 suhosin_bailout(TSRMLS_C); 596 suhosin_bailout(TSRMLS_C);
605 break; 597 break;
606 598
607 case SUHOSIN_CODE_TYPE_COMMANDLINE: 599 case SUHOSIN_CODE_TYPE_COMMANDLINE:
608 case SUHOSIN_CODE_TYPE_SUHOSIN: 600 case SUHOSIN_CODE_TYPE_SUHOSIN:
609 case SUHOSIN_CODE_TYPE_UNKNOWN: 601 case SUHOSIN_CODE_TYPE_UNKNOWN:
610 case SUHOSIN_CODE_TYPE_GOODFILE: 602 case SUHOSIN_CODE_TYPE_GOODFILE:
611 goto continue_execution; 603 goto continue_execution;
612 } 604 }
613 605
@@ -640,7 +632,7 @@ static void suhosin_execute(zend_op_array *op_array TSRMLS_DC)
640static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC) 632static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC)
641{ 633{
642 suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC); 634 suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC);
643} 635}
644/* }}} */ 636/* }}} */
645#endif 637#endif
646 638
@@ -674,30 +666,30 @@ int ih_preg_replace(IH_HANDLER_PARAMS)
674 **limit, **zcount; 666 **limit, **zcount;
675 667
676 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|ZZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) { 668 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|ZZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) {
677 return(0); 669 return (1);
678 } 670 }
679 671
680 if (Z_TYPE_PP(regex) == IS_ARRAY) { 672 if (Z_TYPE_PP(regex) == IS_ARRAY) {
681 zval **regex_entry; 673 zval **regex_entry;
682 674
683 zend_hash_internal_pointer_reset(Z_ARRVAL_PP(regex)); 675 zend_hash_internal_pointer_reset(Z_ARRVAL_PP(regex));
684 /* For each entry in the regex array, get the entry */ 676 /* For each entry in the regex array, get the entry */
685 while (zend_hash_get_current_data(Z_ARRVAL_PP(regex), (void **)&regex_entry) == SUCCESS) { 677 while (zend_hash_get_current_data(Z_ARRVAL_PP(regex), (void **)&regex_entry) == SUCCESS) {
686 678
687 if (Z_TYPE_PP(regex_entry) == IS_STRING) { 679 if (Z_TYPE_PP(regex_entry) == IS_STRING) {
688 if (strlen(Z_STRVAL_PP(regex_entry)) != Z_STRLEN_PP(regex_entry)) { 680 if (strlen(Z_STRVAL_PP(regex_entry)) != Z_STRLEN_PP(regex_entry)) {
689 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected"); 681 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected");
690 if (!SUHOSIN_G(simulation)) { 682 if (!SUHOSIN_G(simulation)) {
691 RETVAL_FALSE; 683 RETVAL_FALSE;
692 return (1); 684 return (1);
693 } 685 }
694 } 686 }
695 } 687 }
696 688
697 zend_hash_move_forward(Z_ARRVAL_PP(regex)); 689 zend_hash_move_forward(Z_ARRVAL_PP(regex));
698 690
699 } 691 }
700 692
701 } else if (Z_TYPE_PP(regex) == IS_STRING) { 693 } else if (Z_TYPE_PP(regex) == IS_STRING) {
702 if (strlen(Z_STRVAL_PP(regex)) != Z_STRLEN_PP(regex)) { 694 if (strlen(Z_STRVAL_PP(regex)) != Z_STRLEN_PP(regex)) {
703 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected"); 695 suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected");
@@ -707,7 +699,7 @@ int ih_preg_replace(IH_HANDLER_PARAMS)
707 } 699 }
708 } 700 }
709 } 701 }
710 702
711 return (0); 703 return (0);
712} 704}
713 705
@@ -716,7 +708,7 @@ int ih_symlink(IH_HANDLER_PARAMS)
716 if (SUHOSIN_G(executor_allow_symlink)) { 708 if (SUHOSIN_G(executor_allow_symlink)) {
717 return (0); 709 return (0);
718 } 710 }
719 711
720 if (PG(open_basedir) && PG(open_basedir)[0]) { 712 if (PG(open_basedir) && PG(open_basedir)[0]) {
721 suhosin_log(S_EXECUTOR, "symlink called during open_basedir"); 713 suhosin_log(S_EXECUTOR, "symlink called during open_basedir");
722 if (!SUHOSIN_G(simulation)) { 714 if (!SUHOSIN_G(simulation)) {
@@ -724,7 +716,7 @@ int ih_symlink(IH_HANDLER_PARAMS)
724 return (1); 716 return (1);
725 } 717 }
726 } 718 }
727 719
728 return (0); 720 return (0);
729} 721}
730 722
@@ -796,7 +788,7 @@ int ih_mail(IH_HANDLER_PARAMS)
796 } 788 }
797 } 789 }
798 } 790 }
799 791
800 if (SUHOSIN_G(mailprotect) > 1) { 792 if (SUHOSIN_G(mailprotect) > 1) {
801 /* search for to, cc or bcc headers */ 793 /* search for to, cc or bcc headers */
802 if (headers_len > 0 && headers != NULL) { 794 if (headers_len > 0 && headers != NULL) {
@@ -807,7 +799,7 @@ int ih_mail(IH_HANDLER_PARAMS)
807 return (1); 799 return (1);
808 } 800 }
809 } 801 }
810 802
811 if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || suhosin_strcasestr(headers, "\ncc:")) { 803 if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || suhosin_strcasestr(headers, "\ncc:")) {
812 suhosin_log(S_MAIL, "mail() - CC: headers aren't allowed in the headers parameter."); 804 suhosin_log(S_MAIL, "mail() - CC: headers aren't allowed in the headers parameter.");
813 if (!SUHOSIN_G(simulation)) { 805 if (!SUHOSIN_G(simulation)) {
@@ -848,18 +840,18 @@ int ih_querycheck(IH_HANDLER_PARAMS)
848 int cnt_union = 0, cnt_select = 0, cnt_comment = 0, cnt_opencomment = 0; 840 int cnt_union = 0, cnt_select = 0, cnt_comment = 0, cnt_opencomment = 0;
849 int mysql_extension = 0; 841 int mysql_extension = 0;
850 842
851 843
852 SDEBUG("function: %s", ih->name); 844 SDEBUG("function: %s", ih->name);
853 arg_count = (unsigned long) *p; 845 arg_count = (unsigned long) *p;
854 846
855 if (ht < (long) ih->arg1) { 847 if (ht < (long) ih->arg1) {
856 return (0); 848 return (0);
857 } 849 }
858 850
859 if ((long) ih->arg2) { 851 if ((long) ih->arg2) {
860 mysql_extension = 1; 852 mysql_extension = 1;
861 } 853 }
862 854
863 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */ 855 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */
864 856
865 backup = *arg; 857 backup = *arg;
@@ -869,125 +861,125 @@ int ih_querycheck(IH_HANDLER_PARAMS)
869 len = Z_STRLEN_P(backup); 861 len = Z_STRLEN_P(backup);
870 query = Z_STRVAL_P(backup); 862 query = Z_STRVAL_P(backup);
871 SDEBUG("SQL |%s|", query); 863 SDEBUG("SQL |%s|", query);
872 864
873 s = query; 865 s = query;
874 e = s+len; 866 e = s+len;
875 867
876 while (s < e) { 868 while (s < e) {
877 switch (state) 869 switch (state)
878 { 870 {
879 case SQLSTATE_SQL: 871 case SQLSTATE_SQL:
880 switch (s[0]) 872 switch (s[0])
881 { 873 {
882 case '`': 874 case '`':
883 state = SQLSTATE_IDENTIFIER; 875 state = SQLSTATE_IDENTIFIER;
884 quote = '`'; 876 quote = '`';
885 break; 877 break;
886 case '\'': 878 case '\'':
887 case '"': 879 case '"':
888 state = SQLSTATE_STRING; 880 state = SQLSTATE_STRING;
889 quote = *s; 881 quote = *s;
890 break; 882 break;
891 case '/': 883 case '/':
892 if (s[1]=='*') { 884 if (s[1]=='*') {
893 if (mysql_extension == 1 && s[2] == '!') { 885 if (mysql_extension == 1 && s[2] == '!') {
894 s += 2; 886 s += 2;
895 break; 887 break;
896 } 888 }
897 s++; 889 s++;
898 state = SQLSTATE_MLCOMMENT; 890 state = SQLSTATE_MLCOMMENT;
899 cnt_comment++; 891 cnt_comment++;
900 } 892 }
901 break; 893 break;
902 case '-': 894 case '-':
903 if (s[1]=='-') { 895 if (s[1]=='-') {
904 s++; 896 s++;
905 state = SQLSTATE_COMMENT; 897 state = SQLSTATE_COMMENT;
906 cnt_comment++; 898 cnt_comment++;
907 } 899 }
908 break; 900 break;
909 case '#': 901 case '#':
910 state = SQLSTATE_COMMENT; 902 state = SQLSTATE_COMMENT;
911 cnt_comment++; 903 cnt_comment++;
912 break; 904 break;
913 case 'u': 905 case 'u':
914 case 'U': 906 case 'U':
915 if (strncasecmp("union", s, 5)==0) { 907 if (strncasecmp("union", s, 5)==0) {
916 s += 4; 908 s += 4;
917 cnt_union++; 909 cnt_union++;
918 } 910 }
919 break; 911 break;
920 case 's': 912 case 's':
921 case 'S': 913 case 'S':
922 if (strncasecmp("select", s, 6)==0) { 914 if (strncasecmp("select", s, 6)==0) {
923 s += 5; 915 s += 5;
924 cnt_select++; 916 cnt_select++;
925 } 917 }
926 break; 918 break;
927 } 919 }
928 break; 920 break;
929 case SQLSTATE_STRING: 921 case SQLSTATE_STRING:
930 case SQLSTATE_IDENTIFIER: 922 case SQLSTATE_IDENTIFIER:
931 if (s[0] == quote) { 923 if (s[0] == quote) {
932 if (s[1] == quote) { 924 if (s[1] == quote) {
933 s++; 925 s++;
934 } else { 926 } else {
935 state = SQLSTATE_SQL; 927 state = SQLSTATE_SQL;
936 } 928 }
937 } 929 }
938 if (s[0] == '\\') { 930 if (s[0] == '\\') {
939 s++; 931 s++;
940 } 932 }
941 break; 933 break;
942 case SQLSTATE_COMMENT: 934 case SQLSTATE_COMMENT:
943 while (s[0] && s[0] != '\n') { 935 while (s[0] && s[0] != '\n') {
944 s++; 936 s++;
945 } 937 }
946 state = SQLSTATE_SQL; 938 state = SQLSTATE_SQL;
947 break; 939 break;
948 case SQLSTATE_MLCOMMENT: 940 case SQLSTATE_MLCOMMENT:
949 while (s[0] && (s[0] != '*' || s[1] != '/')) { 941 while (s[0] && (s[0] != '*' || s[1] != '/')) {
950 s++; 942 s++;
951 } 943 }
952 if (s[0]) { 944 if (s[0]) {
953 state = SQLSTATE_SQL; 945 state = SQLSTATE_SQL;
954 } 946 }
955 break; 947 break;
956 } 948 }
957 s++; 949 s++;
958 } 950 }
959 if (state == SQLSTATE_MLCOMMENT) { 951 if (state == SQLSTATE_MLCOMMENT) {
960 cnt_opencomment = 1; 952 cnt_opencomment = 1;
961 } 953 }
962 954
963 if (cnt_opencomment && SUHOSIN_G(sql_opencomment)>0) { 955 if (cnt_opencomment && SUHOSIN_G(sql_opencomment)>0) {
964 suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query); 956 suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query);
965 if (SUHOSIN_G(sql_opencomment)>1) { 957 if (SUHOSIN_G(sql_opencomment)>1) {
966 suhosin_bailout(TSRMLS_C); 958 suhosin_bailout(TSRMLS_C);
967 } 959 }
968 } 960 }
969 961
970 if (cnt_comment && SUHOSIN_G(sql_comment)>0) { 962 if (cnt_comment && SUHOSIN_G(sql_comment)>0) {
971 suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query); 963 suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query);
972 if (SUHOSIN_G(sql_comment)>1) { 964 if (SUHOSIN_G(sql_comment)>1) {
973 suhosin_bailout(TSRMLS_C); 965 suhosin_bailout(TSRMLS_C);
974 } 966 }
975 } 967 }
976 968
977 if (cnt_union && SUHOSIN_G(sql_union)>0) { 969 if (cnt_union && SUHOSIN_G(sql_union)>0) {
978 suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query); 970 suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query);
979 if (SUHOSIN_G(sql_union)>1) { 971 if (SUHOSIN_G(sql_union)>1) {
980 suhosin_bailout(TSRMLS_C); 972 suhosin_bailout(TSRMLS_C);
981 } 973 }
982 } 974 }
983 975
984 if (cnt_select>1 && SUHOSIN_G(sql_mselect)>0) { 976 if (cnt_select>1 && SUHOSIN_G(sql_mselect)>0) {
985 suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query); 977 suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query);
986 if (SUHOSIN_G(sql_mselect)>1) { 978 if (SUHOSIN_G(sql_mselect)>1) {
987 suhosin_bailout(TSRMLS_C); 979 suhosin_bailout(TSRMLS_C);
988 } 980 }
989 } 981 }
990 982
991 return (0); 983 return (0);
992} 984}
993 985
@@ -1000,19 +992,19 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1000 char *prefix, *postfix, *user, *user_match, *cp; 992 char *prefix, *postfix, *user, *user_match, *cp;
1001 zval *backup, *my_user; 993 zval *backup, *my_user;
1002 int prefix_len, postfix_len, len; 994 int prefix_len, postfix_len, len;
1003 995
1004 SDEBUG("function (fixusername): %s", ih->name); 996 SDEBUG("function (fixusername): %s", ih->name);
1005 997
1006 prefix = SUHOSIN_G(sql_user_prefix); 998 prefix = SUHOSIN_G(sql_user_prefix);
1007 postfix = SUHOSIN_G(sql_user_postfix); 999 postfix = SUHOSIN_G(sql_user_postfix);
1008 user_match = SUHOSIN_G(sql_user_match); 1000 user_match = SUHOSIN_G(sql_user_match);
1009 1001
1010 arg_count = (unsigned long) *p; 1002 arg_count = (unsigned long) *p;
1011 1003
1012 if (ht < (long) ih->arg1) { 1004 if (ht < (long) ih->arg1) {
1013 return (0); 1005 return (0);
1014 } 1006 }
1015 1007
1016 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */ 1008 arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */
1017 1009
1018 backup = *arg; 1010 backup = *arg;
@@ -1046,18 +1038,18 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1046 } 1038 }
1047 prefix_len = strlen(prefix); 1039 prefix_len = strlen(prefix);
1048 postfix_len = strlen(postfix); 1040 postfix_len = strlen(postfix);
1049 1041
1050 MAKE_STD_ZVAL(my_user); 1042 MAKE_STD_ZVAL(my_user);
1051 my_user->type = IS_STRING; 1043 my_user->type = IS_STRING;
1052 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix); 1044 my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
1053 1045
1054 /* XXX: memory_leak? */ 1046 /* XXX: memory_leak? */
1055 *arg = my_user; 1047 *arg = my_user;
1056 1048
1057 len = Z_STRLEN_P(my_user); 1049 len = Z_STRLEN_P(my_user);
1058 user = Z_STRVAL_P(my_user); 1050 user = Z_STRVAL_P(my_user);
1059 } 1051 }
1060 1052
1061 if (user_match && user_match[0]) { 1053 if (user_match && user_match[0]) {
1062#ifdef HAVE_FNMATCH 1054#ifdef HAVE_FNMATCH
1063 if (fnmatch(user_match, user, 0) != 0) { 1055 if (fnmatch(user_match, user, 0) != 0) {
@@ -1076,7 +1068,7 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1076 } 1068 }
1077#endif 1069#endif
1078 } 1070 }
1079 1071
1080 SDEBUG("function: %s - user: %s", ih->name, user); 1072 SDEBUG("function: %s - user: %s", ih->name, user);
1081 1073
1082 return (0); 1074 return (0);
@@ -1085,58 +1077,73 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1085 1077
1086static int ih_function_exists(IH_HANDLER_PARAMS) 1078static int ih_function_exists(IH_HANDLER_PARAMS)
1087{ 1079{
1088 zval **function_name; 1080 char *name;
1081 int name_len;
1089 zend_function *func; 1082 zend_function *func;
1090 char *lcname; 1083 char *lcname;
1091 zend_bool retval; 1084 zend_bool retval;
1092 int func_name_len; 1085
1093 1086 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &name, &name_len) == FAILURE) {
1094 if (ZEND_NUM_ARGS()!=1 || zend_get_parameters_ex(1, &function_name)==FAILURE) { 1087 return 1;
1095 ZEND_WRONG_PARAM_COUNT_WITH_RETVAL(1); 1088 }
1089
1090 if (name_len <= 0) {
1091 RETVAL_BOOL(0);
1092 return 1;
1093 }
1094
1095 lcname = zend_str_tolower_dup(name, name_len);
1096
1097 /* Ignore leading "\" */
1098 name = lcname;
1099 if (lcname[0] == '\\') {
1100 name = &lcname[1];
1101 name_len--;
1096 } 1102 }
1097 convert_to_string_ex(function_name);
1098 func_name_len = Z_STRLEN_PP(function_name);
1099 lcname = estrndup(Z_STRVAL_PP(function_name), func_name_len);
1100 zend_str_tolower(lcname, func_name_len);
1101 1103
1102 retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS); 1104 retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS);
1103 1105
1104 /* 1106 /*
1105 * A bit of a hack, but not a bad one: we see if the handler of the function 1107 * A bit of a hack, but not a bad one: we see if the handler of the function
1106 * is actually one that displays "function is disabled" message. 1108 * is actually one that displays "function is disabled" message.
1107 */ 1109 */
1108 if (retval && func->type == ZEND_INTERNAL_FUNCTION && 1110 if (retval && func->type == ZEND_INTERNAL_FUNCTION &&
1109 func->internal_function.handler == zif_display_disabled_function) { 1111 func->internal_function.handler == zif_display_disabled_function) {
1110 retval = 0; 1112 retval = 0;
1113 goto ret;
1111 } 1114 }
1112 1115
1113 /* Now check if function is forbidden by Suhosin */ 1116 /* Now check if function is forbidden by Suhosin */
1114 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { 1117 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
1115 if (SUHOSIN_G(eval_whitelist) != NULL) { 1118 if (SUHOSIN_G(eval_whitelist) != NULL) {
1116 if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, func_name_len+1)) { 1119 if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), name, name_len+1)) {
1117 retval = 0; 1120 retval = 0;
1121 goto ret;
1118 } 1122 }
1119 } else if (SUHOSIN_G(eval_blacklist) != NULL) { 1123 } else if (SUHOSIN_G(eval_blacklist) != NULL) {
1120 if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, func_name_len+1)) { 1124 if (zend_hash_exists(SUHOSIN_G(eval_blacklist), name, name_len+1)) {
1121 retval = 0; 1125 retval = 0;
1126 goto ret;
1122 } 1127 }
1123 } 1128 }
1124 } 1129 }
1125 1130
1126 if (SUHOSIN_G(func_whitelist) != NULL) { 1131 if (SUHOSIN_G(func_whitelist) != NULL) {
1127 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, func_name_len+1)) { 1132 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) {
1128 retval = 0; 1133 retval = 0;
1134 goto ret;
1129 } 1135 }
1130 } else if (SUHOSIN_G(func_blacklist) != NULL) { 1136 } else if (SUHOSIN_G(func_blacklist) != NULL) {
1131 if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, func_name_len+1)) { 1137 if (zend_hash_exists(SUHOSIN_G(func_blacklist), name, name_len+1)) {
1132 retval = 0; 1138 retval = 0;
1139 goto ret;
1133 } 1140 }
1134 } 1141 }
1135 1142
1143ret:
1136 efree(lcname); 1144 efree(lcname);
1137
1138 RETVAL_BOOL(retval); 1145 RETVAL_BOOL(retval);
1139 return (1); 1146 return 1;
1140} 1147}
1141 1148
1142/* MT RAND FUNCTIONS */ 1149/* MT RAND FUNCTIONS */
@@ -1164,7 +1171,7 @@ static int ih_function_exists(IH_HANDLER_PARAMS)
1164 1171
1165 Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura, 1172 Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
1166 Copyright (C) 2000 - 2003, Richard J. Wagner 1173 Copyright (C) 2000 - 2003, Richard J. Wagner
1167 All rights reserved. 1174 All rights reserved.
1168 1175
1169 Redistribution and use in source and binary forms, with or without 1176 Redistribution and use in source and binary forms, with or without
1170 modification, are permitted provided that the following conditions 1177 modification, are permitted provided that the following conditions
@@ -1177,8 +1184,8 @@ static int ih_function_exists(IH_HANDLER_PARAMS)
1177 notice, this list of conditions and the following disclaimer in the 1184 notice, this list of conditions and the following disclaimer in the
1178 documentation and/or other materials provided with the distribution. 1185 documentation and/or other materials provided with the distribution.
1179 1186
1180 3. The names of its contributors may not be used to endorse or promote 1187 3. The names of its contributors may not be used to endorse or promote
1181 products derived from this software without specific prior written 1188 products derived from this software without specific prior written
1182 permission. 1189 permission.
1183 1190
1184 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 1191 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -1292,14 +1299,14 @@ static php_uint32 suhosin_mt_rand(TSRMLS_D)
1292{ 1299{
1293 /* Pull a 32-bit integer from the generator state 1300 /* Pull a 32-bit integer from the generator state
1294 Every other access function simply transforms the numbers extracted here */ 1301 Every other access function simply transforms the numbers extracted here */
1295 1302
1296 register php_uint32 s1; 1303 register php_uint32 s1;
1297 1304
1298 if (SUHOSIN_G(mt_left) == 0) { 1305 if (SUHOSIN_G(mt_left) == 0) {
1299 suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left)); 1306 suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left));
1300 } 1307 }
1301 --SUHOSIN_G(mt_left); 1308 --SUHOSIN_G(mt_left);
1302 1309
1303 s1 = *SUHOSIN_G(mt_next)++; 1310 s1 = *SUHOSIN_G(mt_next)++;
1304 s1 ^= (s1 >> 11); 1311 s1 ^= (s1 >> 11);
1305 s1 ^= (s1 << 7) & 0x9d2c5680U; 1312 s1 ^= (s1 << 7) & 0x9d2c5680U;
@@ -1319,11 +1326,11 @@ static void suhosin_gen_entropy(php_uint32 *entropybuf TSRMLS_DC)
1319 unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state); 1326 unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state);
1320 suhosin_SHA256_CTX context; 1327 suhosin_SHA256_CTX context;
1321 int fd; 1328 int fd;
1322 1329
1323 code_value ^= code_value >> 32; 1330 code_value ^= code_value >> 32;
1324 stack_value ^= stack_value >> 32; 1331 stack_value ^= stack_value >> 32;
1325 heap_value ^= heap_value >> 32; 1332 heap_value ^= heap_value >> 32;
1326 1333
1327 seedbuf[0] = code_value; 1334 seedbuf[0] = code_value;
1328 seedbuf[1] = stack_value; 1335 seedbuf[1] = stack_value;
1329 seedbuf[2] = heap_value; 1336 seedbuf[2] = heap_value;
@@ -1362,7 +1369,7 @@ static void suhosin_gen_entropy(php_uint32 *entropybuf TSRMLS_DC)
1362 */ 1369 */
1363static void suhosin_srand_auto(TSRMLS_D) 1370static void suhosin_srand_auto(TSRMLS_D)
1364{ 1371{
1365 php_uint32 seed[8]; 1372 php_uint32 seed[8];
1366 suhosin_gen_entropy(&seed[0] TSRMLS_CC); 1373 suhosin_gen_entropy(&seed[0] TSRMLS_CC);
1367 1374
1368 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state)); 1375 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state));
@@ -1377,7 +1384,7 @@ static void suhosin_srand_auto(TSRMLS_D)
1377 */ 1384 */
1378static void suhosin_mt_srand_auto(TSRMLS_D) 1385static void suhosin_mt_srand_auto(TSRMLS_D)
1379{ 1386{
1380 php_uint32 seed[8]; 1387 php_uint32 seed[8];
1381 suhosin_gen_entropy(&seed[0] TSRMLS_CC); 1388 suhosin_gen_entropy(&seed[0] TSRMLS_CC);
1382 1389
1383 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state)); 1390 suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state));
@@ -1408,14 +1415,14 @@ static php_uint32 suhosin_rand(TSRMLS_D)
1408{ 1415{
1409 /* Pull a 32-bit integer from the generator state 1416 /* Pull a 32-bit integer from the generator state
1410 Every other access function simply transforms the numbers extracted here */ 1417 Every other access function simply transforms the numbers extracted here */
1411 1418
1412 register php_uint32 s1; 1419 register php_uint32 s1;
1413 1420
1414 if (SUHOSIN_G(r_left) == 0) { 1421 if (SUHOSIN_G(r_left) == 0) {
1415 suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left)); 1422 suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left));
1416 } 1423 }
1417 --SUHOSIN_G(r_left); 1424 --SUHOSIN_G(r_left);
1418 1425
1419 s1 = *SUHOSIN_G(r_next)++; 1426 s1 = *SUHOSIN_G(r_next)++;
1420 s1 ^= (s1 >> 11); 1427 s1 ^= (s1 >> 11);
1421 s1 ^= (s1 << 7) & 0x9d2c5680U; 1428 s1 ^= (s1 << 7) & 0x9d2c5680U;
@@ -1433,7 +1440,7 @@ static int ih_srand(IH_HANDLER_PARAMS)
1433 SUHOSIN_G(r_is_seeded) = 0; 1440 SUHOSIN_G(r_is_seeded) = 0;
1434 return 1; 1441 return 1;
1435 } 1442 }
1436 1443
1437 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) { 1444 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) {
1438 return 1; 1445 return 1;
1439 } 1446 }
@@ -1455,7 +1462,7 @@ static int ih_mt_srand(IH_HANDLER_PARAMS)
1455 SUHOSIN_G(mt_is_seeded) = 0; 1462 SUHOSIN_G(mt_is_seeded) = 0;
1456 return 1; 1463 return 1;
1457 } 1464 }
1458 1465
1459 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) { 1466 if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) {
1460 return 1; 1467 return 1;
1461 } 1468 }
@@ -1476,7 +1483,7 @@ static int ih_mt_rand(IH_HANDLER_PARAMS)
1476 long number; 1483 long number;
1477 1484
1478 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { 1485 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
1479 return (1); 1486 return (1);
1480 } 1487 }
1481 1488
1482 if (!SUHOSIN_G(mt_is_seeded)) { 1489 if (!SUHOSIN_G(mt_is_seeded)) {
@@ -1500,7 +1507,7 @@ static int ih_rand(IH_HANDLER_PARAMS)
1500 long number; 1507 long number;
1501 1508
1502 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { 1509 if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
1503 return (1); 1510 return (1);
1504 } 1511 }
1505 1512
1506 if (!SUHOSIN_G(r_is_seeded)) { 1513 if (!SUHOSIN_G(r_is_seeded)) {
@@ -1519,8 +1526,9 @@ static int ih_rand(IH_HANDLER_PARAMS)
1519static int ih_getrandmax(IH_HANDLER_PARAMS) 1526static int ih_getrandmax(IH_HANDLER_PARAMS)
1520{ 1527{
1521 if (zend_parse_parameters_none() == FAILURE) { 1528 if (zend_parse_parameters_none() == FAILURE) {
1522 return(0); 1529 return (1);
1523 } 1530 }
1531
1524 RETVAL_LONG(PHP_MT_RAND_MAX); 1532 RETVAL_LONG(PHP_MT_RAND_MAX);
1525 return (1); 1533 return (1);
1526} 1534}
@@ -1529,16 +1537,16 @@ internal_function_handler ihandlers[] = {
1529 { "preg_replace", ih_preg_replace, NULL, NULL, NULL }, 1537 { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
1530 { "mail", ih_mail, NULL, NULL, NULL }, 1538 { "mail", ih_mail, NULL, NULL, NULL },
1531 { "symlink", ih_symlink, NULL, NULL, NULL }, 1539 { "symlink", ih_symlink, NULL, NULL, NULL },
1532 1540
1533 { "srand", ih_srand, NULL, NULL, NULL }, 1541 { "srand", ih_srand, NULL, NULL, NULL },
1534 { "mt_srand", ih_mt_srand, NULL, NULL, NULL }, 1542 { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
1535 { "rand", ih_rand, NULL, NULL, NULL }, 1543 { "rand", ih_rand, NULL, NULL, NULL },
1536 { "mt_rand", ih_mt_rand, NULL, NULL, NULL }, 1544 { "mt_rand", ih_mt_rand, NULL, NULL, NULL },
1537 { "getrandmax", ih_getrandmax, NULL, NULL, NULL }, 1545 { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
1538 { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL }, 1546 { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
1539 1547
1540 { "function_exists", ih_function_exists, NULL, NULL, NULL }, 1548 { "function_exists", ih_function_exists, NULL, NULL, NULL },
1541 1549
1542 /* Mysqli */ 1550 /* Mysqli */
1543 { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL }, 1551 { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
1544 { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL }, 1552 { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
@@ -1546,7 +1554,7 @@ internal_function_handler ihandlers[] = {
1546 { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL }, 1554 { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
1547 { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL }, 1555 { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
1548 { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL }, 1556 { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
1549 1557
1550 { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL }, 1558 { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
1551 { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1559 { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
1552 { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL }, 1560 { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
@@ -1561,14 +1569,14 @@ internal_function_handler ihandlers[] = {
1561 { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1569 { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
1562 { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1570 { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
1563 // ---- 1571 // ----
1564 1572
1565 /* Mysql API - deprecated in PHP 5.5 */ 1573 /* Mysql API - deprecated in PHP 5.5 */
1566 { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL }, 1574 { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
1567 { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL }, 1575 { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1568 { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL }, 1576 { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
1569 { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL }, 1577 { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
1570 { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL }, 1578 { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
1571 1579
1572#ifdef SUHOSIN_EXPERIMENTAL 1580#ifdef SUHOSIN_EXPERIMENTAL
1573 /* MaxDB */ 1581 /* MaxDB */
1574 { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL }, 1582 { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
@@ -1577,7 +1585,7 @@ internal_function_handler ihandlers[] = {
1577 { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL }, 1585 { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
1578 { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL }, 1586 { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
1579 { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL }, 1587 { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
1580 1588
1581 { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL }, 1589 { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
1582 { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL }, 1590 { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
1583 { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL }, 1591 { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
@@ -1596,7 +1604,7 @@ internal_function_handler ihandlers[] = {
1596 { "pdo::query", ih_querycheck, (void *)1, NULL, NULL }, 1604 { "pdo::query", ih_querycheck, (void *)1, NULL, NULL },
1597 { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL }, 1605 { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL },
1598 { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL }, 1606 { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL },
1599 1607
1600 /* Oracle OCI8 */ 1608 /* Oracle OCI8 */
1601 { "ocilogon", ih_fixusername, (void *)1, NULL, NULL }, 1609 { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
1602 { "ociplogon", ih_fixusername, (void *)1, NULL, NULL }, 1610 { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
@@ -1642,7 +1650,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, zend_f
1642 zval **return_value_ptr; 1650 zval **return_value_ptr;
1643 zval *this_ptr; 1651 zval *this_ptr;
1644 int ht; 1652 int ht;
1645 1653
1646 if (fci) { 1654 if (fci) {
1647 return_value = *fci->retval_ptr_ptr; 1655 return_value = *fci->retval_ptr_ptr;
1648 return_value_ptr = fci->retval_ptr_ptr; 1656 return_value_ptr = fci->retval_ptr_ptr;
@@ -1655,7 +1663,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, zend_f
1655 return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL; 1663 return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL;
1656 this_ptr = execute_data_ptr->object; 1664 this_ptr = execute_data_ptr->object;
1657 ht = execute_data_ptr->opline->extended_value; 1665 ht = execute_data_ptr->opline->extended_value;
1658 } 1666 }
1659#else 1667#else
1660static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC) 1668static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC)
1661{ 1669{
@@ -1670,7 +1678,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1670 ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope; 1678 ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope;
1671 lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name; 1679 lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name;
1672 function_name_strlen = strlen(lcname); 1680 function_name_strlen = strlen(lcname);
1673 1681
1674 /* handle methodcalls correctly */ 1682 /* handle methodcalls correctly */
1675 if (ce != NULL) { 1683 if (ce != NULL) {
1676 char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1); 1684 char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1);
@@ -1684,14 +1692,14 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1684 zend_str_tolower(lcname, function_name_strlen); 1692 zend_str_tolower(lcname, function_name_strlen);
1685 } 1693 }
1686 1694
1687#if PHP_VERSION_ID < 50500 1695#if PHP_VERSION_ID < 50500
1688 return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr; 1696 return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr;
1689#endif 1697#endif
1690 1698
1691 SDEBUG("function: %s", lcname); 1699 SDEBUG("function: %s", lcname);
1692 1700
1693 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { 1701 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
1694 1702
1695 if (SUHOSIN_G(eval_whitelist) != NULL) { 1703 if (SUHOSIN_G(eval_whitelist) != NULL) {
1696 if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) { 1704 if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) {
1697 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of eval whitelist called: %s()", lcname); 1705 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of eval whitelist called: %s()", lcname);
@@ -1712,7 +1720,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1712 } 1720 }
1713 } 1721 }
1714 } 1722 }
1715 1723
1716 if (SUHOSIN_G(func_whitelist) != NULL) { 1724 if (SUHOSIN_G(func_whitelist) != NULL) {
1717 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) { 1725 if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) {
1718 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of whitelist called: %s()", lcname); 1726 suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of whitelist called: %s()", lcname);
@@ -1732,16 +1740,16 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re
1732 } 1740 }
1733 } 1741 }
1734 } 1742 }
1735 1743
1736 if (zend_hash_find(&ihandler_table, lcname, function_name_strlen+1, (void **)&ih) == SUCCESS) { 1744 if (zend_hash_find(&ihandler_table, lcname, function_name_strlen+1, (void **)&ih) == SUCCESS) {
1737 1745
1738 int retval = 0; 1746 int retval = 0;
1739 void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler; 1747 void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler;
1740 1748
1741 if (handler != ZEND_FN(display_disabled_function)) { 1749 if (handler != ZEND_FN(display_disabled_function)) {
1742 retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU); 1750 retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU);
1743 } 1751 }
1744 1752
1745 if (retval == 0) { 1753 if (retval == 0) {
1746#if PHP_VERSION_ID >= 50500 1754#if PHP_VERSION_ID >= 50500
1747 old_execute_internal(execute_data_ptr, fci, return_value_used TSRMLS_CC); 1755 old_execute_internal(execute_data_ptr, fci, return_value_used TSRMLS_CC);
@@ -1777,12 +1785,10 @@ static int function_lookup(zend_extension *extension)
1777 if (zo_set_oe_ex != NULL) { 1785 if (zo_set_oe_ex != NULL) {
1778 return ZEND_HASH_APPLY_STOP; 1786 return ZEND_HASH_APPLY_STOP;
1779 } 1787 }
1780
1781 if (extension->handle != NULL) {
1782 1788
1783 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex"); 1789 if (extension->handle != NULL) {
1784 1790 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex");
1785 } 1791 }
1786 1792
1787 return 0; 1793 return 0;
1788} 1794}
@@ -1798,19 +1804,19 @@ void suhosin_hook_execute(TSRMLS_D)
1798#if PHP_VERSION_ID >= 50500 1804#if PHP_VERSION_ID >= 50500
1799 old_execute_ex = zend_execute_ex; 1805 old_execute_ex = zend_execute_ex;
1800 zend_execute_ex = suhosin_execute_ex; 1806 zend_execute_ex = suhosin_execute_ex;
1801#else 1807#else
1802 old_execute = zend_execute; 1808 old_execute = zend_execute;
1803 zend_execute = suhosin_execute; 1809 zend_execute = suhosin_execute;
1804#endif 1810#endif
1805 1811
1806/* old_compile_file = zend_compile_file; 1812/* old_compile_file = zend_compile_file;
1807 zend_compile_file = suhosin_compile_file; */ 1813 zend_compile_file = suhosin_compile_file; */
1808 1814
1809#if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED 1815#if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED
1810 if (zo_set_oe_ex == NULL) { 1816 if (zo_set_oe_ex == NULL) {
1811 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex"); 1817 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex");
1812 } 1818 }
1813 if (zo_set_oe_ex == NULL) { 1819 if (zo_set_oe_ex == NULL) {
1814 zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup TSRMLS_CC); 1820 zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup TSRMLS_CC);
1815 } 1821 }
1816 1822
@@ -1818,7 +1824,7 @@ void suhosin_hook_execute(TSRMLS_D)
1818 old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO); 1824 old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO);
1819 } 1825 }
1820#endif 1826#endif
1821 1827
1822 old_execute_internal = zend_execute_internal; 1828 old_execute_internal = zend_execute_internal;
1823 if (old_execute_internal == NULL) { 1829 if (old_execute_internal == NULL) {
1824 old_execute_internal = execute_internal; 1830 old_execute_internal = execute_internal;
@@ -1831,14 +1837,14 @@ void suhosin_hook_execute(TSRMLS_D)
1831 zend_hash_add(&ihandler_table, ih->name, strlen(ih->name)+1, ih, sizeof(internal_function_handler), NULL); 1837 zend_hash_add(&ihandler_table, ih->name, strlen(ih->name)+1, ih, sizeof(internal_function_handler), NULL);
1832 ih++; 1838 ih++;
1833 } 1839 }
1834 1840
1835 1841
1836 /* Add additional protection layer, that SHOULD 1842 /* Add additional protection layer, that SHOULD
1837 catch ZEND_INCLUDE_OR_EVAL *before* the engine tries 1843 catch ZEND_INCLUDE_OR_EVAL *before* the engine tries
1838 to execute */ 1844 to execute */
1839 old_zend_stream_open = zend_stream_open_function; 1845 old_zend_stream_open = zend_stream_open_function;
1840 zend_stream_open_function = suhosin_zend_stream_open; 1846 zend_stream_open_function = suhosin_zend_stream_open;
1841 1847
1842} 1848}
1843/* }}} */ 1849/* }}} */
1844 1850
@@ -1853,12 +1859,12 @@ void suhosin_unhook_execute()
1853 } 1859 }
1854#endif 1860#endif
1855 1861
1856#if PHP_VERSION_ID >= 50500 1862#if PHP_VERSION_ID >= 50500
1857 zend_execute_ex = old_execute_ex; 1863 zend_execute_ex = old_execute_ex;
1858#else 1864#else
1859 zend_execute = old_execute; 1865 zend_execute = old_execute;
1860#endif 1866#endif
1861 1867
1862/* zend_compile_file = old_compile_file; */ 1868/* zend_compile_file = old_compile_file; */
1863 1869
1864 if (old_execute_internal == execute_internal) { 1870 if (old_execute_internal == execute_internal) {
@@ -1866,10 +1872,10 @@ void suhosin_unhook_execute()
1866 } 1872 }
1867 zend_execute_internal = old_execute_internal; 1873 zend_execute_internal = old_execute_internal;
1868 zend_hash_clean(&ihandler_table); 1874 zend_hash_clean(&ihandler_table);
1869 1875
1870 /* remove zend_open protection */ 1876 /* remove zend_open protection */
1871 zend_stream_open_function = old_zend_stream_open; 1877 zend_stream_open_function = old_zend_stream_open;
1872 1878
1873} 1879}
1874/* }}} */ 1880/* }}} */
1875 1881
diff --git a/header.c b/header.c
index 6648df0..71982b6 100644
--- a/header.c
+++ b/header.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -40,12 +40,12 @@ char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int v
40 int l; 40 int l;
41 41
42 buf = estrndup(name, name_len); 42 buf = estrndup(name, name_len);
43 43
44 44
45 name_len = php_url_decode(buf, name_len); 45 name_len = php_url_decode(buf, name_len);
46 normalize_varname(buf); 46 normalize_varname(buf);
47 name_len = strlen(buf); 47 name_len = strlen(buf);
48 48
49 if (SUHOSIN_G(cookie_plainlist)) { 49 if (SUHOSIN_G(cookie_plainlist)) {
50 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { 50 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) {
51encrypt_return_plain: 51encrypt_return_plain:
@@ -57,11 +57,11 @@ encrypt_return_plain:
57 goto encrypt_return_plain; 57 goto encrypt_return_plain;
58 } 58 }
59 } 59 }
60 60
61 buf2 = estrndup(value, value_len); 61 buf2 = estrndup(value, value_len);
62 62
63 value_len = php_url_decode(buf2, value_len); 63 value_len = php_url_decode(buf2, value_len);
64 64
65 d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); 65 d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC);
66 d_url = php_url_encode(d, strlen(d), &l); 66 d_url = php_url_encode(d, strlen(d), &l);
67 efree(d); 67 efree(d);
@@ -72,25 +72,25 @@ encrypt_return_plain:
72 72
73char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC) 73char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC)
74{ 74{
75 int o_name_len = name_len; 75 int o_name_len = name_len;
76 char *buf, *buf2, *d, *d_url; 76 char *buf, *buf2, *d, *d_url;
77 int l; 77 int l;
78 78
79 buf = estrndup(name, name_len); 79 buf = estrndup(name, name_len);
80 80
81 name_len = php_url_decode(buf, name_len); 81 name_len = php_url_decode(buf, name_len);
82 normalize_varname(buf); 82 normalize_varname(buf);
83 name_len = strlen(buf); 83 name_len = strlen(buf);
84 84
85 if (SUHOSIN_G(cookie_plainlist)) { 85 if (SUHOSIN_G(cookie_plainlist)) {
86 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { 86 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) {
87decrypt_return_plain: 87decrypt_return_plain:
88 efree(buf); 88 efree(buf);
89 memcpy(*where, name, o_name_len); 89 memcpy(*where, name, o_name_len);
90 *where += o_name_len; 90 *where += o_name_len;
91 **where = '='; *where +=1; 91 **where = '='; *where +=1;
92 memcpy(*where, value, value_len); 92 memcpy(*where, value, value_len);
93 *where += value_len; 93 *where += value_len;
94 return *where; 94 return *where;
95 } 95 }
96 } else if (SUHOSIN_G(cookie_cryptlist)) { 96 } else if (SUHOSIN_G(cookie_cryptlist)) {
@@ -98,21 +98,21 @@ decrypt_return_plain:
98 goto decrypt_return_plain; 98 goto decrypt_return_plain;
99 } 99 }
100 } 100 }
101 101
102 102
103 buf2 = estrndup(value, value_len); 103 buf2 = estrndup(value, value_len);
104 104
105 value_len = php_url_decode(buf2, value_len); 105 value_len = php_url_decode(buf2, value_len);
106 106
107 d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC); 107 d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC);
108 if (d == NULL) { 108 if (d == NULL) {
109 goto skip_cookie; 109 goto skip_cookie;
110 } 110 }
111 d_url = php_url_encode(d, l, &l); 111 d_url = php_url_encode(d, l, &l);
112 efree(d); 112 efree(d);
113 memcpy(*where, name, o_name_len); 113 memcpy(*where, name, o_name_len);
114 *where += o_name_len; 114 *where += o_name_len;
115 **where = '=';*where += 1; 115 **where = '=';*where += 1;
116 memcpy(*where, d_url, l); 116 memcpy(*where, d_url, l);
117 *where += l; 117 *where += l;
118 efree(d_url); 118 efree(d_url);
@@ -141,28 +141,28 @@ char *suhosin_cookie_decryptor(TSRMLS_D)
141 141
142 ret = decrypted = emalloc(strlen(raw_cookie)*4+1); 142 ret = decrypted = emalloc(strlen(raw_cookie)*4+1);
143 raw_cookie = estrdup(raw_cookie); 143 raw_cookie = estrdup(raw_cookie);
144 SUHOSIN_G(raw_cookie) = estrdup(raw_cookie); 144 SUHOSIN_G(raw_cookie) = estrdup(raw_cookie);
145
145 146
146
147 j = 0; tmp = raw_cookie; 147 j = 0; tmp = raw_cookie;
148 while (*tmp) { 148 while (*tmp) {
149 char *d_url;int varlen; 149 char *d_url;int varlen;
150 while (*tmp == '\t' || *tmp == ' ') tmp++; 150 while (*tmp == '\t' || *tmp == ' ') tmp++;
151 var = tmp; 151 var = tmp;
152 while (*tmp && *tmp != ';' && *tmp != '=') tmp++; 152 while (*tmp && *tmp != ';' && *tmp != '=') tmp++;
153 153
154 varlen = tmp-var; 154 varlen = tmp-var;
155 /*memcpy(decrypted, var, varlen); 155 /*memcpy(decrypted, var, varlen);
156 decrypted += varlen;*/ 156 decrypted += varlen;*/
157 if (*tmp == 0) break; 157 if (*tmp == 0) break;
158 158
159 if (*tmp++ == ';') { 159 if (*tmp++ == ';') {
160 *decrypted++ = ';'; 160 *decrypted++ = ';';
161 continue; 161 continue;
162 } 162 }
163 163
164 /**decrypted++ = '=';*/ 164 /**decrypted++ = '=';*/
165 165
166 val = tmp; 166 val = tmp;
167 while (*tmp && *tmp != ';') tmp++; 167 while (*tmp && *tmp != ';') tmp++;
168 168
@@ -170,16 +170,16 @@ char *suhosin_cookie_decryptor(TSRMLS_D)
170 if (*tmp == ';') { 170 if (*tmp == ';') {
171 *decrypted++ = ';'; 171 *decrypted++ = ';';
172 } 172 }
173 173
174 if (*tmp == 0) break; 174 if (*tmp == 0) break;
175 tmp++; 175 tmp++;
176 } 176 }
177 *decrypted++ = 0; 177 *decrypted++ = 0;
178 ret = erealloc(ret, decrypted-ret); 178 ret = erealloc(ret, decrypted-ret);
179 179
180 SUHOSIN_G(decrypted_cookie) = ret; 180 SUHOSIN_G(decrypted_cookie) = ret;
181 efree(raw_cookie); 181 efree(raw_cookie);
182 182
183 return ret; 183 return ret;
184} 184}
185/* }}} */ 185/* }}} */
@@ -194,9 +194,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
194 if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) { 194 if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) {
195 goto suhosin_skip_header_handling; 195 goto suhosin_skip_header_handling;
196 } 196 }
197 197
198 if (sapi_header && sapi_header->header) { 198 if (sapi_header && sapi_header->header) {
199 199
200 tmp = sapi_header->header; 200 tmp = sapi_header->header;
201 201
202 for (i=0; i<sapi_header->header_len; i++, tmp++) { 202 for (i=0; i<sapi_header->header_len; i++, tmp++) {
@@ -214,7 +214,7 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
214 } 214 }
215 if (SUHOSIN_G(allow_multiheader)) { 215 if (SUHOSIN_G(allow_multiheader)) {
216 continue; 216 continue;
217 } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || 217 } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) ||
218 (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { 218 (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) {
219 char *fname = (char *)get_active_function_name(TSRMLS_C); 219 char *fname = (char *)get_active_function_name(TSRMLS_C);
220 220
@@ -236,8 +236,8 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
236 if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) { 236 if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) {
237 237
238 char *start, *end, *rend, *tmp; 238 char *start, *end, *rend, *tmp;
239 char *name, *value; 239 char *name, *value;
240 int nlen, vlen, len, tlen; 240 int nlen, vlen, len, tlen;
241 char cryptkey[33]; 241 char cryptkey[33];
242 242
243 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); 243 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC);
@@ -264,9 +264,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum
264 } 264 }
265 vlen = end-value; 265 vlen = end-value;
266 266
267 value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC); 267 value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC);
268 vlen = strlen(value); 268 vlen = strlen(value);
269 269
270 len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end; 270 len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end;
271 tmp = emalloc(len + 1); 271 tmp = emalloc(len + 1);
272 tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value); 272 tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value);
@@ -321,5 +321,3 @@ void suhosin_unhook_header_handler()
321 * vim600: noet sw=4 ts=4 fdm=marker 321 * vim600: noet sw=4 ts=4 fdm=marker
322 * vim<600: noet sw=4 ts=4 322 * vim<600: noet sw=4 ts=4
323 */ 323 */
324
325
diff --git a/ifilter.c b/ifilter.c
index fc25a55..43df750 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: ifilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: ifilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -67,12 +67,12 @@ size_t suhosin_strncspn(const char *input, size_t n, const char *reject)
67void normalize_varname(char *varname) 67void normalize_varname(char *varname)
68{ 68{
69 char *s=varname, *index=NULL, *indexend=NULL, *p; 69 char *s=varname, *index=NULL, *indexend=NULL, *p;
70 70
71 /* overjump leading space */ 71 /* overjump leading space */
72 while (*s == ' ') { 72 while (*s == ' ') {
73 s++; 73 s++;
74 } 74 }
75 75
76 /* and remove it */ 76 /* and remove it */
77 if (s != varname) { 77 if (s != varname) {
78 memmove(varname, s, strlen(s)+1); 78 memmove(varname, s, strlen(s)+1);
@@ -104,7 +104,7 @@ void normalize_varname(char *varname)
104 } 104 }
105 indexend = strchr(index, ']'); 105 indexend = strchr(index, ']');
106 indexend = indexend ? indexend + 1 : index + strlen(index); 106 indexend = indexend ? indexend + 1 : index + strlen(index);
107 107
108 if (s != index) { 108 if (s != index) {
109 memmove(s, index, strlen(index)+1); 109 memmove(s, index, strlen(index)+1);
110 s += indexend-index; 110 s += indexend-index;
@@ -117,7 +117,7 @@ void normalize_varname(char *varname)
117 index = s; 117 index = s;
118 } else { 118 } else {
119 index = NULL; 119 index = NULL;
120 } 120 }
121 } 121 }
122 *s++='\0'; 122 *s++='\0';
123} 123}
@@ -153,7 +153,7 @@ static void suhosin_server_strip(HashTable *arr, char *key, int klen)
153 153
154 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && 154 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
155 Z_TYPE_PP(tzval) == IS_STRING) { 155 Z_TYPE_PP(tzval) == IS_STRING) {
156 156
157 s = t = (unsigned char *)Z_STRVAL_PP(tzval); 157 s = t = (unsigned char *)Z_STRVAL_PP(tzval);
158 for (; *t; t++) { 158 for (; *t; t++) {
159 if (suhosin_is_dangerous_char[*t]) { 159 if (suhosin_is_dangerous_char[*t]) {
@@ -175,20 +175,20 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen)
175 175
176 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && 176 if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
177 Z_TYPE_PP(tzval) == IS_STRING) { 177 Z_TYPE_PP(tzval) == IS_STRING) {
178 178
179 temp = (unsigned char *)Z_STRVAL_PP(tzval); 179 temp = (unsigned char *)Z_STRVAL_PP(tzval);
180 180
181 for (t = temp; *t; t++) { 181 for (t = temp; *t; t++) {
182 if (suhosin_is_dangerous_char[*t]) { 182 if (suhosin_is_dangerous_char[*t]) {
183 extra += 2; 183 extra += 2;
184 } 184 }
185 } 185 }
186 186
187 /* no extra bytes required */ 187 /* no extra bytes required */
188 if (extra == 0) { 188 if (extra == 0) {
189 return; 189 return;
190 } 190 }
191 191
192 n = newv = emalloc(t - temp + 1 + extra); 192 n = newv = emalloc(t - temp + 1 + extra);
193 t = temp; 193 t = temp;
194 for (t = temp; *t; t++, n++) { 194 for (t = temp; *t; t++, n++) {
@@ -201,7 +201,7 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen)
201 } 201 }
202 } 202 }
203 *n = 0; 203 *n = 0;
204 204
205 /* XXX: we leak memory here, but only for the duration of the request */ 205 /* XXX: we leak memory here, but only for the duration of the request */
206 Z_STRVAL_PP(tzval) = (char *)newv; 206 Z_STRVAL_PP(tzval) = (char *)newv;
207 Z_STRLEN_PP(tzval) = n-newv; 207 Z_STRLEN_PP(tzval) = n-newv;
@@ -251,7 +251,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC)
251 if (failure) { 251 if (failure) {
252 suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header"); 252 suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header");
253 } 253 }
254 254
255 if (SUHOSIN_G(raw_cookie)) { 255 if (SUHOSIN_G(raw_cookie)) {
256 zval *z; 256 zval *z;
257 MAKE_STD_ZVAL(z); 257 MAKE_STD_ZVAL(z);
@@ -265,7 +265,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC)
265 zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); 265 zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL);
266 SUHOSIN_G(decrypted_cookie) = NULL; 266 SUHOSIN_G(decrypted_cookie) = NULL;
267 } 267 }
268 268
269 if (SUHOSIN_G(server_encode)) { 269 if (SUHOSIN_G(server_encode)) {
270 /* suhosin_server_encode(svars, "argv", sizeof("argv")); */ 270 /* suhosin_server_encode(svars, "argv", sizeof("argv")); */
271 suhosin_server_encode(svars, "REQUEST_URI", sizeof("REQUEST_URI")); 271 suhosin_server_encode(svars, "REQUEST_URI", sizeof("REQUEST_URI"));
@@ -290,14 +290,14 @@ unsigned int suhosin_input_filter_wrapper(int arg, char *var, char **val, unsign
290{ 290{
291 zend_bool already_scanned = SUHOSIN_G(already_scanned); 291 zend_bool already_scanned = SUHOSIN_G(already_scanned);
292 SUHOSIN_G(already_scanned) = 0; 292 SUHOSIN_G(already_scanned) = 0;
293 293
294 if (SUHOSIN_G(do_not_scan)) { 294 if (SUHOSIN_G(do_not_scan)) {
295 if (new_val_len) { 295 if (new_val_len) {
296 *new_val_len = val_len; 296 *new_val_len = val_len;
297 } 297 }
298 return 1; 298 return 1;
299 } 299 }
300 300
301 if (!already_scanned) { 301 if (!already_scanned) {
302 if (suhosin_input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)==0) { 302 if (suhosin_input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)==0) {
303 SUHOSIN_G(abort_request)=1; 303 SUHOSIN_G(abort_request)=1;
@@ -329,66 +329,66 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
329 } 329 }
330 330
331 /* Drop this variable if the limit was reached */ 331 /* Drop this variable if the limit was reached */
332 switch (arg) {
333 case PARSE_GET:
334 SUHOSIN_G(att_get_vars)++;
335 SUHOSIN_G(att_request_variables)++;
336 if (SUHOSIN_G(no_more_get_variables)) {
337 return 0;
338 }
339 break;
340 case PARSE_POST:
341 SUHOSIN_G(att_post_vars)++;
342 SUHOSIN_G(att_request_variables)++;
343 if (SUHOSIN_G(no_more_post_variables)) {
344 return 0;
345 }
346 break;
347 case PARSE_COOKIE:
348 SUHOSIN_G(att_cookie_vars)++;
349 SUHOSIN_G(att_request_variables)++;
350 if (SUHOSIN_G(no_more_cookie_variables)) {
351 return 0;
352 }
353 break;
354 default: /* we do not want to protect parse_str() and friends */
355 if (new_val_len) {
356 *new_val_len = val_len;
357 }
358 return 1;
359 }
360
361 /* Drop this variable if the limit is now reached */
362 switch (arg) { 332 switch (arg) {
363 case PARSE_GET: 333 case PARSE_GET:
334 SUHOSIN_G(att_get_vars)++;
335 SUHOSIN_G(att_request_variables)++;
336 if (SUHOSIN_G(no_more_get_variables)) {
337 return 0;
338 }
339 break;
340 case PARSE_POST:
341 SUHOSIN_G(att_post_vars)++;
342 SUHOSIN_G(att_request_variables)++;
343 if (SUHOSIN_G(no_more_post_variables)) {
344 return 0;
345 }
346 break;
347 case PARSE_COOKIE:
348 SUHOSIN_G(att_cookie_vars)++;
349 SUHOSIN_G(att_request_variables)++;
350 if (SUHOSIN_G(no_more_cookie_variables)) {
351 return 0;
352 }
353 break;
354 default: /* we do not want to protect parse_str() and friends */
355 if (new_val_len) {
356 *new_val_len = val_len;
357 }
358 return 1;
359 }
360
361/* Drop this variable if the limit is now reached */
362 switch (arg) {
363 case PARSE_GET:
364 if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) { 364 if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) {
365 suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var); 365 suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var);
366 if (!SUHOSIN_G(simulation)) { 366 if (!SUHOSIN_G(simulation)) {
367 SUHOSIN_G(no_more_get_variables) = 1; 367 SUHOSIN_G(no_more_get_variables) = 1;
368 return 0; 368 return 0;
369 } 369 }
370 } 370 }
371 break; 371 break;
372 case PARSE_COOKIE: 372 case PARSE_COOKIE:
373 if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) { 373 if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) {
374 suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var); 374 suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var);
375 if (!SUHOSIN_G(simulation)) { 375 if (!SUHOSIN_G(simulation)) {
376 SUHOSIN_G(no_more_cookie_variables) = 1; 376 SUHOSIN_G(no_more_cookie_variables) = 1;
377 return 0; 377 return 0;
378 } 378 }
379 } 379 }
380 break; 380 break;
381 case PARSE_POST: 381 case PARSE_POST:
382 if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) { 382 if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) {
383 suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var); 383 suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var);
384 if (!SUHOSIN_G(simulation)) { 384 if (!SUHOSIN_G(simulation)) {
385 SUHOSIN_G(no_more_post_variables) = 1; 385 SUHOSIN_G(no_more_post_variables) = 1;
386 return 0; 386 return 0;
387 } 387 }
388 } 388 }
389 break; 389 break;
390 } 390 }
391 391
392 /* Drop this variable if it begins with whitespace which is disallowed */ 392 /* Drop this variable if it begins with whitespace which is disallowed */
393 if (isspace(*var)) { 393 if (isspace(*var)) {
394 if (SUHOSIN_G(disallow_ws)) { 394 if (SUHOSIN_G(disallow_ws)) {
@@ -398,33 +398,33 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
398 } 398 }
399 } 399 }
400 switch (arg) { 400 switch (arg) {
401 case PARSE_GET: 401 case PARSE_GET:
402 if (SUHOSIN_G(disallow_get_ws)) { 402 if (SUHOSIN_G(disallow_get_ws)) {
403 suhosin_log(S_VARS, "GET variable name begins with disallowed whitespace - dropped variable '%s'", var); 403 suhosin_log(S_VARS, "GET variable name begins with disallowed whitespace - dropped variable '%s'", var);
404 if (!SUHOSIN_G(simulation)) { 404 if (!SUHOSIN_G(simulation)) {
405 return 0; 405 return 0;
406 } 406 }
407 } 407 }
408 break; 408 break;
409 case PARSE_POST: 409 case PARSE_POST:
410 if (SUHOSIN_G(disallow_post_ws)) { 410 if (SUHOSIN_G(disallow_post_ws)) {
411 suhosin_log(S_VARS, "POST variable name begins with disallowed whitespace - dropped variable '%s'", var); 411 suhosin_log(S_VARS, "POST variable name begins with disallowed whitespace - dropped variable '%s'", var);
412 if (!SUHOSIN_G(simulation)) { 412 if (!SUHOSIN_G(simulation)) {
413 return 0; 413 return 0;
414 } 414 }
415 } 415 }
416 break; 416 break;
417 case PARSE_COOKIE: 417 case PARSE_COOKIE:
418 if (SUHOSIN_G(disallow_cookie_ws)) { 418 if (SUHOSIN_G(disallow_cookie_ws)) {
419 suhosin_log(S_VARS, "COOKIE variable name begins with disallowed whitespace - dropped variable '%s'", var); 419 suhosin_log(S_VARS, "COOKIE variable name begins with disallowed whitespace - dropped variable '%s'", var);
420 if (!SUHOSIN_G(simulation)) { 420 if (!SUHOSIN_G(simulation)) {
421 return 0; 421 return 0;
422 } 422 }
423 } 423 }
424 break; 424 break;
425 } 425 }
426 } 426 }
427 427
428 /* Drop this variable if it exceeds the value length limit */ 428 /* Drop this variable if it exceeds the value length limit */
429 if (SUHOSIN_G(max_value_length) && SUHOSIN_G(max_value_length) < val_len) { 429 if (SUHOSIN_G(max_value_length) && SUHOSIN_G(max_value_length) < val_len) {
430 suhosin_log(S_VARS, "configured request variable value length limit exceeded - dropped variable '%s'", var); 430 suhosin_log(S_VARS, "configured request variable value length limit exceeded - dropped variable '%s'", var);
@@ -433,7 +433,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
433 } 433 }
434 } 434 }
435 switch (arg) { 435 switch (arg) {
436 case PARSE_GET: 436 case PARSE_GET:
437 if (SUHOSIN_G(max_get_value_length) && SUHOSIN_G(max_get_value_length) < val_len) { 437 if (SUHOSIN_G(max_get_value_length) && SUHOSIN_G(max_get_value_length) < val_len) {
438 suhosin_log(S_VARS, "configured GET variable value length limit exceeded - dropped variable '%s'", var); 438 suhosin_log(S_VARS, "configured GET variable value length limit exceeded - dropped variable '%s'", var);
439 if (!SUHOSIN_G(simulation)) { 439 if (!SUHOSIN_G(simulation)) {
@@ -441,7 +441,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
441 } 441 }
442 } 442 }
443 break; 443 break;
444 case PARSE_COOKIE: 444 case PARSE_COOKIE:
445 if (SUHOSIN_G(max_cookie_value_length) && SUHOSIN_G(max_cookie_value_length) < val_len) { 445 if (SUHOSIN_G(max_cookie_value_length) && SUHOSIN_G(max_cookie_value_length) < val_len) {
446 suhosin_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped variable '%s'", var); 446 suhosin_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped variable '%s'", var);
447 if (!SUHOSIN_G(simulation)) { 447 if (!SUHOSIN_G(simulation)) {
@@ -449,7 +449,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
449 } 449 }
450 } 450 }
451 break; 451 break;
452 case PARSE_POST: 452 case PARSE_POST:
453 if (SUHOSIN_G(max_post_value_length) && SUHOSIN_G(max_post_value_length) < val_len) { 453 if (SUHOSIN_G(max_post_value_length) && SUHOSIN_G(max_post_value_length) < val_len) {
454 suhosin_log(S_VARS, "configured POST variable value length limit exceeded - dropped variable '%s'", var); 454 suhosin_log(S_VARS, "configured POST variable value length limit exceeded - dropped variable '%s'", var);
455 if (!SUHOSIN_G(simulation)) { 455 if (!SUHOSIN_G(simulation)) {
@@ -458,15 +458,15 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
458 } 458 }
459 break; 459 break;
460 } 460 }
461 461
462 /* Normalize the variable name */ 462 /* Normalize the variable name */
463 normalize_varname(var); 463 normalize_varname(var);
464 464
465 /* Find length of variable name */ 465 /* Find length of variable name */
466 index = strchr(var, '['); 466 index = strchr(var, '[');
467 total_len = strlen(var); 467 total_len = strlen(var);
468 var_len = index ? index-var : total_len; 468 var_len = index ? index-var : total_len;
469 469
470 /* Drop this variable if it exceeds the varname/total length limit */ 470 /* Drop this variable if it exceeds the varname/total length limit */
471 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) { 471 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) {
472 suhosin_log(S_VARS, "configured request variable name length limit exceeded - dropped variable '%s'", var); 472 suhosin_log(S_VARS, "configured request variable name length limit exceeded - dropped variable '%s'", var);
@@ -481,7 +481,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
481 } 481 }
482 } 482 }
483 switch (arg) { 483 switch (arg) {
484 case PARSE_GET: 484 case PARSE_GET:
485 if (SUHOSIN_G(max_get_name_length) && SUHOSIN_G(max_get_name_length) < var_len) { 485 if (SUHOSIN_G(max_get_name_length) && SUHOSIN_G(max_get_name_length) < var_len) {
486 suhosin_log(S_VARS, "configured GET variable name length limit exceeded - dropped variable '%s'", var); 486 suhosin_log(S_VARS, "configured GET variable name length limit exceeded - dropped variable '%s'", var);
487 if (!SUHOSIN_G(simulation)) { 487 if (!SUHOSIN_G(simulation)) {
@@ -495,7 +495,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
495 } 495 }
496 } 496 }
497 break; 497 break;
498 case PARSE_COOKIE: 498 case PARSE_COOKIE:
499 if (SUHOSIN_G(max_cookie_name_length) && SUHOSIN_G(max_cookie_name_length) < var_len) { 499 if (SUHOSIN_G(max_cookie_name_length) && SUHOSIN_G(max_cookie_name_length) < var_len) {
500 suhosin_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped variable '%s'", var); 500 suhosin_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped variable '%s'", var);
501 if (!SUHOSIN_G(simulation)) { 501 if (!SUHOSIN_G(simulation)) {
@@ -509,7 +509,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
509 } 509 }
510 } 510 }
511 break; 511 break;
512 case PARSE_POST: 512 case PARSE_POST:
513 if (SUHOSIN_G(max_post_name_length) && SUHOSIN_G(max_post_name_length) < var_len) { 513 if (SUHOSIN_G(max_post_name_length) && SUHOSIN_G(max_post_name_length) < var_len) {
514 suhosin_log(S_VARS, "configured POST variable name length limit exceeded - dropped variable '%s'", var); 514 suhosin_log(S_VARS, "configured POST variable name length limit exceeded - dropped variable '%s'", var);
515 if (!SUHOSIN_G(simulation)) { 515 if (!SUHOSIN_G(simulation)) {
@@ -524,59 +524,59 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
524 } 524 }
525 break; 525 break;
526 } 526 }
527 527
528 /* Find out array depth */ 528 /* Find out array depth */
529 while (index) { 529 while (index) {
530 char *index_end; 530 char *index_end;
531 unsigned int index_length; 531 unsigned int index_length;
532 532
533 /* overjump '[' */ 533 /* overjump '[' */
534 index++; 534 index++;
535 535
536 /* increase array depth */ 536 /* increase array depth */
537 depth++; 537 depth++;
538 538
539 index_end = strchr(index, ']'); 539 index_end = strchr(index, ']');
540 if (index_end == NULL) { 540 if (index_end == NULL) {
541 index_end = index+strlen(index); 541 index_end = index+strlen(index);
542 } 542 }
543 543
544 index_length = index_end - index; 544 index_length = index_end - index;
545 545
546 /* max. array index length */ 546 /* max. array index length */
547 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { 547 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
548 suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var); 548 suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
549 if (!SUHOSIN_G(simulation)) { 549 if (!SUHOSIN_G(simulation)) {
550 return 0; 550 return 0;
551 } 551 }
552 } 552 }
553 switch (arg) { 553 switch (arg) {
554 case PARSE_GET: 554 case PARSE_GET:
555 if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) { 555 if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) {
556 suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var); 556 suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var);
557 if (!SUHOSIN_G(simulation)) { 557 if (!SUHOSIN_G(simulation)) {
558 return 0; 558 return 0;
559 } 559 }
560 } 560 }
561 break; 561 break;
562 case PARSE_COOKIE: 562 case PARSE_COOKIE:
563 if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) { 563 if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) {
564 suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var); 564 suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var);
565 if (!SUHOSIN_G(simulation)) { 565 if (!SUHOSIN_G(simulation)) {
566 return 0; 566 return 0;
567 } 567 }
568 } 568 }
569 break; 569 break;
570 case PARSE_POST: 570 case PARSE_POST:
571 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) { 571 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) {
572 suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var); 572 suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var);
573 if (!SUHOSIN_G(simulation)) { 573 if (!SUHOSIN_G(simulation)) {
574 return 0; 574 return 0;
575 } 575 }
576 } 576 }
577 break; 577 break;
578 } 578 }
579 579
580 /* index whitelist/blacklist */ 580 /* index whitelist/blacklist */
581 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { 581 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
582 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { 582 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
@@ -593,10 +593,10 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
593 } 593 }
594 } 594 }
595 } 595 }
596 596
597 index = strchr(index, '['); 597 index = strchr(index, '[');
598 } 598 }
599 599
600 /* Drop this variable if it exceeds the array depth limit */ 600 /* Drop this variable if it exceeds the array depth limit */
601 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) { 601 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) {
602 suhosin_log(S_VARS, "configured request variable array depth limit exceeded - dropped variable '%s'", var); 602 suhosin_log(S_VARS, "configured request variable array depth limit exceeded - dropped variable '%s'", var);
@@ -605,7 +605,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
605 } 605 }
606 } 606 }
607 switch (arg) { 607 switch (arg) {
608 case PARSE_GET: 608 case PARSE_GET:
609 if (SUHOSIN_G(max_get_array_depth) && SUHOSIN_G(max_get_array_depth) < depth) { 609 if (SUHOSIN_G(max_get_array_depth) && SUHOSIN_G(max_get_array_depth) < depth) {
610 suhosin_log(S_VARS, "configured GET variable array depth limit exceeded - dropped variable '%s'", var); 610 suhosin_log(S_VARS, "configured GET variable array depth limit exceeded - dropped variable '%s'", var);
611 if (!SUHOSIN_G(simulation)) { 611 if (!SUHOSIN_G(simulation)) {
@@ -613,7 +613,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
613 } 613 }
614 } 614 }
615 break; 615 break;
616 case PARSE_COOKIE: 616 case PARSE_COOKIE:
617 if (SUHOSIN_G(max_cookie_array_depth) && SUHOSIN_G(max_cookie_array_depth) < depth) { 617 if (SUHOSIN_G(max_cookie_array_depth) && SUHOSIN_G(max_cookie_array_depth) < depth) {
618 suhosin_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped variable '%s'", var); 618 suhosin_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped variable '%s'", var);
619 if (!SUHOSIN_G(simulation)) { 619 if (!SUHOSIN_G(simulation)) {
@@ -621,7 +621,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
621 } 621 }
622 } 622 }
623 break; 623 break;
624 case PARSE_POST: 624 case PARSE_POST:
625 if (SUHOSIN_G(max_post_array_depth) && SUHOSIN_G(max_post_array_depth) < depth) { 625 if (SUHOSIN_G(max_post_array_depth) && SUHOSIN_G(max_post_array_depth) < depth) {
626 suhosin_log(S_VARS, "configured POST variable array depth limit exceeded - dropped variable '%s'", var); 626 suhosin_log(S_VARS, "configured POST variable array depth limit exceeded - dropped variable '%s'", var);
627 if (!SUHOSIN_G(simulation)) { 627 if (!SUHOSIN_G(simulation)) {
@@ -632,9 +632,9 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
632 } 632 }
633 633
634 /* Check if variable value is truncated by a \0 */ 634 /* Check if variable value is truncated by a \0 */
635 635
636 if (val && *val && val_len != strnlen(*val, val_len)) { 636 if (val && *val && val_len != strnlen(*val, val_len)) {
637 637
638 if (SUHOSIN_G(disallow_nul)) { 638 if (SUHOSIN_G(disallow_nul)) {
639 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var); 639 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var);
640 if (!SUHOSIN_G(simulation)) { 640 if (!SUHOSIN_G(simulation)) {
@@ -642,7 +642,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
642 } 642 }
643 } 643 }
644 switch (arg) { 644 switch (arg) {
645 case PARSE_GET: 645 case PARSE_GET:
646 if (SUHOSIN_G(disallow_get_nul)) { 646 if (SUHOSIN_G(disallow_get_nul)) {
647 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within GET variables - dropped variable '%s'", var); 647 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within GET variables - dropped variable '%s'", var);
648 if (!SUHOSIN_G(simulation)) { 648 if (!SUHOSIN_G(simulation)) {
@@ -650,7 +650,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
650 } 650 }
651 } 651 }
652 break; 652 break;
653 case PARSE_COOKIE: 653 case PARSE_COOKIE:
654 if (SUHOSIN_G(disallow_cookie_nul)) { 654 if (SUHOSIN_G(disallow_cookie_nul)) {
655 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within COOKIE variables - dropped variable '%s'", var); 655 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within COOKIE variables - dropped variable '%s'", var);
656 if (!SUHOSIN_G(simulation)) { 656 if (!SUHOSIN_G(simulation)) {
@@ -658,7 +658,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
658 } 658 }
659 } 659 }
660 break; 660 break;
661 case PARSE_POST: 661 case PARSE_POST:
662 if (SUHOSIN_G(disallow_post_nul)) { 662 if (SUHOSIN_G(disallow_post_nul)) {
663 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within POST variables - dropped variable '%s'", var); 663 suhosin_log(S_VARS, "ASCII-NUL chars not allowed within POST variables - dropped variable '%s'", var);
664 if (!SUHOSIN_G(simulation)) { 664 if (!SUHOSIN_G(simulation)) {
@@ -668,7 +668,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
668 break; 668 break;
669 } 669 }
670 } 670 }
671 671
672 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ 672 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
673 /* This is to protect several silly scripts that do globalizing themself */ 673 /* This is to protect several silly scripts that do globalizing themself */
674 if (suhosin_is_protected_varname(var, var_len)) { 674 if (suhosin_is_protected_varname(var, var_len)) {
@@ -681,17 +681,17 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
681 /* Okay let PHP register this variable */ 681 /* Okay let PHP register this variable */
682 SUHOSIN_G(cur_request_variables)++; 682 SUHOSIN_G(cur_request_variables)++;
683 switch (arg) { 683 switch (arg) {
684 case PARSE_GET: 684 case PARSE_GET:
685 SUHOSIN_G(cur_get_vars)++; 685 SUHOSIN_G(cur_get_vars)++;
686 break; 686 break;
687 case PARSE_COOKIE: 687 case PARSE_COOKIE:
688 SUHOSIN_G(cur_cookie_vars)++; 688 SUHOSIN_G(cur_cookie_vars)++;
689 break; 689 break;
690 case PARSE_POST: 690 case PARSE_POST:
691 SUHOSIN_G(cur_post_vars)++; 691 SUHOSIN_G(cur_post_vars)++;
692 break; 692 break;
693 } 693 }
694 694
695 if (new_val_len) { 695 if (new_val_len) {
696 *new_val_len = val_len; 696 *new_val_len = val_len;
697 } 697 }
@@ -722,5 +722,3 @@ void suhosin_hook_register_server_variables()
722 * vim600: noet sw=4 ts=4 fdm=marker 722 * vim600: noet sw=4 ts=4 fdm=marker
723 * vim<600: noet sw=4 ts=4 723 * vim<600: noet sw=4 ts=4
724 */ 724 */
725
726
diff --git a/log.c b/log.c
index eae3841..a956d1a 100644
--- a/log.c
+++ b/log.c
@@ -107,8 +107,8 @@ PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
107 unsigned short etype; 107 unsigned short etype;
108 DWORD evid; 108 DWORD evid;
109#endif 109#endif
110 char buf[5000]; 110 char buf[5000] = {0};
111 char error[5000]; 111 char error[5000] = {0};
112 char *ip_address; 112 char *ip_address;
113 char *fname; 113 char *fname;
114 char *alertstring; 114 char *alertstring;
@@ -146,6 +146,9 @@ PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
146 va_start(ap, fmt); 146 va_start(ap, fmt);
147 ap_php_vsnprintf(error, sizeof(error), fmt, ap); 147 ap_php_vsnprintf(error, sizeof(error), fmt, ap);
148 va_end(ap); 148 va_end(ap);
149 if (SUHOSIN_G(log_max_error_length) > 0 && SUHOSIN_G(log_max_error_length) < (sizeof(error) - 4)) {
150 memcpy(error + SUHOSIN_G(log_max_error_length), "...", 4);
151 }
149 while (error[i]) { 152 while (error[i]) {
150 if (error[i] < 32) error[i] = '.'; 153 if (error[i] < 32) error[i] = '.';
151 i++; 154 i++;
@@ -437,5 +440,3 @@ SDEBUG("scriptname %s", SUHOSIN_G(log_phpscriptname));
437 * vim600: noet sw=4 ts=4 fdm=marker 440 * vim600: noet sw=4 ts=4 fdm=marker
438 * vim<600: noet sw=4 ts=4 441 * vim<600: noet sw=4 ts=4
439 */ 442 */
440
441
diff --git a/php_suhosin.h b/php_suhosin.h
index 1c0ea42..bf4d34f 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -22,7 +22,7 @@
22#ifndef PHP_SUHOSIN_H 22#ifndef PHP_SUHOSIN_H
23#define PHP_SUHOSIN_H 23#define PHP_SUHOSIN_H
24 24
25#define SUHOSIN_EXT_VERSION "0.9.39dev" 25#define SUHOSIN_EXT_VERSION "0.9.39dev2"
26 26
27/*#define SUHOSIN_DEBUG*/ 27/*#define SUHOSIN_DEBUG*/
28#define SUHOSIN_LOG "/tmp/suhosin_log.txt" 28#define SUHOSIN_LOG "/tmp/suhosin_log.txt"
@@ -36,7 +36,7 @@
36 {FILE *f;f=fopen(SUHOSIN_LOG, "a+");if(f){fprintf(f,"[%u] ",getpid());fprintf(f, msg);fprintf(f,"\n");fclose(f);}} 36 {FILE *f;f=fopen(SUHOSIN_LOG, "a+");if(f){fprintf(f,"[%u] ",getpid());fprintf(f, msg);fprintf(f,"\n");fclose(f);}}
37#else 37#else
38#define SDEBUG(msg...) 38#define SDEBUG(msg...)
39#endif 39#endif
40#endif 40#endif
41 41
42#ifndef PHP_VERSION_ID 42#ifndef PHP_VERSION_ID
@@ -124,7 +124,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
124 zend_uint in_code_type; 124 zend_uint in_code_type;
125 long execution_depth; 125 long execution_depth;
126 zend_bool simulation; 126 zend_bool simulation;
127 zend_bool stealth; 127 zend_bool stealth;
128 zend_bool protectkey; 128 zend_bool protectkey;
129 zend_bool executor_allow_symlink; 129 zend_bool executor_allow_symlink;
130 char *filter_action; 130 char *filter_action;
@@ -135,7 +135,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
135 long sql_opencomment; 135 long sql_opencomment;
136 long sql_union; 136 long sql_union;
137 long sql_mselect; 137 long sql_mselect;
138 138
139 long max_execution_depth; 139 long max_execution_depth;
140 zend_bool abort_request; 140 zend_bool abort_request;
141 long executor_include_max_traversal; 141 long executor_include_max_traversal;
@@ -212,7 +212,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
212 zend_bool upload_allow_utf8; 212 zend_bool upload_allow_utf8;
213#endif 213#endif
214 char *upload_verification_script; 214 char *upload_verification_script;
215 215
216 zend_bool no_more_variables; 216 zend_bool no_more_variables;
217 zend_bool no_more_get_variables; 217 zend_bool no_more_get_variables;
218 zend_bool no_more_post_variables; 218 zend_bool no_more_post_variables;
@@ -236,13 +236,14 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
236 long log_file; 236 long log_file;
237 char *log_filename; 237 char *log_filename;
238 zend_bool log_file_time; 238 zend_bool log_file_time;
239 long log_max_error_length;
239 240
240/* header handler */ 241/* header handler */
241 zend_bool allow_multiheader; 242 zend_bool allow_multiheader;
242 243
243/* mailprotect */ 244/* mailprotect */
244 long mailprotect; 245 long mailprotect;
245 246
246/* memory_limit */ 247/* memory_limit */
247 long memory_limit; 248 long memory_limit;
248 long hard_memory_limit; 249 long hard_memory_limit;
@@ -262,18 +263,18 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
262 BYTE fi[24],ri[24]; 263 BYTE fi[24],ri[24];
263 WORD fkey[120]; 264 WORD fkey[120];
264 WORD rkey[120]; 265 WORD rkey[120];
265 266
266 zend_bool session_encrypt; 267 zend_bool session_encrypt;
267 char* session_cryptkey; 268 char* session_cryptkey;
268 zend_bool session_cryptua; 269 zend_bool session_cryptua;
269 zend_bool session_cryptdocroot; 270 zend_bool session_cryptdocroot;
270 long session_cryptraddr; 271 long session_cryptraddr;
271 long session_checkraddr; 272 long session_checkraddr;
272 273
273 long session_max_id_length; 274 long session_max_id_length;
274 275
275 char* decrypted_cookie; 276 char* decrypted_cookie;
276 char* raw_cookie; 277 char* raw_cookie;
277 zend_bool cookie_encrypt; 278 zend_bool cookie_encrypt;
278 char* cookie_cryptkey; 279 char* cookie_cryptkey;
279 zend_bool cookie_cryptua; 280 zend_bool cookie_cryptua;
@@ -282,30 +283,30 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
282 long cookie_checkraddr; 283 long cookie_checkraddr;
283 HashTable *cookie_plainlist; 284 HashTable *cookie_plainlist;
284 HashTable *cookie_cryptlist; 285 HashTable *cookie_cryptlist;
285 286
286 zend_bool coredump; 287 zend_bool coredump;
287 zend_bool apc_bug_workaround; 288 zend_bool apc_bug_workaround;
288 zend_bool already_scanned; 289 zend_bool already_scanned;
289 zend_bool do_not_scan; 290 zend_bool do_not_scan;
290 291
291 zend_bool server_encode; 292 zend_bool server_encode;
292 zend_bool server_strip; 293 zend_bool server_strip;
293 294
294 zend_bool disable_display_errors; 295 zend_bool disable_display_errors;
295 296
296 php_uint32 r_state[625]; 297 php_uint32 r_state[625];
297 php_uint32 *r_next; 298 php_uint32 *r_next;
298 int r_left; 299 int r_left;
299 zend_bool srand_ignore; 300 zend_bool srand_ignore;
300 zend_bool mt_srand_ignore; 301 zend_bool mt_srand_ignore;
301 php_uint32 mt_state[625]; 302 php_uint32 mt_state[625];
302 php_uint32 *mt_next; 303 php_uint32 *mt_next;
303 int mt_left; 304 int mt_left;
304 305
305 char *seedingkey; 306 char *seedingkey;
306 zend_bool reseed_every_request; 307 zend_bool reseed_every_request;
307 308
308 zend_bool r_is_seeded; 309 zend_bool r_is_seeded;
309 zend_bool mt_is_seeded; 310 zend_bool mt_is_seeded;
310 311
311 /* PERDIR Handling */ 312 /* PERDIR Handling */
diff --git a/rfc1867_new.c b/rfc1867_new.c
index e03de44..73da611 100644
--- a/rfc1867_new.c
+++ b/rfc1867_new.c
@@ -439,13 +439,14 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
439 newlines = 0; 439 newlines = 0;
440 440
441 } else if (buf_value.c) { /* If no ':' on the line, add to previous line */ 441 } else if (buf_value.c) { /* If no ':' on the line, add to previous line */
442 smart_str_appends(&buf_value, line);
443 newlines++; 442 newlines++;
444 if (newlines > SUHOSIN_G(upload_max_newlines)) { 443 if (newlines > SUHOSIN_G(upload_max_newlines)) {
445 SUHOSIN_G(abort_request) = 1; 444 SUHOSIN_G(abort_request) = 1;
446 suhosin_log(S_FILES, "configured maximum number of newlines in RFC1867 MIME headers limit exceeded - dropping rest of upload"); 445 suhosin_log(S_FILES, "configured maximum number of newlines in RFC1867 MIME headers limit exceeded - dropping rest of upload");
446 smart_str_free(&buf_value);
447 return 0; 447 return 0;
448 } 448 }
449 smart_str_appends(&buf_value, line);
449 450
450 } else { 451 } else {
451 continue; 452 continue;
@@ -870,15 +871,15 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler) /* {{{ */
870 value_len = new_value_len; 871 value_len = new_value_len;
871 } 872 }
872 } 873 }
873 874
874 if (suhosin_input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC) == 0) { 875 if (suhosin_input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC) == 0) {
875 SUHOSIN_G(abort_request)=1; 876 SUHOSIN_G(abort_request)=1;
876 efree(param); 877 efree(param);
877 efree(value); 878 efree(value);
878 continue; 879 continue;
879 } 880 }
880 881
881 if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { 882 if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, new_val_len, &new_val_len TSRMLS_CC)) {
882 if (&suhosin_rfc1867_filter != NULL) { 883 if (&suhosin_rfc1867_filter != NULL) {
883 multipart_event_formdata event_formdata; 884 multipart_event_formdata event_formdata;
884 size_t newlength = new_val_len; 885 size_t newlength = new_val_len;
@@ -979,7 +980,7 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler) /* {{{ */
979 temp_filename = NULL; 980 temp_filename = NULL;
980 fd = -1; 981 fd = -1;
981 982
982 if (!skip_upload && &suhosin_rfc1867_filter != NULL) { 983 if (!skip_upload && (&suhosin_rfc1867_filter != NULL)) {
983 multipart_event_file_start event_file_start; 984 multipart_event_file_start event_file_start;
984 985
985 event_file_start.post_bytes_processed = SG(read_post_bytes); 986 event_file_start.post_bytes_processed = SG(read_post_bytes);
diff --git a/session.c b/session.c
index dc78b5f..b89aa7f 100644
--- a/session.c
+++ b/session.c
@@ -18,7 +18,7 @@
18 +----------------------------------------------------------------------+ 18 +----------------------------------------------------------------------+
19*/ 19*/
20/* 20/*
21 $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 21 $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
22*/ 22*/
23 23
24#ifdef HAVE_CONFIG_H 24#ifdef HAVE_CONFIG_H
@@ -57,55 +57,55 @@ ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL;
57 57
58int suhosin_session_encode(char **newstr, int *newlen TSRMLS_DC) 58int suhosin_session_encode(char **newstr, int *newlen TSRMLS_DC)
59{ 59{
60 smart_str buf = {0}; 60 smart_str buf = {0};
61 php_serialize_data_t var_hash; 61 php_serialize_data_t var_hash;
62 PS_ENCODE_VARS; 62 PS_ENCODE_VARS;
63 63
64 PHP_VAR_SERIALIZE_INIT(var_hash); 64 PHP_VAR_SERIALIZE_INIT(var_hash);
65 65
66 PS_ENCODE_LOOP( 66 PS_ENCODE_LOOP(
67 smart_str_appendl(&buf, key, key_length); 67 smart_str_appendl(&buf, key, key_length);
68 if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) { 68 if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) {
69 PHP_VAR_SERIALIZE_DESTROY(var_hash); 69 PHP_VAR_SERIALIZE_DESTROY(var_hash);
70 smart_str_free(&buf); 70 smart_str_free(&buf);
71 return FAILURE; 71 return FAILURE;
72 } 72 }
73 smart_str_appendc(&buf, PS_DELIMITER); 73 smart_str_appendc(&buf, PS_DELIMITER);
74 74
75 php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); 75 php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
76 } else { 76 } else {
77 smart_str_appendc(&buf, PS_UNDEF_MARKER); 77 smart_str_appendc(&buf, PS_UNDEF_MARKER);
78 smart_str_appendl(&buf, key, key_length); 78 smart_str_appendl(&buf, key, key_length);
79 smart_str_appendc(&buf, PS_DELIMITER); 79 smart_str_appendc(&buf, PS_DELIMITER);
80 ); 80 );
81 81
82 if (newlen) { 82 if (newlen) {
83 *newlen = buf.len; 83 *newlen = buf.len;
84 } 84 }
85 smart_str_0(&buf); 85 smart_str_0(&buf);
86 *newstr = buf.c; 86 *newstr = buf.c;
87 87
88 PHP_VAR_SERIALIZE_DESTROY(var_hash); 88 PHP_VAR_SERIALIZE_DESTROY(var_hash);
89 return SUCCESS; 89 return SUCCESS;
90} 90}
91 91
92static void suhosin_send_cookie(TSRMLS_D) 92static void suhosin_send_cookie(TSRMLS_D)
93{ 93{
94 int * session_send_cookie = &SESSION_G(send_cookie); 94 int * session_send_cookie = &SESSION_G(send_cookie);
95 char * base; 95 char * base;
96 zend_ini_entry *ini_entry; 96 zend_ini_entry *ini_entry;
97 97
98 /* The following is requires to be 100% compatible to PHP 98 /* The following is requires to be 100% compatible to PHP
99 versions where the hash extension is not available by default */ 99 versions where the hash extension is not available by default */
100 if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) { 100 if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) {
101#ifndef ZTS 101#ifndef ZTS
102 base = (char *) ini_entry->mh_arg2; 102 base = (char *) ini_entry->mh_arg2;
103#else 103#else
104 base = (char *) ts_resource(*((int *) ini_entry->mh_arg2)); 104 base = (char *) ts_resource(*((int *) ini_entry->mh_arg2));
105#endif 105#endif
106 session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long)); 106 session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long));
107 } 107 }
108 *session_send_cookie = 1; 108 *session_send_cookie = 1;
109} 109}
110 110
111 111
@@ -115,254 +115,255 @@ static int (*old_SessionRINIT)(INIT_FUNC_ARGS) = NULL;
115 115
116static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC) 116static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC)
117{ 117{
118 int r; 118 int r;
119 119
120 int i;char *v,*KEY=(char *)key; 120 int i;char *v,*KEY=(char *)key;
121 121
122 /* protect session vars */ 122 /* protect session vars */
123/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { 123/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
124 SESSION_G(http_session_vars)->refcount++; 124 SESSION_G(http_session_vars)->refcount++;
125 }*/ 125 }*/
126 126
127 /* protect dumb session handlers */ 127 /* protect dumb session handlers */
128 if (key == NULL || !key[0] || 128 if (key == NULL || !key[0] ||
129 (*mod_data == NULL 129 (*mod_data == NULL
130 && !SESSION_G(mod_user_implemented) 130 && !SESSION_G(mod_user_implemented)
131 )) { 131 )) {
132regenerate: 132regenerate:
133 SDEBUG("regenerating key is %s", key); 133 SDEBUG("regenerating key is %s", key);
134 KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC); 134 KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
135 suhosin_send_cookie(TSRMLS_C); 135 suhosin_send_cookie(TSRMLS_C);
136 } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) { 136 } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) {
137 suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY); 137 suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY);
138 if (!SUHOSIN_G(simulation)) { 138 if (!SUHOSIN_G(simulation)) {
139 goto regenerate; 139 goto regenerate;
140 } 140 }
141 } 141 }
142
143 r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC);
142 144
143 r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC); 145 if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) {
146 char cryptkey[33];
144 147
145 if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) { 148 SUHOSIN_G(do_not_scan) = 1;
146 char cryptkey[33]; 149 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
147 150
148 SUHOSIN_G(do_not_scan) = 1; 151 v = *val;
149 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); 152 i = *vallen;
150 153 *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC);
151 v = *val; 154 SUHOSIN_G(do_not_scan) = 0;
152 i = *vallen; 155 if (*val == NULL) {
153 *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC); 156 *val = estrndup("", 0);
154 SUHOSIN_G(do_not_scan) = 0; 157 *vallen = 0;
155 if (*val == NULL) { 158 }
156 *val = estrndup("", 0); 159 efree(v);
157 *vallen = 0; 160 }
158 } 161
159 efree(v); 162 return r;
160 }
161
162 return r;
163} 163}
164 164
165static int suhosin_hook_s_write(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC) 165static int suhosin_hook_s_write(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC)
166{ 166{
167 int r; 167 int r;
168/* int nullify = 0;*/ 168/* int nullify = 0;*/
169 char *v = (char *)val; 169 char *v = (char *)val;
170 170
171 /* protect dumb session handlers */ 171 /* protect dumb session handlers */
172 if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || 172 if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
173 (*mod_data == NULL 173 (*mod_data == NULL
174 && !SESSION_G(mod_user_implemented) 174 && !SESSION_G(mod_user_implemented)
175 )) { 175 )) {
176 r = FAILURE; 176 r = FAILURE;
177 goto return_write; 177 goto return_write;
178 } 178 }
179 179
180 r = vallen; 180 r = vallen;
181
182 if (r > 0 && SUHOSIN_G(session_encrypt)) {
183 char cryptkey[33];
181 184
182 if (r > 0 && SUHOSIN_G(session_encrypt)) { 185 SUHOSIN_G(do_not_scan) = 1;
183 char cryptkey[33];
184 186
185 SUHOSIN_G(do_not_scan) = 1; 187 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC);
186 188
187 suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); 189 v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC);
188 190
189 v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC); 191 SUHOSIN_G(do_not_scan) = 0;
190 192 r = strlen(v);
191 SUHOSIN_G(do_not_scan) = 0; 193 }
192 r = strlen(v); 194
193 } 195 r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
194 196
195 r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC);
196
197return_write: 197return_write:
198 /* protect session vars */ 198 /* protect session vars */
199/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { 199/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
200 if (SESSION_G(http_session_vars)->refcount==1) { 200 if (SESSION_G(http_session_vars)->refcount==1) {
201 nullify = 1; 201 nullify = 1;
202 } 202 }
203 zval_ptr_dtor(&SESSION_G(http_session_vars)); 203 zval_ptr_dtor(&SESSION_G(http_session_vars));
204 if (nullify) { 204 if (nullify) {
205 suhosin_log(S_SESSION, "possible session variables double free attack stopped"); 205 suhosin_log(S_SESSION, "possible session variables double free attack stopped");
206 SESSION_G(http_session_vars) = NULL; 206 SESSION_G(http_session_vars) = NULL;
207 } 207 }
208 }*/ 208 }*/
209 209
210 return r; 210 return r;
211} 211}
212 212
213static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC) 213static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC)
214{ 214{
215 int r; 215 int r;
216 216
217 /* protect dumb session handlers */ 217 /* protect dumb session handlers */
218 if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || 218 if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
219 (*mod_data == NULL 219 (*mod_data == NULL
220 && !SESSION_G(mod_user_implemented) 220 && !SESSION_G(mod_user_implemented)
221 )) { 221 )) {
222 return FAILURE; 222 return FAILURE;
223 } 223 }
224 224
225 r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC); 225 r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC);
226 226
227 return r; 227 return r;
228} 228}
229 229
230static void suhosin_hook_session_module(TSRMLS_D) 230static void suhosin_hook_session_module(TSRMLS_D)
231{ 231{
232 ps_module *old_mod = SESSION_G(mod), *mod; 232 ps_module *old_mod = SESSION_G(mod), *mod;
233 233
234 if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) { 234 if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) {
235 return; 235 return;
236 } 236 }
237
238 if (SUHOSIN_G(s_module) == NULL) {
239 SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module));
240 if (mod == NULL) {
241 return;
242 }
243 }
237 244
238 if (SUHOSIN_G(s_module) == NULL) { 245 SUHOSIN_G(s_original_mod) = old_mod;
239 SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module)); 246
240 if (mod == NULL) { 247 mod = SUHOSIN_G(s_module);
241 return; 248 memcpy(mod, old_mod, sizeof(ps_module));
242 } 249
243 } 250 SUHOSIN_G(old_s_read) = mod->s_read;
244 251 mod->s_read = suhosin_hook_s_read;
245 SUHOSIN_G(s_original_mod) = old_mod; 252 SUHOSIN_G(old_s_write) = mod->s_write;
246 253 mod->s_write = suhosin_hook_s_write;
247 mod = SUHOSIN_G(s_module); 254 SUHOSIN_G(old_s_destroy) = mod->s_destroy;
248 memcpy(mod, old_mod, sizeof(ps_module)); 255 mod->s_destroy = suhosin_hook_s_destroy;
249 256
250 SUHOSIN_G(old_s_read) = mod->s_read; 257 SESSION_G(mod) = mod;
251 mod->s_read = suhosin_hook_s_read;
252 SUHOSIN_G(old_s_write) = mod->s_write;
253 mod->s_write = suhosin_hook_s_write;
254 SUHOSIN_G(old_s_destroy) = mod->s_destroy;
255 mod->s_destroy = suhosin_hook_s_destroy;
256
257 SESSION_G(mod) = mod;
258} 258}
259 259
260static PHP_INI_MH(suhosin_OnUpdateSaveHandler) 260static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
261{ 261{
262 int r; 262 int r;
263
264 if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
265 && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
266 return SUCCESS;
267 }
263 268
264 if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod) 269 SESSION_G(mod) = SUHOSIN_G(s_original_mod);
265 && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
266 return SUCCESS;
267 }
268 270
269 SESSION_G(mod) = SUHOSIN_G(s_original_mod); 271 r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
270 272
271 r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); 273 suhosin_hook_session_module(TSRMLS_C);
272
273 suhosin_hook_session_module(TSRMLS_C);
274 274
275 return r; 275 return r;
276} 276}
277 277
278 278
279static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS) 279static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS)
280{ 280{
281 if (SESSION_G(mod) == NULL) { 281 if (SESSION_G(mod) == NULL) {
282 char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0); 282 char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
283 283
284 if (value) { 284 if (value) {
285 suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC); 285 suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC);
286 } 286 }
287 } 287 }
288 return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU); 288 return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU);
289} 289}
290 290
291void suhosin_hook_session(TSRMLS_D) 291void suhosin_hook_session(TSRMLS_D)
292{ 292{
293 ps_serializer *serializer; 293 ps_serializer *serializer;
294 zend_ini_entry *ini_entry; 294 zend_ini_entry *ini_entry;
295 zend_module_entry *module; 295 zend_module_entry *module;
296#ifdef ZTS 296#ifdef ZTS
297 ts_rsrc_id *ps_globals_id_ptr; 297 ts_rsrc_id *ps_globals_id_ptr;
298#endif 298#endif
299 299
300 if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) { 300 if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) {
301 return; 301 return;
302 } 302 }
303 /* retrieve globals from module entry struct if possible */ 303 /* retrieve globals from module entry struct if possible */
304#ifdef ZTS 304#ifdef ZTS
305 if (session_globals_id == 0) { 305 if (session_globals_id == 0) {
306 session_globals_id = *module->globals_id_ptr; 306 session_globals_id = *module->globals_id_ptr;
307 } 307 }
308#else 308#else
309 if (session_globals == NULL) { 309 if (session_globals == NULL) {
310 session_globals = module->globals_ptr; 310 session_globals = module->globals_ptr;
311 } 311 }
312#endif 312#endif
313
314 if (old_OnUpdateSaveHandler != NULL) {
315 return;
316 }
317
318 /* hook request startup function of session module */
319 old_SessionRINIT = module->request_startup_func;
320 module->request_startup_func = suhosin_hook_session_RINIT;
321
322 /* retrieve pointer to session.save_handler ini entry */
323 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
324 return;
325 }
326 SUHOSIN_G(s_module) = NULL;
327 313
328 /* replace OnUpdateMemoryLimit handler */ 314 if (old_OnUpdateSaveHandler != NULL) {
329 old_OnUpdateSaveHandler = ini_entry->on_modify; 315 return;
330 ini_entry->on_modify = suhosin_OnUpdateSaveHandler; 316 }
331 317
332 suhosin_hook_session_module(TSRMLS_C); 318 /* hook request startup function of session module */
333 319 old_SessionRINIT = module->request_startup_func;
334 /* Protect the PHP serializer from ! attacks */ 320 module->request_startup_func = suhosin_hook_session_RINIT;
335 serializer = (ps_serializer *) SESSION_G(serializer);
336 if (serializer != NULL && strcmp(serializer->name, "php")==0) {
337 serializer->encode = suhosin_session_encode;
338 }
339 321
340 /* increase session identifier entropy */ 322 /* retrieve pointer to session.save_handler ini entry */
341 if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) { 323 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
342 324 return;
343 /* ensure that /dev/urandom exists */ 325 }
344 int fd = VCWD_OPEN("/dev/urandom", O_RDONLY); 326 SUHOSIN_G(s_module) = NULL;
345 if (fd >= 0) { 327
346 close(fd); 328 /* replace OnUpdateMemoryLimit handler */
347 SESSION_G(entropy_length) = 16; 329 old_OnUpdateSaveHandler = ini_entry->on_modify;
348 SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1); 330 ini_entry->on_modify = suhosin_OnUpdateSaveHandler;
349 } 331
350 } 332 suhosin_hook_session_module(TSRMLS_C);
333
334 /* Protect the PHP serializer from ! attacks */
335 serializer = (ps_serializer *) SESSION_G(serializer);
336 if (serializer != NULL && strcmp(serializer->name, "php")==0) {
337 serializer->encode = suhosin_session_encode;
338 }
339
340 /* increase session identifier entropy */
341 if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) {
342#ifndef PHP_WIN32
343 /* ensure that /dev/urandom exists */
344 int fd = VCWD_OPEN("/dev/urandom", O_RDONLY);
345 if (fd >= 0) {
346 close(fd);
347 SESSION_G(entropy_length) = 16;
348 SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1);
349 }
350#endif
351 }
351} 352}
352 353
353void suhosin_unhook_session(TSRMLS_D) 354void suhosin_unhook_session(TSRMLS_D)
354{ 355{
355 if (old_OnUpdateSaveHandler != NULL) { 356 if (old_OnUpdateSaveHandler != NULL) {
356 zend_ini_entry *ini_entry; 357 zend_ini_entry *ini_entry;
357 358
358 /* retrieve pointer to session.save_handler ini entry */ 359 /* retrieve pointer to session.save_handler ini entry */
359 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) { 360 if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) {
360 return; 361 return;
361 } 362 }
362 ini_entry->on_modify = old_OnUpdateSaveHandler; 363 ini_entry->on_modify = old_OnUpdateSaveHandler;
363 364
364 old_OnUpdateSaveHandler = NULL; 365 old_OnUpdateSaveHandler = NULL;
365 } 366 }
366 367
367} 368}
368 369
diff --git a/suhosin.c b/suhosin.c
index 862ba3c..32193c6 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -77,7 +77,7 @@ STATIC zend_extension suhosin_zend_extension_entry = {
77 NULL, 77 NULL,
78 suhosin_op_array_ctor, 78 suhosin_op_array_ctor,
79 suhosin_op_array_dtor, 79 suhosin_op_array_dtor,
80 80
81 STANDARD_ZEND_EXTENSION_PROPERTIES 81 STANDARD_ZEND_EXTENSION_PROPERTIES
82}; 82};
83 83
@@ -86,15 +86,15 @@ static void suhosin_op_array_ctor(zend_op_array *op_array)
86 TSRMLS_FETCH(); 86 TSRMLS_FETCH();
87 87
88 if (suhosin_zend_extension_entry.resource_number != -1) { 88 if (suhosin_zend_extension_entry.resource_number != -1) {
89 89
90 unsigned long suhosin_flags = 0; 90 unsigned long suhosin_flags = 0;
91 91
92 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { 92 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
93 suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL; 93 suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL;
94 } 94 }
95 95
96 op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags; 96 op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags;
97 97
98 } 98 }
99} 99}
100 100
@@ -112,16 +112,16 @@ static void suhosin_op_array_dtor(zend_op_array *op_array)
112static void stealth_op_array_ctor(zend_op_array *op_array) 112static void stealth_op_array_ctor(zend_op_array *op_array)
113{ 113{
114 if (orig_op_array_ctor != NULL) { 114 if (orig_op_array_ctor != NULL) {
115 orig_op_array_ctor(op_array); 115 orig_op_array_ctor(op_array);
116 } 116 }
117 suhosin_op_array_ctor(op_array); 117 suhosin_op_array_ctor(op_array);
118} 118}
119 119
120static void stealth_op_array_dtor(zend_op_array *op_array) 120static void stealth_op_array_dtor(zend_op_array *op_array)
121{ 121{
122 if (orig_op_array_dtor != NULL) { 122 if (orig_op_array_dtor != NULL) {
123 orig_op_array_dtor(op_array); 123 orig_op_array_dtor(op_array);
124 } 124 }
125 suhosin_op_array_dtor(op_array); 125 suhosin_op_array_dtor(op_array);
126} 126}
127 127
@@ -129,14 +129,14 @@ static int stealth_module_startup(zend_extension *extension)
129{ 129{
130 int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension); 130 int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension);
131 suhosin_module_startup(extension); 131 suhosin_module_startup(extension);
132 return r; 132 return r;
133} 133}
134 134
135static void stealth_module_shutdown(zend_extension *extension) 135static void stealth_module_shutdown(zend_extension *extension)
136{ 136{
137 if (orig_module_shutdown != NULL) { 137 if (orig_module_shutdown != NULL) {
138 orig_module_shutdown(extension); 138 orig_module_shutdown(extension);
139 } 139 }
140 suhosin_shutdown(extension); 140 suhosin_shutdown(extension);
141} 141}
142 142
@@ -146,22 +146,22 @@ static int suhosin_module_startup(zend_extension *extension)
146 zend_module_entry *module_entry_ptr; 146 zend_module_entry *module_entry_ptr;
147 int resid; 147 int resid;
148 TSRMLS_FETCH(); 148 TSRMLS_FETCH();
149 149
150/* zend_register_module(&suhosin_module_entry TSRMLS_CC); */ 150/* zend_register_module(&suhosin_module_entry TSRMLS_CC); */
151 151
152 if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) { 152 if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) {
153 153
154 if (extension) { 154 if (extension) {
155 extension->handle = module_entry_ptr->handle; 155 extension->handle = module_entry_ptr->handle;
156 } else { 156 } else {
157 zend_extension ext; 157 zend_extension ext;
158 ext = suhosin_zend_extension_entry; 158 ext = suhosin_zend_extension_entry;
159 ext.handle = module_entry_ptr->handle; 159 ext.handle = module_entry_ptr->handle;
160 /* 160 /*
161 zend_llist_add_element(&zend_extensions, &ext); 161 zend_llist_add_element(&zend_extensions, &ext);
162 extension = zend_llist_get_last(&zend_extensions); 162 extension = zend_llist_get_last(&zend_extensions);
163 */ 163 */
164 extension = &suhosin_zend_extension_entry; 164 extension = &suhosin_zend_extension_entry;
165 } 165 }
166 module_entry_ptr->handle = NULL; 166 module_entry_ptr->handle = NULL;
167 167
@@ -198,14 +198,13 @@ static void suhosin_shutdown(zend_extension *extension)
198 suhosin_unhook_header_handler(); 198 suhosin_unhook_header_handler();
199 suhosin_unhook_post_handlers(TSRMLS_C); 199 suhosin_unhook_post_handlers(TSRMLS_C);
200 /* suhosin_unhook_session(); - enabling this causes compability problems */ 200 /* suhosin_unhook_session(); - enabling this causes compability problems */
201 201
202 if (ze != NULL) { 202 if (ze != NULL) {
203 ze->startup = orig_module_startup; 203 ze->startup = orig_module_startup;
204 ze->shutdown = orig_module_shutdown; 204 ze->shutdown = orig_module_shutdown;
205 ze->op_array_ctor = orig_op_array_ctor; 205 ze->op_array_ctor = orig_op_array_ctor;
206 ze->op_array_dtor = orig_op_array_dtor; 206 ze->op_array_dtor = orig_op_array_dtor;
207 } 207 }
208
209} 208}
210 209
211 210
@@ -216,10 +215,10 @@ static int suhosin_startup_wrapper(zend_extension *ext)
216 char *new_info; 215 char *new_info;
217 int new_info_length; 216 int new_info_length;
218 TSRMLS_FETCH(); 217 TSRMLS_FETCH();
219 218
220 /* Ugly but working hack */ 219 /* Ugly but working hack */
221 new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n") 220 new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n")
222 + strlen(ext->author) 221 + strlen(ext->author)
223 + strlen(ex->name) 222 + strlen(ex->name)
224 + strlen(ex->version) 223 + strlen(ex->version)
225 + strlen(ex->copyright) 224 + strlen(ex->copyright)
@@ -230,43 +229,42 @@ static int suhosin_startup_wrapper(zend_extension *ext)
230 ext->author = new_info; 229 ext->author = new_info;
231 230
232 ze->startup = old_startup; 231 ze->startup = old_startup;
233 232
234 /* Stealth Mode */ 233 /* Stealth Mode */
235 orig_module_startup = ze->startup; 234 orig_module_startup = ze->startup;
236 orig_module_shutdown = ze->shutdown; 235 orig_module_shutdown = ze->shutdown;
237 orig_op_array_ctor = ze->op_array_ctor; 236 orig_op_array_ctor = ze->op_array_ctor;
238 orig_op_array_dtor = ze->op_array_dtor; 237 orig_op_array_dtor = ze->op_array_dtor;
239 238
240 /*if (SUHOSIN_G(stealth) != 0) {*/ 239 /*if (SUHOSIN_G(stealth) != 0) {*/
241 ze->startup = stealth_module_startup; 240 ze->startup = stealth_module_startup;
242 ze->shutdown = stealth_module_shutdown; 241 ze->shutdown = stealth_module_shutdown;
243 ze->op_array_ctor = stealth_op_array_ctor; 242 ze->op_array_ctor = stealth_op_array_ctor;
244 ze->op_array_dtor = stealth_op_array_dtor; 243 ze->op_array_dtor = stealth_op_array_dtor;
245 /*}*/ 244 /*}*/
246 245
247 if (old_startup != NULL) { 246 if (old_startup != NULL) {
248 res = old_startup(ext); 247 res = old_startup(ext);
249 } 248 }
250 249
251/* ex->name = NULL; 250/* ex->name = NULL;
252 ex->author = NULL; 251 ex->author = NULL;
253 ex->copyright = NULL; 252 ex->copyright = NULL;
254 ex->version = NULL;*/ 253 ex->version = NULL;*/
255 254
256 /*zend_extensions.head=NULL;*/ 255 /*zend_extensions.head=NULL;*/
257 256
258 suhosin_module_startup(NULL); 257 suhosin_module_startup(NULL);
259 258
260
261 return res; 259 return res;
262} 260}
263 261
264/*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/ 262/*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/
265 263
266#define PERDIR_CHECK(upper, lower) \ 264#define PERDIR_CHECK(upper, lower) \
267 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \ 265 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \
268 return FAILURE; \ 266 return FAILURE; \
269 } 267 }
270 268
271#define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log) 269#define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log)
272#define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec) 270#define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec)
@@ -283,94 +281,94 @@ static int suhosin_startup_wrapper(zend_extension *ext)
283 281
284static ZEND_INI_MH(OnUpdateSuhosin_perdir) 282static ZEND_INI_MH(OnUpdateSuhosin_perdir)
285{ 283{
286 char *tmp; 284 char *tmp;
287 285
288 if (SUHOSIN_G(perdir)) { 286 if (SUHOSIN_G(perdir)) {
289 pefree(SUHOSIN_G(perdir), 1); 287 pefree(SUHOSIN_G(perdir), 1);
290 } 288 }
291 SUHOSIN_G(perdir) = NULL; 289 SUHOSIN_G(perdir) = NULL;
292 290
293 /* Initialize the perdir flags */ 291 /* Initialize the perdir flags */
294 SUHOSIN_G(log_perdir) = 0; 292 SUHOSIN_G(log_perdir) = 0;
295 SUHOSIN_G(exec_perdir) = 0; 293 SUHOSIN_G(exec_perdir) = 0;
296 SUHOSIN_G(get_perdir) = 0; 294 SUHOSIN_G(get_perdir) = 0;
297 SUHOSIN_G(cookie_perdir) = 0; 295 SUHOSIN_G(cookie_perdir) = 0;
298 SUHOSIN_G(post_perdir) = 0; 296 SUHOSIN_G(post_perdir) = 0;
299 SUHOSIN_G(request_perdir) = 0; 297 SUHOSIN_G(request_perdir) = 0;
300 SUHOSIN_G(sql_perdir) = 0; 298 SUHOSIN_G(sql_perdir) = 0;
301 SUHOSIN_G(upload_perdir) = 0; 299 SUHOSIN_G(upload_perdir) = 0;
302 SUHOSIN_G(misc_perdir) = 0; 300 SUHOSIN_G(misc_perdir) = 0;
303 301
304 if (new_value == NULL) { 302 if (new_value == NULL) {
305 return SUCCESS; 303 return SUCCESS;
306 } 304 }
307 305
308 tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1); 306 tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1);
309 307
310 /* trim the whitespace */ 308 /* trim the whitespace */
311 while (isspace(*tmp)) tmp++; 309 while (isspace(*tmp)) tmp++;
312 310
313 /* should we deactivate perdir completely? */ 311 /* should we deactivate perdir completely? */
314 if (*tmp == 0 || *tmp == '0') { 312 if (*tmp == 0 || *tmp == '0') {
315 return SUCCESS; 313 return SUCCESS;
316 } 314 }
317 315
318 /* no deactivation so check the flags */ 316 /* no deactivation so check the flags */
319 while (*tmp) { 317 while (*tmp) {
320 switch (*tmp) { 318 switch (*tmp) {
321 case 'l': 319 case 'l':
322 case 'L': 320 case 'L':
323 SUHOSIN_G(log_perdir) = 1; 321 SUHOSIN_G(log_perdir) = 1;
324 break; 322 break;
325 case 'e': 323 case 'e':
326 case 'E': 324 case 'E':
327 SUHOSIN_G(exec_perdir) = 1; 325 SUHOSIN_G(exec_perdir) = 1;
328 break; 326 break;
329 case 'g': 327 case 'g':
330 case 'G': 328 case 'G':
331 SUHOSIN_G(get_perdir) = 1; 329 SUHOSIN_G(get_perdir) = 1;
332 break; 330 break;
333 case 'c': 331 case 'c':
334 case 'C': 332 case 'C':
335 SUHOSIN_G(cookie_perdir) = 1; 333 SUHOSIN_G(cookie_perdir) = 1;
336 break; 334 break;
337 case 'p': 335 case 'p':
338 case 'P': 336 case 'P':
339 SUHOSIN_G(post_perdir) = 1; 337 SUHOSIN_G(post_perdir) = 1;
340 break; 338 break;
341 case 'r': 339 case 'r':
342 case 'R': 340 case 'R':
343 SUHOSIN_G(request_perdir) = 1; 341 SUHOSIN_G(request_perdir) = 1;
344 break; 342 break;
345 case 's': 343 case 's':
346 case 'S': 344 case 'S':
347 SUHOSIN_G(sql_perdir) = 1; 345 SUHOSIN_G(sql_perdir) = 1;
348 break; 346 break;
349 case 'u': 347 case 'u':
350 case 'U': 348 case 'U':
351 SUHOSIN_G(upload_perdir) = 1; 349 SUHOSIN_G(upload_perdir) = 1;
352 break; 350 break;
353 case 'm': 351 case 'm':
354 case 'M': 352 case 'M':
355 SUHOSIN_G(misc_perdir) = 1; 353 SUHOSIN_G(misc_perdir) = 1;
356 break; 354 break;
357 } 355 }
358 tmp++; 356 tmp++;
359 } 357 }
360 return SUCCESS; 358 return SUCCESS;
361} 359}
362 360
363#define dohandler(handler, name, upper, lower) \ 361#define dohandler(handler, name, upper, lower) \
364 static ZEND_INI_MH(OnUpdate ## name ## handler) \ 362 static ZEND_INI_MH(OnUpdate ## name ## handler) \
365 { \ 363 { \
366 PERDIR_CHECK(upper, lower) \ 364 PERDIR_CHECK(upper, lower) \
367 return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \ 365 return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \
368 } \ 366 } \
369 367
370#define dohandlers(name, upper, lower) \ 368#define dohandlers(name, upper, lower) \
371 dohandler(Bool, name, upper, lower) \ 369 dohandler(Bool, name, upper, lower) \
372 dohandler(String, name, upper, lower) \ 370 dohandler(String, name, upper, lower) \
373 dohandler(Long, name, upper, lower) \ 371 dohandler(Long, name, upper, lower) \
374 372
375dohandlers(Log, LOG, log) 373dohandlers(Log, LOG, log)
376dohandlers(Exec, EXEC, exec) 374dohandlers(Exec, EXEC, exec)
@@ -384,7 +382,7 @@ dohandlers(SQL, SQL, sql)
384 382
385static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) 383static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
386{ 384{
387 LOG_PERDIR_CHECK() 385 LOG_PERDIR_CHECK()
388 if (!new_value) { 386 if (!new_value) {
389 SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY; 387 SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY;
390 } else { 388 } else {
@@ -399,7 +397,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
399} 397}
400static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) 398static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
401{ 399{
402 LOG_PERDIR_CHECK() 400 LOG_PERDIR_CHECK()
403 if (!new_value) { 401 if (!new_value) {
404 SUHOSIN_G(log_syslog_facility) = LOG_USER; 402 SUHOSIN_G(log_syslog_facility) = LOG_USER;
405 } else { 403 } else {
@@ -409,7 +407,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
409} 407}
410static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) 408static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
411{ 409{
412 LOG_PERDIR_CHECK() 410 LOG_PERDIR_CHECK()
413 if (!new_value) { 411 if (!new_value) {
414 SUHOSIN_G(log_syslog_priority) = LOG_ALERT; 412 SUHOSIN_G(log_syslog_priority) = LOG_ALERT;
415 } else { 413 } else {
@@ -419,7 +417,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
419} 417}
420static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) 418static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
421{ 419{
422 LOG_PERDIR_CHECK() 420 LOG_PERDIR_CHECK()
423 if (!new_value) { 421 if (!new_value) {
424 SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL); 422 SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL);
425 } else { 423 } else {
@@ -434,7 +432,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
434} 432}
435static ZEND_INI_MH(OnUpdateSuhosin_log_stdout) 433static ZEND_INI_MH(OnUpdateSuhosin_log_stdout)
436{ 434{
437 LOG_PERDIR_CHECK() 435 LOG_PERDIR_CHECK()
438 if (!new_value) { 436 if (!new_value) {
439 SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL); 437 SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL);
440 } else { 438 } else {
@@ -449,7 +447,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_stdout)
449} 447}
450static ZEND_INI_MH(OnUpdateSuhosin_log_script) 448static ZEND_INI_MH(OnUpdateSuhosin_log_script)
451{ 449{
452 LOG_PERDIR_CHECK() 450 LOG_PERDIR_CHECK()
453 if (!new_value) { 451 if (!new_value) {
454 SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY; 452 SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY;
455 } else { 453 } else {
@@ -464,11 +462,11 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_script)
464} 462}
465static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) 463static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
466{ 464{
467 LOG_PERDIR_CHECK() 465 LOG_PERDIR_CHECK()
468 if (SUHOSIN_G(log_scriptname)) { 466 if (SUHOSIN_G(log_scriptname)) {
469 pefree(SUHOSIN_G(log_scriptname),1); 467 pefree(SUHOSIN_G(log_scriptname),1);
470 } 468 }
471 SUHOSIN_G(log_scriptname) = NULL; 469 SUHOSIN_G(log_scriptname) = NULL;
472 if (new_value) { 470 if (new_value) {
473 SUHOSIN_G(log_scriptname) = pestrdup(new_value,1); 471 SUHOSIN_G(log_scriptname) = pestrdup(new_value,1);
474 } 472 }
@@ -476,7 +474,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
476} 474}
477static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) 475static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
478{ 476{
479 LOG_PERDIR_CHECK() 477 LOG_PERDIR_CHECK()
480 if (!new_value) { 478 if (!new_value) {
481 SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY; 479 SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY;
482 } else { 480 } else {
@@ -491,7 +489,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
491} 489}
492static ZEND_INI_MH(OnUpdateSuhosin_log_file) 490static ZEND_INI_MH(OnUpdateSuhosin_log_file)
493{ 491{
494 LOG_PERDIR_CHECK() 492 LOG_PERDIR_CHECK()
495 if (!new_value) { 493 if (!new_value) {
496 SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY; 494 SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY;
497 } else { 495 } else {
@@ -509,7 +507,7 @@ static void parse_list(HashTable **ht, char *list, zend_bool lc)
509{ 507{
510 char *s = NULL, *e, *val; 508 char *s = NULL, *e, *val;
511 unsigned long dummy = 1; 509 unsigned long dummy = 1;
512 510
513 if (list == NULL) { 511 if (list == NULL) {
514list_destroy: 512list_destroy:
515 if (*ht) { 513 if (*ht) {
@@ -523,17 +521,17 @@ list_destroy:
523 if (*list == 0) { 521 if (*list == 0) {
524 goto list_destroy; 522 goto list_destroy;
525 } 523 }
526 524
527 *ht = pemalloc(sizeof(HashTable), 1); 525 *ht = pemalloc(sizeof(HashTable), 1);
528 zend_hash_init(*ht, 5, NULL, NULL, 1); 526 zend_hash_init(*ht, 5, NULL, NULL, 1);
529 527
530 if (lc) { 528 if (lc) {
531 val = suhosin_str_tolower_dup(list, strlen(list)); 529 val = suhosin_str_tolower_dup(list, strlen(list));
532 } else { 530 } else {
533 val = estrndup(list, strlen(list)); 531 val = estrndup(list, strlen(list));
534 } 532 }
535 e = val; 533 e = val;
536 534
537 while (*e) { 535 while (*e) {
538 switch (*e) { 536 switch (*e) {
539 case ' ': 537 case ' ':
@@ -561,42 +559,42 @@ list_destroy:
561 559
562static ZEND_INI_MH(OnUpdate_include_blacklist) 560static ZEND_INI_MH(OnUpdate_include_blacklist)
563{ 561{
564 EXEC_PERDIR_CHECK() 562 EXEC_PERDIR_CHECK()
565 parse_list(&SUHOSIN_G(include_blacklist), new_value, 1); 563 parse_list(&SUHOSIN_G(include_blacklist), new_value, 1);
566 return SUCCESS; 564 return SUCCESS;
567} 565}
568 566
569static ZEND_INI_MH(OnUpdate_include_whitelist) 567static ZEND_INI_MH(OnUpdate_include_whitelist)
570{ 568{
571 EXEC_PERDIR_CHECK() 569 EXEC_PERDIR_CHECK()
572 parse_list(&SUHOSIN_G(include_whitelist), new_value, 1); 570 parse_list(&SUHOSIN_G(include_whitelist), new_value, 1);
573 return SUCCESS; 571 return SUCCESS;
574} 572}
575 573
576static ZEND_INI_MH(OnUpdate_func_blacklist) 574static ZEND_INI_MH(OnUpdate_func_blacklist)
577{ 575{
578 EXEC_PERDIR_CHECK() 576 EXEC_PERDIR_CHECK()
579 parse_list(&SUHOSIN_G(func_blacklist), new_value, 1); 577 parse_list(&SUHOSIN_G(func_blacklist), new_value, 1);
580 return SUCCESS; 578 return SUCCESS;
581} 579}
582 580
583static ZEND_INI_MH(OnUpdate_func_whitelist) 581static ZEND_INI_MH(OnUpdate_func_whitelist)
584{ 582{
585 EXEC_PERDIR_CHECK() 583 EXEC_PERDIR_CHECK()
586 parse_list(&SUHOSIN_G(func_whitelist), new_value, 1); 584 parse_list(&SUHOSIN_G(func_whitelist), new_value, 1);
587 return SUCCESS; 585 return SUCCESS;
588} 586}
589 587
590static ZEND_INI_MH(OnUpdate_eval_blacklist) 588static ZEND_INI_MH(OnUpdate_eval_blacklist)
591{ 589{
592 EXEC_PERDIR_CHECK() 590 EXEC_PERDIR_CHECK()
593 parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1); 591 parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1);
594 return SUCCESS; 592 return SUCCESS;
595} 593}
596 594
597static ZEND_INI_MH(OnUpdate_eval_whitelist) 595static ZEND_INI_MH(OnUpdate_eval_whitelist)
598{ 596{
599 EXEC_PERDIR_CHECK() 597 EXEC_PERDIR_CHECK()
600 parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1); 598 parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1);
601 return SUCCESS; 599 return SUCCESS;
602} 600}
@@ -662,16 +660,16 @@ static PHP_FUNCTION(suhosin_encrypt_cookie)
662 char *name, *value; 660 char *name, *value;
663 int name_len, value_len; 661 int name_len, value_len;
664 char cryptkey[33]; 662 char cryptkey[33];
665 663
666 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) { 664 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) {
667 return; 665 return;
668 } 666 }
669 667
670 if (!SUHOSIN_G(cookie_encrypt)) { 668 if (!SUHOSIN_G(cookie_encrypt)) {
671return_plain: 669return_plain:
672 RETURN_STRINGL(value, value_len, 1); 670 RETURN_STRINGL(value, value_len, 1);
673 } 671 }
674 672
675 if (SUHOSIN_G(cookie_plainlist)) { 673 if (SUHOSIN_G(cookie_plainlist)) {
676 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) { 674 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) {
677 goto return_plain; 675 goto return_plain;
@@ -681,10 +679,10 @@ return_plain:
681 goto return_plain; 679 goto return_plain;
682 } 680 }
683 } 681 }
684 682
685 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); 683 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC);
686 value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC); 684 value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC);
687 685
688 RETVAL_STRING(value, 0); 686 RETVAL_STRING(value, 0);
689} 687}
690/* }}} */ 688/* }}} */
@@ -697,9 +695,9 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
697 zval *array_ptr = return_value; 695 zval *array_ptr = return_value;
698 char *strtok_buf = NULL; 696 char *strtok_buf = NULL;
699 int val_len; 697 int val_len;
700 698
701 array_init(array_ptr); 699 array_init(array_ptr);
702 700
703 if (SUHOSIN_G(raw_cookie)) { 701 if (SUHOSIN_G(raw_cookie)) {
704 res = estrdup(SUHOSIN_G(raw_cookie)); 702 res = estrdup(SUHOSIN_G(raw_cookie));
705 } else { 703 } else {
@@ -715,7 +713,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
715 var = res; 713 var = res;
716 } 714 }
717 if (!*var) { continue; } 715 if (!*var) { continue; }
718 716
719 val = strchr(var, '='); 717 val = strchr(var, '=');
720 if (val) { /* have a value */ 718 if (val) { /* have a value */
721 *val++ = '\0'; 719 *val++ = '\0';
@@ -727,7 +725,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
727 val = ""; 725 val = "";
728 } 726 }
729 php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); 727 php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
730 728
731 } 729 }
732 730
733 efree(res); 731 efree(res);
@@ -787,14 +785,15 @@ static zend_ini_entry shared_ini_entries[] = {
787 STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals) 785 STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals)
788 STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) 786 STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals)
789ZEND_INI_END() 787ZEND_INI_END()
790 788
791PHP_INI_BEGIN() 789PHP_INI_BEGIN()
792 ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir) 790 STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals)
791 ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)
793 STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal, zend_suhosin_globals, suhosin_globals) 792 STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal, zend_suhosin_globals, suhosin_globals)
794 ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist) 793 ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist)
795 ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist) 794 ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist)
796 STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals) 795 STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals)
797 ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist) 796 ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist)
798 ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist) 797 ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist)
799 ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist) 798 ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist)
800 ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist) 799 ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist)
@@ -804,71 +803,71 @@ PHP_INI_BEGIN()
804 STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals) 803 STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals)
805 STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals) 804 STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals)
806 805
807 806
808 STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals) 807 STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals)
809 STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals) 808 STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals)
810 STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals) 809 STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals)
811 STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals) 810 STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals)
812 STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals) 811 STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals)
813 812
814 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals) 813 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals)
815 STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals) 814 STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals)
816 STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals) 815 STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals)
817 STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals) 816 STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals)
818 STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals) 817 STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals)
819
820
821 818
822 STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals)
823 STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals)
824 STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals)
825 STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals)
826 STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
827 STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
828 STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
829 STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
830 STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
831 STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
832
833 STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals)
834 STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals)
835 STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals)
836 STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals)
837 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals)
838 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals)
839 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals)
840 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals)
841 819
842 STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals)
843 STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals)
844 STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals)
845 STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals)
846 STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals)
847 STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals)
848 STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals)
849 STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals)
850 820
851 STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals) 821 STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals)
852 STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals) 822 STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals)
853 STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals) 823 STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals)
854 STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals) 824 STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals)
855 STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals) 825 STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
856 STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals) 826 STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
857 STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals) 827 STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
858 STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals) 828 STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
829 STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
830 STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
859 831
860 STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals) 832 STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals)
861 STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals) 833 STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals)
862 STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) 834 STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals)
863 STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) 835 STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals)
864 STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) 836 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals)
865#ifdef SUHOSIN_EXPERIMENTAL 837 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals)
866 STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) 838 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals)
867#endif 839 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals)
868 STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) 840
841 STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals)
842 STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals)
843 STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals)
844 STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals)
845 STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals)
846 STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals)
847 STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals)
848 STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals)
849
850 STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals)
851 STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals)
852 STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals)
853 STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals)
854 STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals)
855 STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals)
856 STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals)
857 STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals)
858
859 STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals)
860 STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals)
861 STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals)
862 STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals)
863 STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals)
864 #ifdef SUHOSIN_EXPERIMENTAL
865 STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals)
866 #endif
867 STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals)
869 868
870 869
871 STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals) 870 STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals)
872 STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals) 871 STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals)
873 STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals) 872 STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals)
874 STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals) 873 STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals)
@@ -882,8 +881,8 @@ PHP_INI_BEGIN()
882 STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals) 881 STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals)
883 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals) 882 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals)
884 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals) 883 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals)
885 STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals) 884 STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals)
886 STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals) 885 STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals)
887 STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals) 886 STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals)
888#else /* HAVE_PHP_SESSION */ 887#else /* HAVE_PHP_SESSION */
889#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT 888#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT
@@ -894,8 +893,8 @@ PHP_INI_BEGIN()
894 STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals) 893 STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals)
895 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals) 894 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals)
896 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals) 895 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals)
897 STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals) 896 STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals)
898 STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals) 897 STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals)
899 ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist) 898 ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist)
900 ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist) 899 ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist)
901 900
@@ -915,7 +914,7 @@ PHP_INI_END()
915 */ 914 */
916char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC) 915char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC)
917{ 916{
918 if (sapi_module.getenv) { 917 if (sapi_module.getenv) {
919 char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC); 918 char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC);
920 if (tmp) { 919 if (tmp) {
921 value = estrdup(tmp); 920 value = estrdup(tmp);
@@ -926,7 +925,7 @@ char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC)
926 } else { 925 } else {
927 /* fallback to the system's getenv() function */ 926 /* fallback to the system's getenv() function */
928 char *tmp; 927 char *tmp;
929 928
930 name = estrndup(name, name_len); 929 name = estrndup(name, name_len);
931 tmp = getenv(name); 930 tmp = getenv(name);
932 efree(name); 931 efree(name);
@@ -978,25 +977,25 @@ PHP_MINIT_FUNCTION(suhosin)
978 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); 977 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
979 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); 978 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
980 } 979 }
981 980
982 /* check if shared ini directives are already known (maybe a patched PHP) */ 981 /* check if shared ini directives are already known (maybe a patched PHP) */
983 if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) { 982 if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) {
984 983
985 /* and update them */ 984 /* and update them */
986 zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries; 985 zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries;
987 986
988 while (p->name) { 987 while (p->name) {
989 988
990 zend_ini_entry *i; 989 zend_ini_entry *i;
991 990
992 if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) { 991 if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) {
993 /* continue registering them */ 992 /* continue registering them */
994 zend_register_ini_entries(p, module_number TSRMLS_CC); 993 zend_register_ini_entries(p, module_number TSRMLS_CC);
995 break; 994 break;
996 } 995 }
997 996
998 SDEBUG("updating ini %s=%s", i->name, i->value); 997 SDEBUG("updating ini %s=%s", i->name, i->value);
999 998
1000 i->modifiable = p->modifiable; 999 i->modifiable = p->modifiable;
1001 i->module_number = module_number; 1000 i->module_number = module_number;
1002 i->on_modify = p->on_modify; 1001 i->on_modify = p->on_modify;
@@ -1007,15 +1006,15 @@ PHP_MINIT_FUNCTION(suhosin)
1007 p++; 1006 p++;
1008 } 1007 }
1009 } else { 1008 } else {
1010 1009
1011 /* not registered yet, then simply use the API */ 1010 /* not registered yet, then simply use the API */
1012 zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC); 1011 zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC);
1013 1012
1014 } 1013 }
1015 1014
1016 /* and register the rest of the ini entries */ 1015 /* and register the rest of the ini entries */
1017 REGISTER_INI_ENTRIES(); 1016 REGISTER_INI_ENTRIES();
1018 1017
1019 /* Force display_errors=off */ 1018 /* Force display_errors=off */
1020 if (SUHOSIN_G(disable_display_errors)) { 1019 if (SUHOSIN_G(disable_display_errors)) {
1021 zend_ini_entry *i; 1020 zend_ini_entry *i;
@@ -1033,14 +1032,14 @@ PHP_MINIT_FUNCTION(suhosin)
1033 } 1032 }
1034 } 1033 }
1035 } 1034 }
1036 1035
1037 /* Load invisible to other Zend Extensions */ 1036 /* Load invisible to other Zend Extensions */
1038 if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) { 1037 if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) {
1039 zend_extension extension; 1038 zend_extension extension;
1040 extension = suhosin_zend_extension_entry; 1039 extension = suhosin_zend_extension_entry;
1041 extension.handle = NULL; 1040 extension.handle = NULL;
1042 zend_llist_add_element(&zend_extensions, &extension); 1041 zend_llist_add_element(&zend_extensions, &extension);
1043 ze = NULL; 1042 ze = NULL;
1044 } else { 1043 } else {
1045 ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp); 1044 ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp);
1046 old_startup = ze->startup; 1045 old_startup = ze->startup;
@@ -1101,12 +1100,12 @@ PHP_RINIT_FUNCTION(suhosin)
1101PHP_RSHUTDOWN_FUNCTION(suhosin) 1100PHP_RSHUTDOWN_FUNCTION(suhosin)
1102{ 1101{
1103 SDEBUG("(RSHUTDOWN)"); 1102 SDEBUG("(RSHUTDOWN)");
1104 1103
1105 /* We need to clear the input filtering 1104 /* We need to clear the input filtering
1106 variables in the request shutdown 1105 variables in the request shutdown
1107 because input filtering is done before 1106 because input filtering is done before
1108 RINIT */ 1107 RINIT */
1109 1108
1110 SUHOSIN_G(cur_request_variables) = 0; 1109 SUHOSIN_G(cur_request_variables) = 0;
1111 SUHOSIN_G(cur_cookie_vars) = 0; 1110 SUHOSIN_G(cur_cookie_vars) = 0;
1112 SUHOSIN_G(cur_get_vars) = 0; 1111 SUHOSIN_G(cur_get_vars) = 0;
@@ -1117,28 +1116,28 @@ PHP_RSHUTDOWN_FUNCTION(suhosin)
1117 SUHOSIN_G(att_post_vars) = 0; 1116 SUHOSIN_G(att_post_vars) = 0;
1118 SUHOSIN_G(num_uploads) = 0; 1117 SUHOSIN_G(num_uploads) = 0;
1119 1118
1120 SUHOSIN_G(no_more_variables) = 0; 1119 SUHOSIN_G(no_more_variables) = 0;
1121 SUHOSIN_G(no_more_get_variables) = 0; 1120 SUHOSIN_G(no_more_get_variables) = 0;
1122 SUHOSIN_G(no_more_post_variables) = 0; 1121 SUHOSIN_G(no_more_post_variables) = 0;
1123 SUHOSIN_G(no_more_cookie_variables) = 0; 1122 SUHOSIN_G(no_more_cookie_variables) = 0;
1124 SUHOSIN_G(no_more_uploads) = 0; 1123 SUHOSIN_G(no_more_uploads) = 0;
1125 1124
1126 SUHOSIN_G(abort_request) = 0; 1125 SUHOSIN_G(abort_request) = 0;
1127 1126
1128 if (SUHOSIN_G(reseed_every_request)) { 1127 if (SUHOSIN_G(reseed_every_request)) {
1129 SUHOSIN_G(r_is_seeded) = 0; 1128 SUHOSIN_G(r_is_seeded) = 0;
1130 SUHOSIN_G(mt_is_seeded) = 0; 1129 SUHOSIN_G(mt_is_seeded) = 0;
1131 } 1130 }
1132 1131
1133 if (SUHOSIN_G(decrypted_cookie)) { 1132 if (SUHOSIN_G(decrypted_cookie)) {
1134 efree(SUHOSIN_G(decrypted_cookie)); 1133 efree(SUHOSIN_G(decrypted_cookie));
1135 SUHOSIN_G(decrypted_cookie)=NULL; 1134 SUHOSIN_G(decrypted_cookie)=NULL;
1136 } 1135 }
1137 if (SUHOSIN_G(raw_cookie)) { 1136 if (SUHOSIN_G(raw_cookie)) {
1138 efree(SUHOSIN_G(raw_cookie)); 1137 efree(SUHOSIN_G(raw_cookie));
1139 SUHOSIN_G(raw_cookie)=NULL; 1138 SUHOSIN_G(raw_cookie)=NULL;
1140 } 1139 }
1141 1140
1142 return SUCCESS; 1141 return SUCCESS;
1143} 1142}
1144/* }}} */ 1143/* }}} */
@@ -1147,9 +1146,9 @@ PHP_RSHUTDOWN_FUNCTION(suhosin)
1147 */ 1146 */
1148static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type) 1147static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type)
1149{ 1148{
1150 TSRMLS_FETCH(); 1149 TSRMLS_FETCH();
1151 1150
1152 PHPWRITE("[ protected ]", strlen("[ protected ]")); 1151 PHPWRITE("[ protected ]", strlen("[ protected ]"));
1153} 1152}
1154/* }}} */ 1153/* }}} */
1155 1154
@@ -1183,35 +1182,35 @@ PHP_MINFO_FUNCTION(suhosin)
1183 } 1182 }
1184 php_info_print_box_end(); 1183 php_info_print_box_end();
1185 1184
1186 if (SUHOSIN_G(protectkey)) { 1185 if (SUHOSIN_G(protectkey)) {
1187 zend_ini_entry *i; 1186 zend_ini_entry *i;
1188 1187
1189 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { 1188 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) {
1190 i->displayer = suhosin_ini_displayer; 1189 i->displayer = suhosin_ini_displayer;
1191 } 1190 }
1192 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { 1191 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) {
1193 i->displayer = suhosin_ini_displayer; 1192 i->displayer = suhosin_ini_displayer;
1194 } 1193 }
1195 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { 1194 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) {
1196 i->displayer = suhosin_ini_displayer; 1195 i->displayer = suhosin_ini_displayer;
1197 } 1196 }
1198 } 1197 }
1199 1198
1200 DISPLAY_INI_ENTRIES(); 1199 DISPLAY_INI_ENTRIES();
1201 1200
1202 if (SUHOSIN_G(protectkey)) { 1201 if (SUHOSIN_G(protectkey)) {
1203 zend_ini_entry *i; 1202 zend_ini_entry *i;
1204 1203
1205 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { 1204 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) {
1206 i->displayer = NULL; 1205 i->displayer = NULL;
1207 } 1206 }
1208 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { 1207 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) {
1209 i->displayer = NULL; 1208 i->displayer = NULL;
1210 } 1209 }
1211 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { 1210 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) {
1212 i->displayer = NULL; 1211 i->displayer = NULL;
1213 } 1212 }
1214 } 1213 }
1215 1214
1216} 1215}
1217/* }}} */ 1216/* }}} */
diff --git a/tests/executor/negative_memory_limit.phpt b/tests/executor/memory_limit_negative.phpt
index 7fad546..7fad546 100644
--- a/tests/executor/negative_memory_limit.phpt
+++ b/tests/executor/memory_limit_negative.phpt
diff --git a/tests/filter/input_filter_cookie_disallow_nul.phpt b/tests/filter/cookie_disallow_nul.phpt
index ae05ac6..ae05ac6 100644
--- a/tests/filter/input_filter_cookie_disallow_nul.phpt
+++ b/tests/filter/cookie_disallow_nul.phpt
diff --git a/tests/filter/get_filter_cookie_disallow_ws.phpt b/tests/filter/cookie_disallow_ws.phpt
index 3065b7d..3065b7d 100644
--- a/tests/filter/get_filter_cookie_disallow_ws.phpt
+++ b/tests/filter/cookie_disallow_ws.phpt
diff --git a/tests/filter/input_filter_cookie_max_array_depth.phpt b/tests/filter/cookie_max_array_depth.phpt
index 327fa36..327fa36 100644
--- a/tests/filter/input_filter_cookie_max_array_depth.phpt
+++ b/tests/filter/cookie_max_array_depth.phpt
diff --git a/tests/filter/input_filter_cookie_max_array_index_length.phpt b/tests/filter/cookie_max_array_index_length.phpt
index b954e63..b954e63 100644
--- a/tests/filter/input_filter_cookie_max_array_index_length.phpt
+++ b/tests/filter/cookie_max_array_index_length.phpt
diff --git a/tests/filter/input_filter_cookie_max_name_length.phpt b/tests/filter/cookie_max_name_length.phpt
index 38b8558..38b8558 100644
--- a/tests/filter/input_filter_cookie_max_name_length.phpt
+++ b/tests/filter/cookie_max_name_length.phpt
diff --git a/tests/filter/input_filter_cookie_max_totalname_length.phpt b/tests/filter/cookie_max_totalname_length.phpt
index b9324fc..b9324fc 100644
--- a/tests/filter/input_filter_cookie_max_totalname_length.phpt
+++ b/tests/filter/cookie_max_totalname_length.phpt
diff --git a/tests/filter/input_filter_cookie_max_value_length.phpt b/tests/filter/cookie_max_value_length.phpt
index d691c9e..d691c9e 100644
--- a/tests/filter/input_filter_cookie_max_value_length.phpt
+++ b/tests/filter/cookie_max_value_length.phpt
diff --git a/tests/filter/input_filter_cookie_max_vars.phpt b/tests/filter/cookie_max_vars.phpt
index fed391e..fed391e 100644
--- a/tests/filter/input_filter_cookie_max_vars.phpt
+++ b/tests/filter/cookie_max_vars.phpt
diff --git a/tests/filter/get_filter_allow_ws.phpt b/tests/filter/get_allow_ws.phpt
index 2a0445c..2a0445c 100644
--- a/tests/filter/get_filter_allow_ws.phpt
+++ b/tests/filter/get_allow_ws.phpt
diff --git a/tests/filter/input_filter_get_disallow_nul.phpt b/tests/filter/get_disallow_nul.phpt
index 5a5b506..5a5b506 100644
--- a/tests/filter/input_filter_get_disallow_nul.phpt
+++ b/tests/filter/get_disallow_nul.phpt
diff --git a/tests/filter/get_filter_get_disallow_ws.phpt b/tests/filter/get_disallow_ws.phpt
index 9495486..9495486 100644
--- a/tests/filter/get_filter_get_disallow_ws.phpt
+++ b/tests/filter/get_disallow_ws.phpt
diff --git a/tests/filter/input_filter_get_max_array_depth.phpt b/tests/filter/get_max_array_depth.phpt
index 99fb666..99fb666 100644
--- a/tests/filter/input_filter_get_max_array_depth.phpt
+++ b/tests/filter/get_max_array_depth.phpt
diff --git a/tests/filter/input_filter_get_max_array_index_length.phpt b/tests/filter/get_max_array_index_length.phpt
index 54bf610..54bf610 100644
--- a/tests/filter/input_filter_get_max_array_index_length.phpt
+++ b/tests/filter/get_max_array_index_length.phpt
diff --git a/tests/filter/input_filter_get_max_name_length.phpt b/tests/filter/get_max_name_length.phpt
index 76ca5f6..76ca5f6 100644
--- a/tests/filter/input_filter_get_max_name_length.phpt
+++ b/tests/filter/get_max_name_length.phpt
diff --git a/tests/filter/input_filter_get_max_totalname_length.phpt b/tests/filter/get_max_totalname_length.phpt
index 675708d..675708d 100644
--- a/tests/filter/input_filter_get_max_totalname_length.phpt
+++ b/tests/filter/get_max_totalname_length.phpt
diff --git a/tests/filter/input_filter_get_max_value_length.phpt b/tests/filter/get_max_value_length.phpt
index 3fa0cb7..3fa0cb7 100644
--- a/tests/filter/input_filter_get_max_value_length.phpt
+++ b/tests/filter/get_max_value_length.phpt
diff --git a/tests/filter/input_filter_post_disallow_nul.phpt b/tests/filter/post_disallow_nul.phpt
index 99462b8..99462b8 100644
--- a/tests/filter/input_filter_post_disallow_nul.phpt
+++ b/tests/filter/post_disallow_nul.phpt
diff --git a/tests/filter/input_filter_post_disallow_nul_rfc1867.phpt b/tests/filter/post_disallow_nul_rfc1867.phpt
index 21fba1f..21fba1f 100644
--- a/tests/filter/input_filter_post_disallow_nul_rfc1867.phpt
+++ b/tests/filter/post_disallow_nul_rfc1867.phpt
Binary files differ
diff --git a/tests/filter/get_filter_post_disallow_ws.phpt b/tests/filter/post_disallow_ws.phpt
index 003afa5..003afa5 100644
--- a/tests/filter/get_filter_post_disallow_ws.phpt
+++ b/tests/filter/post_disallow_ws.phpt
diff --git a/tests/filter/post_fileupload_array_index_blacklist.phpt b/tests/filter/post_fileupload_array_index_blacklist.phpt
index 7e19014..2bf0a57 100644
--- a/tests/filter/post_fileupload_array_index_blacklist.phpt
+++ b/tests/filter/post_fileupload_array_index_blacklist.phpt
@@ -11,7 +11,7 @@ auto_append_file={PWD}/suhosintest.$$.log.tmp
11file_uploads=1 11file_uploads=1
12suhosin.request.array_index_blacklist=ABC 12suhosin.request.array_index_blacklist=ABC
13--SKIPIF-- 13--SKIPIF--
14<?php include('skipif.inc'); ?> 14<?php include('../skipif.inc'); ?>
15--COOKIE-- 15--COOKIE--
16--GET-- 16--GET--
17--POST_RAW-- 17--POST_RAW--
diff --git a/tests/filter/post_fileupload_array_index_whitelist.phpt b/tests/filter/post_fileupload_array_index_whitelist.phpt
index b910c44..f76aeb3 100644
--- a/tests/filter/post_fileupload_array_index_whitelist.phpt
+++ b/tests/filter/post_fileupload_array_index_whitelist.phpt
@@ -11,7 +11,7 @@ auto_append_file={PWD}/suhosintest.$$.log.tmp
11file_uploads=1 11file_uploads=1
12suhosin.request.array_index_whitelist=abcdefghijklmnopqrstuvwxyz 12suhosin.request.array_index_whitelist=abcdefghijklmnopqrstuvwxyz
13--SKIPIF-- 13--SKIPIF--
14<?php include('skipif.inc'); ?> 14<?php include('../skipif.inc'); ?>
15--COOKIE-- 15--COOKIE--
16--GET-- 16--GET--
17--POST_RAW-- 17--POST_RAW--
diff --git a/tests/filter/input_filter_post_max_array_depth.phpt b/tests/filter/post_max_array_depth.phpt
index 5bf8858..5bf8858 100644
--- a/tests/filter/input_filter_post_max_array_depth.phpt
+++ b/tests/filter/post_max_array_depth.phpt
diff --git a/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt b/tests/filter/post_max_array_depth_rfc1867.phpt
index b2eab71..b2eab71 100644
--- a/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt
+++ b/tests/filter/post_max_array_depth_rfc1867.phpt
diff --git a/tests/filter/input_filter_post_max_array_index_length.phpt b/tests/filter/post_max_array_index_length.phpt
index 285b30e..285b30e 100644
--- a/tests/filter/input_filter_post_max_array_index_length.phpt
+++ b/tests/filter/post_max_array_index_length.phpt
diff --git a/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt b/tests/filter/post_max_array_index_length_rfc1867.phpt
index a3a19fa..a3a19fa 100644
--- a/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt
+++ b/tests/filter/post_max_array_index_length_rfc1867.phpt
diff --git a/tests/filter/input_filter_post_max_name_length.phpt b/tests/filter/post_max_name_length.phpt
index cf7b35d..cf7b35d 100644
--- a/tests/filter/input_filter_post_max_name_length.phpt
+++ b/tests/filter/post_max_name_length.phpt
diff --git a/tests/filter/input_filter_post_max_name_length_rfc1867.phpt b/tests/filter/post_max_name_length_rfc1867.phpt
index 4ad072c..4ad072c 100644
--- a/tests/filter/input_filter_post_max_name_length_rfc1867.phpt
+++ b/tests/filter/post_max_name_length_rfc1867.phpt
diff --git a/tests/filter/input_filter_post_max_totalname_length.phpt b/tests/filter/post_max_totalname_length.phpt
index 1fef2bb..1fef2bb 100644
--- a/tests/filter/input_filter_post_max_totalname_length.phpt
+++ b/tests/filter/post_max_totalname_length.phpt
diff --git a/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt b/tests/filter/post_max_totalname_length_rfc1867.phpt
index f8fa6db..f8fa6db 100644
--- a/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt
+++ b/tests/filter/post_max_totalname_length_rfc1867.phpt
diff --git a/tests/filter/input_filter_post_max_value_length.phpt b/tests/filter/post_max_value_length.phpt
index 7c5493f..7c5493f 100644
--- a/tests/filter/input_filter_post_max_value_length.phpt
+++ b/tests/filter/post_max_value_length.phpt
diff --git a/tests/filter/input_filter_post_max_value_length_rfc1867.phpt b/tests/filter/post_max_value_length_rfc1867.phpt
index a788dfd..a788dfd 100644
--- a/tests/filter/input_filter_post_max_value_length_rfc1867.phpt
+++ b/tests/filter/post_max_value_length_rfc1867.phpt
Binary files differ
diff --git a/tests/filter/input_filter_request_array_index_blacklist.phpt b/tests/filter/request_array_index_blacklist.phpt
index ead85c5..d85c2e9 100644
--- a/tests/filter/input_filter_request_array_index_blacklist.phpt
+++ b/tests/filter/request_array_index_blacklist.phpt
@@ -10,7 +10,7 @@ suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp
10auto_append_file={PWD}/suhosintest.$$.log.tmp 10auto_append_file={PWD}/suhosintest.$$.log.tmp
11suhosin.request.array_index_blacklist="=ABC%{}\\$;" 11suhosin.request.array_index_blacklist="=ABC%{}\\$;"
12--SKIPIF-- 12--SKIPIF--
13<?php include('skipif.inc'); ?> 13<?php include('../skipif.inc'); ?>
14--COOKIE-- 14--COOKIE--
15var1[aaa]=1;var2[bbB]=1;var3[ccc][ccC]=1 15var1[aaa]=1;var2[bbB]=1;var3[ccc][ccC]=1
16--GET-- 16--GET--
diff --git a/tests/filter/input_filter_request_array_index_whitelist.phpt b/tests/filter/request_array_index_whitelist.phpt
index a091574..131ad42 100644
--- a/tests/filter/input_filter_request_array_index_whitelist.phpt
+++ b/tests/filter/request_array_index_whitelist.phpt
@@ -10,7 +10,7 @@ suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp
10auto_append_file={PWD}/suhosintest.$$.log.tmp 10auto_append_file={PWD}/suhosintest.$$.log.tmp
11suhosin.request.array_index_whitelist=abcdefghijklmnopqrstuvwxyz 11suhosin.request.array_index_whitelist=abcdefghijklmnopqrstuvwxyz
12--SKIPIF-- 12--SKIPIF--
13<?php include('skipif.inc'); ?> 13<?php include('../skipif.inc'); ?>
14--COOKIE-- 14--COOKIE--
15var1[aaa]=1;var2[bbB]=1;var3[ccc][ccC]=1 15var1[aaa]=1;var2[bbB]=1;var3[ccc][ccC]=1
16--GET-- 16--GET--
diff --git a/tests/filter/input_filter_request_disallow_nul.phpt b/tests/filter/request_disallow_nul.phpt
index 0e9636f..0e9636f 100644
--- a/tests/filter/input_filter_request_disallow_nul.phpt
+++ b/tests/filter/request_disallow_nul.phpt
diff --git a/tests/filter/get_filter_request_disallow_ws.phpt b/tests/filter/request_disallow_ws.phpt
index fe69e78..fe69e78 100644
--- a/tests/filter/get_filter_request_disallow_ws.phpt
+++ b/tests/filter/request_disallow_ws.phpt
diff --git a/tests/filter/input_filter_request_max_array_depth.phpt b/tests/filter/request_max_array_depth.phpt
index 0f10afe..0f10afe 100644
--- a/tests/filter/input_filter_request_max_array_depth.phpt
+++ b/tests/filter/request_max_array_depth.phpt
diff --git a/tests/filter/input_filter_request_max_array_index_length.phpt b/tests/filter/request_max_array_index_length.phpt
index 84b3849..84b3849 100644
--- a/tests/filter/input_filter_request_max_array_index_length.phpt
+++ b/tests/filter/request_max_array_index_length.phpt
diff --git a/tests/filter/input_filter_request_max_name_length.phpt b/tests/filter/request_max_name_length.phpt
index e231447..e231447 100644
--- a/tests/filter/input_filter_request_max_name_length.phpt
+++ b/tests/filter/request_max_name_length.phpt
diff --git a/tests/filter/input_filter_request_max_totalname_length.phpt b/tests/filter/request_max_totalname_length.phpt
index e4ddd5b..e4ddd5b 100644
--- a/tests/filter/input_filter_request_max_totalname_length.phpt
+++ b/tests/filter/request_max_totalname_length.phpt
diff --git a/tests/logging/log_max_error_length.phpt b/tests/logging/log_max_error_length.phpt
new file mode 100644
index 0000000..e6984c7
--- /dev/null
+++ b/tests/logging/log_max_error_length.phpt
@@ -0,0 +1,19 @@
1--TEST--
2Testing: suhosin.log.use-x-forwarded-for=On (without X-Forwarded-For set)
3--SKIPIF--
4<?php include "../skipifnotcli.inc"; ?>
5--INI--
6suhosin.log.syslog=0
7suhosin.log.sapi=0
8suhosin.log.script=0
9suhosin.log.file=255
10suhosin.log.file.time=0
11suhosin.log.max_error_length=20
12suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp
13auto_append_file={PWD}/suhosintest.$$.log.tmp
14--FILE--
15<?php
16 ini_set("memory_limit", "-1");
17?>
18--EXPECTF--
19ALERT - script tried to disa... %s
diff --git a/treat_data.c b/treat_data.c
index 0008a7a..a838b89 100644
--- a/treat_data.c
+++ b/treat_data.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: treat_data.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: treat_data.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -38,12 +38,12 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
38 zval *array_ptr; 38 zval *array_ptr;
39 int free_buffer = 0; 39 int free_buffer = 0;
40 char *strtok_buf = NULL; 40 char *strtok_buf = NULL;
41 41
42 long count = 0; 42 long count = 0;
43 43
44 /* Mark that we were not yet called */ 44 /* Mark that we were not yet called */
45 SUHOSIN_G(already_scanned) = 0; 45 SUHOSIN_G(already_scanned) = 0;
46 46
47 switch (arg) { 47 switch (arg) {
48 case PARSE_POST: 48 case PARSE_POST:
49 case PARSE_GET: 49 case PARSE_GET:
@@ -57,9 +57,9 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
57 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]); 57 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
58 } 58 }
59 PG(http_globals)[TRACK_VARS_POST] = array_ptr; 59 PG(http_globals)[TRACK_VARS_POST] = array_ptr;
60 60
61 if (SUHOSIN_G(max_request_variables) && (SUHOSIN_G(max_post_vars) == 0 || 61 if (SUHOSIN_G(max_request_variables) && (SUHOSIN_G(max_post_vars) == 0 ||
62 SUHOSIN_G(max_request_variables) <= SUHOSIN_G(max_post_vars))) { 62 SUHOSIN_G(max_request_variables) <= SUHOSIN_G(max_post_vars))) {
63 SUHOSIN_G(max_post_vars) = SUHOSIN_G(max_request_variables); 63 SUHOSIN_G(max_post_vars) = SUHOSIN_G(max_request_variables);
64 } 64 }
65 break; 65 break;
@@ -68,8 +68,8 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
68 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]); 68 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
69 } 69 }
70 PG(http_globals)[TRACK_VARS_GET] = array_ptr; 70 PG(http_globals)[TRACK_VARS_GET] = array_ptr;
71 if (SUHOSIN_G(max_request_variables) && (SUHOSIN_G(max_get_vars) == 0 || 71 if (SUHOSIN_G(max_request_variables) && (SUHOSIN_G(max_get_vars) == 0 ||
72 SUHOSIN_G(max_request_variables) <= SUHOSIN_G(max_get_vars))) { 72 SUHOSIN_G(max_request_variables) <= SUHOSIN_G(max_get_vars))) {
73 SUHOSIN_G(max_get_vars) = SUHOSIN_G(max_request_variables); 73 SUHOSIN_G(max_get_vars) = SUHOSIN_G(max_request_variables);
74 } 74 }
75 break; 75 break;
@@ -78,10 +78,10 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
78 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]); 78 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
79 } 79 }
80 PG(http_globals)[TRACK_VARS_COOKIE] = array_ptr; 80 PG(http_globals)[TRACK_VARS_COOKIE] = array_ptr;
81 if (SUHOSIN_G(max_request_variables) && (SUHOSIN_G(max_cookie_vars) == 0 || 81 if (SUHOSIN_G(max_request_variables) && (SUHOSIN_G(max_cookie_vars) == 0 ||
82 SUHOSIN_G(max_request_variables) <= SUHOSIN_G(max_cookie_vars))) { 82 SUHOSIN_G(max_request_variables) <= SUHOSIN_G(max_cookie_vars))) {
83 SUHOSIN_G(max_cookie_vars) = SUHOSIN_G(max_request_variables); 83 SUHOSIN_G(max_cookie_vars) = SUHOSIN_G(max_request_variables);
84 } 84 }
85 break; 85 break;
86 } 86 }
87 break; 87 break;
@@ -133,11 +133,11 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
133 separator = ";\0"; 133 separator = ";\0";
134 break; 134 break;
135 } 135 }
136 136
137 var = php_strtok_r(res, separator, &strtok_buf); 137 var = php_strtok_r(res, separator, &strtok_buf);
138 138
139 while (var) { 139 while (var) {
140 140
141 if (arg == PARSE_COOKIE) { 141 if (arg == PARSE_COOKIE) {
142 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */ 142 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
143 while (isspace(*var)) { 143 while (isspace(*var)) {
@@ -145,12 +145,12 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
145 } 145 }
146 } 146 }
147 val = strchr(var, '='); 147 val = strchr(var, '=');
148 148
149 if (++count > PG(max_input_vars)) { 149 if (++count > PG(max_input_vars)) {
150 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); 150 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
151 break; 151 break;
152 } 152 }
153 153
154 if (val) { /* have a value */ 154 if (val) { /* have a value */
155 int val_len; 155 int val_len;
156 unsigned int new_val_len; 156 unsigned int new_val_len;
@@ -217,5 +217,3 @@ void suhosin_hook_treat_data()
217 * vim600: noet sw=4 ts=4 fdm=marker 217 * vim600: noet sw=4 ts=4 fdm=marker
218 * vim<600: noet sw=4 ts=4 218 * vim<600: noet sw=4 ts=4
219 */ 219 */
220
221
diff --git a/ufilter.c b/ufilter.c
index 203d76c..73573ad 100644
--- a/ufilter.c
+++ b/ufilter.c
@@ -17,7 +17,7 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19/* 19/*
20 $Id: ufilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 20 $Id: ufilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
21*/ 21*/
22 22
23#ifdef HAVE_CONFIG_H 23#ifdef HAVE_CONFIG_H
@@ -48,12 +48,12 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
48 48
49 /* Normalize the variable name */ 49 /* Normalize the variable name */
50 normalize_varname(var); 50 normalize_varname(var);
51 51
52 /* Find length of variable name */ 52 /* Find length of variable name */
53 index = strchr(var, '['); 53 index = strchr(var, '[');
54 total_len = strlen(var); 54 total_len = strlen(var);
55 var_len = index ? index-var : total_len; 55 var_len = index ? index-var : total_len;
56 56
57 /* Drop this variable if it exceeds the varname/total length limit */ 57 /* Drop this variable if it exceeds the varname/total length limit */
58 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) { 58 if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) {
59 suhosin_log(S_FILES, "configured request variable name length limit exceeded - dropped variable '%s'", var); 59 suhosin_log(S_FILES, "configured request variable name length limit exceeded - dropped variable '%s'", var);
@@ -79,38 +79,38 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
79 goto return_failure; 79 goto return_failure;
80 } 80 }
81 } 81 }
82 82
83 /* Find out array depth */ 83 /* Find out array depth */
84 while (index) { 84 while (index) {
85 char *index_end; 85 char *index_end;
86 unsigned int index_length; 86 unsigned int index_length;
87 87
88 /* overjump '[' */ 88 /* overjump '[' */
89 index++; 89 index++;
90 90
91 /* increase array depth */ 91 /* increase array depth */
92 depth++; 92 depth++;
93 93
94 index_end = strchr(index, ']'); 94 index_end = strchr(index, ']');
95 if (index_end == NULL) { 95 if (index_end == NULL) {
96 index_end = index+strlen(index); 96 index_end = index+strlen(index);
97 } 97 }
98 98
99 index_length = index_end - index; 99 index_length = index_end - index;
100 100
101 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { 101 if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
102 suhosin_log(S_FILES, "configured request variable array index length limit exceeded - dropped variable '%s'", var); 102 suhosin_log(S_FILES, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
103 if (!SUHOSIN_G(simulation)) { 103 if (!SUHOSIN_G(simulation)) {
104 goto return_failure; 104 goto return_failure;
105 } 105 }
106 } 106 }
107 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) { 107 if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) {
108 suhosin_log(S_FILES, "configured POST variable array index length limit exceeded - dropped variable '%s'", var); 108 suhosin_log(S_FILES, "configured POST variable array index length limit exceeded - dropped variable '%s'", var);
109 if (!SUHOSIN_G(simulation)) { 109 if (!SUHOSIN_G(simulation)) {
110 goto return_failure; 110 goto return_failure;
111 } 111 }
112 } 112 }
113 113
114 /* index whitelist/blacklist */ 114 /* index whitelist/blacklist */
115 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { 115 if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
116 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { 116 if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
@@ -127,11 +127,11 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
127 } 127 }
128 } 128 }
129 } 129 }
130 130
131 131
132 index = strchr(index, '['); 132 index = strchr(index, '[');
133 } 133 }
134 134
135 /* Drop this variable if it exceeds the array depth limit */ 135 /* Drop this variable if it exceeds the array depth limit */
136 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) { 136 if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) {
137 suhosin_log(S_FILES, "configured request variable array depth limit exceeded - dropped variable '%s'", var); 137 suhosin_log(S_FILES, "configured request variable array depth limit exceeded - dropped variable '%s'", var);
@@ -145,8 +145,8 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
145 goto return_failure; 145 goto return_failure;
146 } 146 }
147 } 147 }
148 148
149 149
150 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ 150 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
151 /* This is to protect several silly scripts that do globalizing themself */ 151 /* This is to protect several silly scripts that do globalizing themself */
152 if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE || suhosin_is_protected_varname(var, var_len)) { 152 if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE || suhosin_is_protected_varname(var, var_len)) {
@@ -158,10 +158,10 @@ static int check_fileupload_varname(char *varname TSRMLS_DC)
158 158
159 efree(var); 159 efree(var);
160 return SUCCESS; 160 return SUCCESS;
161 161
162return_failure: 162return_failure:
163 efree(var); 163 efree(var);
164 return FAILURE; 164 return FAILURE;
165} 165}
166/* }}} */ 166/* }}} */
167 167
@@ -200,54 +200,54 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
200 SDEBUG("rfc1867_filter %u", event); 200 SDEBUG("rfc1867_filter %u", event);
201 201
202 switch (event) { 202 switch (event) {
203 case MULTIPART_EVENT_START: 203 case MULTIPART_EVENT_START:
204 case MULTIPART_EVENT_FORMDATA: 204 case MULTIPART_EVENT_FORMDATA:
205 /* nothing todo */ 205 /* nothing todo */
206 break; 206 break;
207 207
208 case MULTIPART_EVENT_FILE_START: 208 case MULTIPART_EVENT_FILE_START:
209 { 209 {
210 multipart_event_file_start *mefs = (multipart_event_file_start *) event_data; 210 multipart_event_file_start *mefs = (multipart_event_file_start *) event_data;
211 211
212 /* Drop if no more variables flag is set */ 212 /* Drop if no more variables flag is set */
213 if (SUHOSIN_G(no_more_uploads)) { 213 if (SUHOSIN_G(no_more_uploads)) {
214 goto continue_with_failure; 214 goto continue_with_failure;
215 } 215 }
216 216
217 /* Drop this fileupload if the limit is reached */ 217 /* Drop this fileupload if the limit is reached */
218 if (SUHOSIN_G(upload_limit) && SUHOSIN_G(upload_limit) <= SUHOSIN_G(num_uploads)) { 218 if (SUHOSIN_G(upload_limit) && SUHOSIN_G(upload_limit) <= SUHOSIN_G(num_uploads)) {
219 suhosin_log(S_FILES, "configured fileupload limit exceeded - file dropped"); 219 suhosin_log(S_FILES, "configured fileupload limit exceeded - file dropped");
220 if (!SUHOSIN_G(simulation)) { 220 if (!SUHOSIN_G(simulation)) {
221 SUHOSIN_G(no_more_uploads) = 1; 221 SUHOSIN_G(no_more_uploads) = 1;
222 goto continue_with_failure; 222 goto continue_with_failure;
223 } 223 }
224 } 224 }
225
226
227 if (check_fileupload_varname(mefs->name TSRMLS_CC) == FAILURE) {
228 goto continue_with_failure;
229 }
230 }
231
232 break;
233 225
234 case MULTIPART_EVENT_FILE_DATA:
235 226
236 if (SUHOSIN_G(upload_disallow_elf)) { 227 if (check_fileupload_varname(mefs->name TSRMLS_CC) == FAILURE) {
237 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; 228 goto continue_with_failure;
238 229 }
239 if (mefd->offset == 0 && mefd->length > 10) { 230 }
240 if (mefd->data[0] == 0x7F && mefd->data[1] == 'E' && mefd->data[2] == 'L' && mefd->data[3] == 'F') { 231
241 suhosin_log(S_FILES, "uploaded file is an ELF executable - file dropped"); 232 break;
242 if (!SUHOSIN_G(simulation)) { 233
243 goto continue_with_failure; 234 case MULTIPART_EVENT_FILE_DATA:
244 } 235
245 } 236 if (SUHOSIN_G(upload_disallow_elf)) {
246 } 237 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data;
247 } 238
248 239 if (mefd->offset == 0 && mefd->length > 10) {
240 if (mefd->data[0] == 0x7F && mefd->data[1] == 'E' && mefd->data[2] == 'L' && mefd->data[3] == 'F') {
241 suhosin_log(S_FILES, "uploaded file is an ELF executable - file dropped");
242 if (!SUHOSIN_G(simulation)) {
243 goto continue_with_failure;
244 }
245 }
246 }
247 }
248
249 if (SUHOSIN_G(upload_disallow_binary)) { 249 if (SUHOSIN_G(upload_disallow_binary)) {
250 250
251 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; 251 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data;
252 252
253 char *cp, *cpend; 253 char *cp, *cpend;
@@ -275,11 +275,11 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
275 } 275 }
276 276
277 if (SUHOSIN_G(upload_remove_binary)) { 277 if (SUHOSIN_G(upload_remove_binary)) {
278 278
279 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; 279 multipart_event_file_data *mefd = (multipart_event_file_data *) event_data;
280 size_t i, j; 280 size_t i, j;
281 int n; 281 int n;
282 282
283 for (i=0, j=0; i<mefd->length; i++) { 283 for (i=0, j=0; i<mefd->length; i++) {
284 if (mefd->data[i] >= 32 || isspace(mefd->data[i])) { 284 if (mefd->data[i] >= 32 || isspace(mefd->data[i])) {
285 mefd->data[j++] = mefd->data[i]; 285 mefd->data[j++] = mefd->data[i];
@@ -296,7 +296,7 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
296#endif 296#endif
297 } 297 }
298 mefd->data[j] = '\0'; 298 mefd->data[j] = '\0';
299 299
300 SDEBUG("removing binary %zu %zu",i,j); 300 SDEBUG("removing binary %zu %zu",i,j);
301 /* IMPORTANT FOR DAISY CHAINING */ 301 /* IMPORTANT FOR DAISY CHAINING */
302 mefd->length = j; 302 mefd->length = j;
@@ -304,31 +304,31 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
304 *mefd->newlength = j; 304 *mefd->newlength = j;
305 } 305 }
306 } 306 }
307
308 break;
309 307
310 case MULTIPART_EVENT_FILE_END: 308 break;
311 309
312 if (SUHOSIN_G(upload_verification_script)) { 310 case MULTIPART_EVENT_FILE_END:
313 multipart_event_file_end *mefe = (multipart_event_file_end *) event_data; 311
314 char cmd[8192]; 312 if (SUHOSIN_G(upload_verification_script)) {
315 FILE *in; 313 multipart_event_file_end *mefe = (multipart_event_file_end *) event_data;
316 int first=1; 314 char cmd[8192];
315 FILE *in;
316 int first=1;
317 struct stat st; 317 struct stat st;
318 char *sname = SUHOSIN_G(upload_verification_script); 318 char *sname = SUHOSIN_G(upload_verification_script);
319 319
320 /* ignore files that will get deleted anyway */ 320 /* ignore files that will get deleted anyway */
321 if (mefe->cancel_upload) { 321 if (mefe->cancel_upload) {
322 break; 322 break;
323 } 323 }
324 324
325 /* ignore empty scriptnames */ 325 /* ignore empty scriptnames */
326 while (isspace(*sname)) ++sname; 326 while (isspace(*sname)) ++sname;
327 if (*sname == 0) { 327 if (*sname == 0) {
328 SUHOSIN_G(num_uploads)++; 328 SUHOSIN_G(num_uploads)++;
329 break; 329 break;
330 } 330 }
331 331
332 if (VCWD_STAT(sname, &st) < 0) { 332 if (VCWD_STAT(sname, &st) < 0) {
333 suhosin_log(S_FILES, "unable to find fileupload verification script %s - file dropped", sname); 333 suhosin_log(S_FILES, "unable to find fileupload verification script %s - file dropped", sname);
334 if (!SUHOSIN_G(simulation)) { 334 if (!SUHOSIN_G(simulation)) {
@@ -343,29 +343,29 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
343 goto continue_with_failure; 343 goto continue_with_failure;
344 } else { 344 } else {
345 goto continue_with_next; 345 goto continue_with_next;
346 } 346 }
347 } 347 }
348
349 ap_php_snprintf(cmd, sizeof(cmd), "%s %s 2>&1", sname, mefe->temp_filename);
350 348
351 if ((in=VCWD_POPEN(cmd, "r"))==NULL) { 349 ap_php_snprintf(cmd, sizeof(cmd), "%s %s 2>&1", sname, mefe->temp_filename);
352 suhosin_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", sname); 350
353 if (!SUHOSIN_G(simulation)) { 351 if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
354 goto continue_with_failure; 352 suhosin_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", sname);
355 } else { 353 if (!SUHOSIN_G(simulation)) {
356 goto continue_with_next; 354 goto continue_with_failure;
357 } 355 } else {
358 } 356 goto continue_with_next;
359 357 }
360 retval = FAILURE; 358 }
361 359
362 /* read and forget the result */ 360 retval = FAILURE;
363 while (1) { 361
364 int readbytes = fread(cmd, 1, sizeof(cmd), in); 362 /* read and forget the result */
365 if (readbytes<=0) { 363 while (1) {
366 break; 364 int readbytes = fread(cmd, 1, sizeof(cmd), in);
367 } 365 if (readbytes<=0) {
368 if (first) { 366 break;
367 }
368 if (first) {
369 if (strncmp(cmd, "sh: ", 4) == 0) { 369 if (strncmp(cmd, "sh: ", 4) == 0) {
370 /* assume this is an error */ 370 /* assume this is an error */
371 suhosin_log(S_FILES, "error while executing fileupload verification script %s - file dropped", sname); 371 suhosin_log(S_FILES, "error while executing fileupload verification script %s - file dropped", sname);
@@ -378,30 +378,30 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
378 retval = atoi(cmd) == 1 ? SUCCESS : FAILURE; 378 retval = atoi(cmd) == 1 ? SUCCESS : FAILURE;
379 first = 0; 379 first = 0;
380 } 380 }
381 } 381 }
382 } 382 }
383 pclose(in); 383 pclose(in);
384 } 384 }
385
386 if (retval != SUCCESS) {
387 suhosin_log(S_FILES, "fileupload verification script disallows file - file dropped");
388 if (!SUHOSIN_G(simulation)) {
389 goto continue_with_failure;
390 }
391 }
385 392
386 if (retval != SUCCESS) { 393 SUHOSIN_G(num_uploads)++;
387 suhosin_log(S_FILES, "fileupload verification script disallows file - file dropped"); 394 break;
388 if (!SUHOSIN_G(simulation)) {
389 goto continue_with_failure;
390 }
391 }
392 395
393 SUHOSIN_G(num_uploads)++; 396 case MULTIPART_EVENT_END:
394 break; 397 /* nothing todo */
398 break;
395 399
396 case MULTIPART_EVENT_END: 400 default:
397 /* nothing todo */ 401 /* unknown: return failure */
398 break; 402 goto continue_with_failure;
399
400 default:
401 /* unknown: return failure */
402 goto continue_with_failure;
403 } 403 }
404continue_with_next: 404continue_with_next:
405#if HAVE_RFC1867_CALLBACK 405#if HAVE_RFC1867_CALLBACK
406 if (php_rfc1867_callback != NULL) { 406 if (php_rfc1867_callback != NULL) {
407 return php_rfc1867_callback(event, event_data, extra TSRMLS_CC); 407 return php_rfc1867_callback(event, event_data, extra TSRMLS_CC);
@@ -409,7 +409,7 @@ continue_with_next:
409#endif 409#endif
410 return SUCCESS; 410 return SUCCESS;
411continue_with_failure: 411continue_with_failure:
412 SUHOSIN_G(abort_request) = 1; 412 SUHOSIN_G(abort_request) = 1;
413 return FAILURE; 413 return FAILURE;
414} 414}
415 415