diff options
| -rw-r--r-- | Changelog | 1 | ||||
| -rw-r--r-- | execute.c | 18 | ||||
| -rw-r--r-- | suhosin.ini | 3 |
3 files changed, 16 insertions, 6 deletions
| @@ -4,6 +4,7 @@ | |||
| 4 | by suhosin.server.encode and suhosin.server.strip | 4 | by suhosin.server.encode and suhosin.server.strip |
| 5 | - Fixed crash bug with PHP 5.3.x and session module (due to changed session globals struct) | 5 | - Fixed crash bug with PHP 5.3.x and session module (due to changed session globals struct) |
| 6 | - Added ! protection to PHP session serializer | 6 | - Added ! protection to PHP session serializer |
| 7 | - *Changed* simulation mode now also affects (dis)allowed functions | ||
| 7 | 8 | ||
| 8 | 2009-08-15 - 0.9.29 | 9 | 2009-08-15 - 0.9.29 |
| 9 | 10 | ||
| @@ -1577,7 +1577,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re | |||
| 1577 | #ifdef ZEND_ENGINE_2 | 1577 | #ifdef ZEND_ENGINE_2 |
| 1578 | return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr; | 1578 | return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr; |
| 1579 | #else | 1579 | #else |
| 1580 | return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr; | 1580 | return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr; |
| 1581 | #endif | 1581 | #endif |
| 1582 | ht = execute_data_ptr->opline->extended_value; | 1582 | ht = execute_data_ptr->opline->extended_value; |
| 1583 | 1583 | ||
| @@ -1588,12 +1588,16 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re | |||
| 1588 | if (SUHOSIN_G(eval_whitelist) != NULL) { | 1588 | if (SUHOSIN_G(eval_whitelist) != NULL) { |
| 1589 | if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) { | 1589 | if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) { |
| 1590 | suhosin_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", lcname); | 1590 | suhosin_log(S_EXECUTOR, "function outside of eval whitelist called: %s()", lcname); |
| 1591 | goto execute_internal_bailout; | 1591 | if (!SUHOSIN_G(simulation)) { |
| 1592 | goto execute_internal_bailout; | ||
| 1593 | } | ||
| 1592 | } | 1594 | } |
| 1593 | } else if (SUHOSIN_G(eval_blacklist) != NULL) { | 1595 | } else if (SUHOSIN_G(eval_blacklist) != NULL) { |
| 1594 | if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, function_name_strlen+1)) { | 1596 | if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, function_name_strlen+1)) { |
| 1595 | suhosin_log(S_EXECUTOR, "function within eval blacklist called: %s()", lcname); | 1597 | suhosin_log(S_EXECUTOR, "function within eval blacklist called: %s()", lcname); |
| 1596 | goto execute_internal_bailout; | 1598 | if (!SUHOSIN_G(simulation)) { |
| 1599 | goto execute_internal_bailout; | ||
| 1600 | } | ||
| 1597 | } | 1601 | } |
| 1598 | } | 1602 | } |
| 1599 | } | 1603 | } |
| @@ -1601,12 +1605,16 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re | |||
| 1601 | if (SUHOSIN_G(func_whitelist) != NULL) { | 1605 | if (SUHOSIN_G(func_whitelist) != NULL) { |
| 1602 | if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) { | 1606 | if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) { |
| 1603 | suhosin_log(S_EXECUTOR, "function outside of whitelist called: %s()", lcname); | 1607 | suhosin_log(S_EXECUTOR, "function outside of whitelist called: %s()", lcname); |
| 1604 | goto execute_internal_bailout; | 1608 | if (!SUHOSIN_G(simulation)) { |
| 1609 | goto execute_internal_bailout; | ||
| 1610 | } | ||
| 1605 | } | 1611 | } |
| 1606 | } else if (SUHOSIN_G(func_blacklist) != NULL) { | 1612 | } else if (SUHOSIN_G(func_blacklist) != NULL) { |
| 1607 | if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, function_name_strlen+1)) { | 1613 | if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, function_name_strlen+1)) { |
| 1608 | suhosin_log(S_EXECUTOR, "function within blacklist called: %s()", lcname); | 1614 | suhosin_log(S_EXECUTOR, "function within blacklist called: %s()", lcname); |
| 1609 | goto execute_internal_bailout; | 1615 | if (!SUHOSIN_G(simulation)) { |
| 1616 | goto execute_internal_bailout; | ||
| 1617 | } | ||
| 1610 | } | 1618 | } |
| 1611 | } | 1619 | } |
| 1612 | 1620 | ||
diff --git a/suhosin.ini b/suhosin.ini index 9696e7b..2420501 100644 --- a/suhosin.ini +++ b/suhosin.ini | |||
| @@ -134,7 +134,8 @@ extension = suhosin.so | |||
| 134 | ; If you fear that Suhosin breaks your application, you can activate Suhosin's | 134 | ; If you fear that Suhosin breaks your application, you can activate Suhosin's |
| 135 | ; simulation mode with this flag. When Suhosin runs in simulation mode, | 135 | ; simulation mode with this flag. When Suhosin runs in simulation mode, |
| 136 | ; violations are logged as usual, but nothing is blocked or removed from the | 136 | ; violations are logged as usual, but nothing is blocked or removed from the |
| 137 | ; request. (Transparent Encryptions are NOT deactivated in simulation mode.) | 137 | ; request. (Transparent features are NOT deactivated in simulation mode.) |
| 138 | ; (since v0.9.30 affects (dis)allowed functions) | ||
| 138 | ;suhosin.simulation = Off | 139 | ;suhosin.simulation = Off |
| 139 | 140 | ||
| 140 | ; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot | 141 | ; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot |