From 200e697807b4de3af042edb3dea4d3db8fba9f03 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 23 Sep 2016 17:35:03 +0200 Subject: whitespace / code indentation --- execute.c | 598 +++++++++++++++++++++++++++++----------------------------- header.c | 84 ++++----- ifilter.c | 236 ++++++++++++----------- php_suhosin.h | 46 ++--- session.c | 470 ++++++++++++++++++++++----------------------- suhosin.c | 538 ++++++++++++++++++++++++++-------------------------- ufilter.c | 266 +++++++++++++------------- 7 files changed, 1111 insertions(+), 1127 deletions(-) diff --git a/execute.c b/execute.c index e3cd0b3..4d5d41b 100644 --- a/execute.c +++ b/execute.c @@ -85,7 +85,7 @@ conts: for (t=h; *n; t++, n++) { if (toupper(*t) != toupper(*n)) goto conts; } - return ((char*)h-1); + return ((char*)h-1); } } @@ -126,7 +126,7 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC) return SUHOSIN_CODE_TYPE_LONGNAME; } memcpy(fname, s, len); - fname[len] = 0; + fname[len] = 0; s = (char *)&fname; e = s + len; @@ -134,14 +134,14 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC) if (len != strlen(s)) { return SUHOSIN_CODE_TYPE_0FILE; } - + /* disallow uploaded files */ if (SG(rfc1867_uploaded_files)) { if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) s, e-s+1)) { return SUHOSIN_CODE_TYPE_UPLOADED; } } - + /* count number of directory traversals */ for (i=0; i < len-3; i++) { if (s[i] == '.' && s[i+1] == '.' && (s[i+2] == '/' || s[i+2] == '\\')) { @@ -152,7 +152,7 @@ static int suhosin_check_filename(char *s, int len TSRMLS_DC) if (SUHOSIN_G(executor_include_max_traversal) && SUHOSIN_G(executor_include_max_traversal)<=count) { return SUHOSIN_CODE_TYPE_MANYDOTS; } - + SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist)); /* no black or whitelist then disallow all */ if (SUHOSIN_G(include_whitelist)==NULL && SUHOSIN_G(include_blacklist)==NULL) { @@ -160,29 +160,29 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist)); if (strstr(s, "://") != NULL || suhosin_strcasestr(s, "data:") != NULL) { return SUHOSIN_CODE_TYPE_BADURL; } - } else + } else /* whitelist is stronger than blacklist */ if (SUHOSIN_G(include_whitelist)) { - + do { isOk = 0; - + h = strstr(s, "://"); h2 = suhosin_strcasestr(s, "data:"); h2 = h2 == NULL ? NULL : h2 + 4; t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); if (h == NULL) break; - + while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { t--; } - + tlen = e-t; - + zend_hash_internal_pointer_reset(SUHOSIN_G(include_whitelist)); do { int r = zend_hash_get_current_key_ex(SUHOSIN_G(include_whitelist), &index, &indexlen, &numindex, 0, NULL); - + if (r==HASH_KEY_NON_EXISTANT) { break; } @@ -194,28 +194,28 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist)); } } } - + zend_hash_move_forward(SUHOSIN_G(include_whitelist)); } while (1); - + /* not found in whitelist */ if (!isOk) { return SUHOSIN_CODE_TYPE_BADURL; } - + s = h + 1; } while (1); } else { - + do { int tlen; - + h = strstr(s, "://"); h2 = suhosin_strcasestr(s, "data:"); h2 = h2 == NULL ? NULL : h2 + 4; t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); if (h == NULL) break; - + while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { t--; } @@ -236,21 +236,21 @@ SDEBUG("xxx %p %p",SUHOSIN_G(include_whitelist),SUHOSIN_G(include_blacklist)); } } } - + zend_hash_move_forward(SUHOSIN_G(include_blacklist)); } while (1); - + s = h + 1; } while (1); } /* disallow writable files */ if (!SUHOSIN_G(executor_include_allow_writable_files)) { - /* protection against *REMOTE* attacks, potential - race condition of access() is irrelevant */ - if (access(s, W_OK) == 0) { - return SUHOSIN_CODE_TYPE_WRITABLE; - } + /* protection against *REMOTE* attacks, potential + race condition of access() is irrelevant */ + if (access(s, W_OK) == 0) { + return SUHOSIN_CODE_TYPE_WRITABLE; + } } return SUHOSIN_CODE_TYPE_GOODFILE; @@ -265,39 +265,39 @@ static int suhosin_zend_stream_open(const char *filename, zend_file_handle *fh T exd=EG(current_execute_data); if (EG(in_execution) && (exd!=NULL) && (exd->opline != NULL) && (exd->opline->opcode == ZEND_INCLUDE_OR_EVAL)) { int filetype = suhosin_check_filename((char *)filename, strlen(filename) TSRMLS_CC); - + switch (filetype) { - case SUHOSIN_CODE_TYPE_LONGNAME: + case SUHOSIN_CODE_TYPE_LONGNAME: suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename); suhosin_bailout(TSRMLS_C); break; - case SUHOSIN_CODE_TYPE_UPLOADED: + case SUHOSIN_CODE_TYPE_UPLOADED: suhosin_log(S_INCLUDE, "Include filename is an uploaded file"); suhosin_bailout(TSRMLS_C); break; - - case SUHOSIN_CODE_TYPE_0FILE: + + case SUHOSIN_CODE_TYPE_0FILE: suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character"); suhosin_bailout(TSRMLS_C); break; - - case SUHOSIN_CODE_TYPE_WRITABLE: + + case SUHOSIN_CODE_TYPE_WRITABLE: suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename); suhosin_bailout(TSRMLS_C); - break; + break; - case SUHOSIN_CODE_TYPE_BLACKURL: + case SUHOSIN_CODE_TYPE_BLACKURL: suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename); suhosin_bailout(TSRMLS_C); break; - - case SUHOSIN_CODE_TYPE_BADURL: + + case SUHOSIN_CODE_TYPE_BADURL: suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename); suhosin_bailout(TSRMLS_C); break; - case SUHOSIN_CODE_TYPE_MANYDOTS: + case SUHOSIN_CODE_TYPE_MANYDOTS: suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename); suhosin_bailout(TSRMLS_C); break; @@ -313,14 +313,13 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC) int r; s = (char *)op_array->filename; - + /* eval, assert, create_function, preg_replace */ if (op_array->type == ZEND_EVAL_CODE) { - if (s == NULL) { return SUHOSIN_CODE_TYPE_UNKNOWN; } - + if (strstr(s, "eval()'d code") != NULL) { return SUHOSIN_CODE_TYPE_EVAL; } @@ -340,7 +339,7 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC) if (strstr(s, "runtime-created function") != NULL) { return SUHOSIN_CODE_TYPE_CFUNC; } - + if (strstr(s, "Command line code") != NULL) { return SUHOSIN_CODE_TYPE_COMMANDLINE; } @@ -356,22 +355,15 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC) if (strstr(s, "Command line end code") != NULL) { return SUHOSIN_CODE_TYPE_COMMANDLINE; } - + if (strstr(s, "suhosin internal code") != NULL) { return SUHOSIN_CODE_TYPE_SUHOSIN; } - } else { - r = suhosin_check_filename(s, strlen(s) TSRMLS_CC); -/* switch (r) { - case SUHOSIN_CODE_TYPE_GOODFILE: - break; - } */ return r; - } - + return SUHOSIN_CODE_TYPE_UNKNOWN; } @@ -391,12 +383,12 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML zval cs; zend_uint orig_code_type; unsigned long *suhosin_flags = NULL; - + /* log variable dropping statistics */ if (SUHOSIN_G(abort_request)) { - + SUHOSIN_G(abort_request) = 0; /* we only want this to happen the first time */ - + if (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0) { suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables), @@ -404,33 +396,33 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars), SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars)); } - + if (!SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) { - + char *action = SUHOSIN_G(filter_action); long code = -1; - + while (*action == ' ' || *action == '\t') action++; - + if (*action >= '0' && *action <= '9') { char *end = action; while (*end && *end != ',' && *end != ';') end++; code = zend_atoi(action, end-action); action = end; } - + while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++; - + if (*action) { - + if (strncasecmp("http://", action, sizeof("http://")-1)==0 || strncasecmp("https://", action, sizeof("https://")-1)==0) { sapi_header_line ctr = {0}; - + if (code == -1) { code = 302; } - + ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); ctr.response_code = code; sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); @@ -439,11 +431,11 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML zend_file_handle file_handle; zend_op_array *new_op_array; zval *result = NULL; - + if (code == -1) { code = 200; } - + if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) { if (!file_handle.opened_path) { file_handle.opened_path = estrndup(action, strlen(action)); @@ -472,24 +464,24 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML } } } - + sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC); zend_bailout(); } } - + SDEBUG("%s %s", op_array->filename, op_array->function_name); - + SUHOSIN_G(execution_depth)++; - + if (SUHOSIN_G(max_execution_depth) && SUHOSIN_G(execution_depth) > SUHOSIN_G(max_execution_depth)) { suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated"); suhosin_bailout(TSRMLS_C); } - + fn = (char *)op_array->filename; len = strlen(fn); - + orig_code_type = SUHOSIN_G(in_code_type); if (op_array->type == ZEND_EVAL_CODE) { SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; @@ -497,7 +489,7 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML if (suhosin_zend_extension_entry.resource_number != -1) { suhosin_flags = (unsigned long *) &op_array->reserved[suhosin_zend_extension_entry.resource_number]; SDEBUG("suhosin flags: %08lx", *suhosin_flags); - + if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) { SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; } @@ -505,7 +497,7 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML goto not_evaled_code; } } - + if (strstr(op_array->filename, "eval()'d code")) { SUHOSIN_G(in_code_type) = SUHOSIN_EVAL; } else { @@ -523,39 +515,39 @@ not_evaled_code: /* if (SUHOSIN_G(deactivate)) { goto continue_execution; } -*/ +*/ op_array_type = suhosin_detect_codetype(op_array TSRMLS_CC); - + switch (op_array_type) { - case SUHOSIN_CODE_TYPE_EVAL: - if (SUHOSIN_G(executor_disable_eval)) { - suhosin_log(S_EXECUTOR|S_GETCALLER, "use of eval is forbidden by configuration"); - if (!SUHOSIN_G(simulation)) { - zend_error(E_ERROR, "SUHOSIN - Use of eval is forbidden by configuration"); - } - } - break; - - case SUHOSIN_CODE_TYPE_REGEXP: - if (SUHOSIN_G(executor_disable_emod)) { - suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration"); - if (!SUHOSIN_G(simulation)) { - zend_error(E_ERROR, "SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration"); - } - } - break; - + case SUHOSIN_CODE_TYPE_EVAL: + if (SUHOSIN_G(executor_disable_eval)) { + suhosin_log(S_EXECUTOR|S_GETCALLER, "use of eval is forbidden by configuration"); + if (!SUHOSIN_G(simulation)) { + zend_error(E_ERROR, "SUHOSIN - Use of eval is forbidden by configuration"); + } + } + break; + + case SUHOSIN_CODE_TYPE_REGEXP: + if (SUHOSIN_G(executor_disable_emod)) { + suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration"); + if (!SUHOSIN_G(simulation)) { + zend_error(E_ERROR, "SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration"); + } + } + break; + case SUHOSIN_CODE_TYPE_MBREGEXP: /* XXX TODO: Do we want to disallow this, too? */ break; - - case SUHOSIN_CODE_TYPE_ASSERT: - break; - - case SUHOSIN_CODE_TYPE_CFUNC: - break; - + + case SUHOSIN_CODE_TYPE_ASSERT: + break; + + case SUHOSIN_CODE_TYPE_CFUNC: + break; + case SUHOSIN_CODE_TYPE_LONGNAME: suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", op_array->filename); suhosin_bailout(TSRMLS_C); @@ -565,49 +557,49 @@ not_evaled_code: suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", op_array->filename); suhosin_bailout(TSRMLS_C); break; - + case SUHOSIN_CODE_TYPE_UPLOADED: - suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file"); - suhosin_bailout(TSRMLS_C); - break; - - case SUHOSIN_CODE_TYPE_0FILE: + suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file"); + suhosin_bailout(TSRMLS_C); + break; + + case SUHOSIN_CODE_TYPE_0FILE: suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character"); suhosin_bailout(TSRMLS_C); break; - - case SUHOSIN_CODE_TYPE_WRITABLE: - suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", op_array->filename); - suhosin_bailout(TSRMLS_C); - break; - case SUHOSIN_CODE_TYPE_BLACKURL: + case SUHOSIN_CODE_TYPE_WRITABLE: + suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", op_array->filename); + suhosin_bailout(TSRMLS_C); + break; + + case SUHOSIN_CODE_TYPE_BLACKURL: suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", op_array->filename); suhosin_bailout(TSRMLS_C); break; - - case SUHOSIN_CODE_TYPE_BADURL: + + case SUHOSIN_CODE_TYPE_BADURL: suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", op_array->filename); - suhosin_bailout(TSRMLS_C); + suhosin_bailout(TSRMLS_C); break; - case SUHOSIN_CODE_TYPE_BADFILE: - cs.type = IS_STRING; + case SUHOSIN_CODE_TYPE_BADFILE: + cs.type = IS_STRING; #define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));" - cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1); - cs.value.str.len = sizeof(DIE_WITH_MSG)-1; - new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC); - if (new_op_array) { + cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1); + cs.value.str.len = sizeof(DIE_WITH_MSG)-1; + new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC); + if (new_op_array) { op_array = new_op_array; goto continue_execution; - } - suhosin_bailout(TSRMLS_C); - break; - - case SUHOSIN_CODE_TYPE_COMMANDLINE: - case SUHOSIN_CODE_TYPE_SUHOSIN: - case SUHOSIN_CODE_TYPE_UNKNOWN: - case SUHOSIN_CODE_TYPE_GOODFILE: + } + suhosin_bailout(TSRMLS_C); + break; + + case SUHOSIN_CODE_TYPE_COMMANDLINE: + case SUHOSIN_CODE_TYPE_SUHOSIN: + case SUHOSIN_CODE_TYPE_UNKNOWN: + case SUHOSIN_CODE_TYPE_GOODFILE: goto continue_execution; } @@ -640,7 +632,7 @@ static void suhosin_execute(zend_op_array *op_array TSRMLS_DC) static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC) { suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC); -} +} /* }}} */ #endif @@ -676,28 +668,28 @@ int ih_preg_replace(IH_HANDLER_PARAMS) if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|ZZ", ®ex, &replace, &subject, &limit, &zcount) == FAILURE) { return (1); } - + if (Z_TYPE_PP(regex) == IS_ARRAY) { zval **regex_entry; - + zend_hash_internal_pointer_reset(Z_ARRVAL_PP(regex)); /* For each entry in the regex array, get the entry */ while (zend_hash_get_current_data(Z_ARRVAL_PP(regex), (void **)®ex_entry) == SUCCESS) { - + if (Z_TYPE_PP(regex_entry) == IS_STRING) { if (strlen(Z_STRVAL_PP(regex_entry)) != Z_STRLEN_PP(regex_entry)) { suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected"); - if (!SUHOSIN_G(simulation)) { + if (!SUHOSIN_G(simulation)) { RETVAL_FALSE; return (1); } } } - + zend_hash_move_forward(Z_ARRVAL_PP(regex)); - + } - + } else if (Z_TYPE_PP(regex) == IS_STRING) { if (strlen(Z_STRVAL_PP(regex)) != Z_STRLEN_PP(regex)) { suhosin_log(S_EXECUTOR, "string termination attack on first preg_replace parameter detected"); @@ -707,7 +699,7 @@ int ih_preg_replace(IH_HANDLER_PARAMS) } } } - + return (0); } @@ -716,7 +708,7 @@ int ih_symlink(IH_HANDLER_PARAMS) if (SUHOSIN_G(executor_allow_symlink)) { return (0); } - + if (PG(open_basedir) && PG(open_basedir)[0]) { suhosin_log(S_EXECUTOR, "symlink called during open_basedir"); if (!SUHOSIN_G(simulation)) { @@ -724,7 +716,7 @@ int ih_symlink(IH_HANDLER_PARAMS) return (1); } } - + return (0); } @@ -796,7 +788,7 @@ int ih_mail(IH_HANDLER_PARAMS) } } } - + if (SUHOSIN_G(mailprotect) > 1) { /* search for to, cc or bcc headers */ if (headers_len > 0 && headers != NULL) { @@ -807,7 +799,7 @@ int ih_mail(IH_HANDLER_PARAMS) return (1); } } - + if (strncasecmp(headers, "cc:", sizeof("cc:") - 1) == 0 || suhosin_strcasestr(headers, "\ncc:")) { suhosin_log(S_MAIL, "mail() - CC: headers aren't allowed in the headers parameter."); if (!SUHOSIN_G(simulation)) { @@ -848,18 +840,18 @@ int ih_querycheck(IH_HANDLER_PARAMS) int cnt_union = 0, cnt_select = 0, cnt_comment = 0, cnt_opencomment = 0; int mysql_extension = 0; - + SDEBUG("function: %s", ih->name); arg_count = (unsigned long) *p; if (ht < (long) ih->arg1) { return (0); } - + if ((long) ih->arg2) { - mysql_extension = 1; + mysql_extension = 1; } - + arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */ backup = *arg; @@ -869,125 +861,125 @@ int ih_querycheck(IH_HANDLER_PARAMS) len = Z_STRLEN_P(backup); query = Z_STRVAL_P(backup); SDEBUG("SQL |%s|", query); - + s = query; e = s+len; - + while (s < e) { - switch (state) - { - case SQLSTATE_SQL: - switch (s[0]) - { - case '`': - state = SQLSTATE_IDENTIFIER; - quote = '`'; - break; - case '\'': - case '"': - state = SQLSTATE_STRING; - quote = *s; - break; - case '/': - if (s[1]=='*') { - if (mysql_extension == 1 && s[2] == '!') { - s += 2; - break; - } - s++; - state = SQLSTATE_MLCOMMENT; - cnt_comment++; - } - break; - case '-': - if (s[1]=='-') { - s++; - state = SQLSTATE_COMMENT; - cnt_comment++; - } - break; - case '#': - state = SQLSTATE_COMMENT; - cnt_comment++; - break; - case 'u': - case 'U': - if (strncasecmp("union", s, 5)==0) { - s += 4; - cnt_union++; - } - break; - case 's': - case 'S': - if (strncasecmp("select", s, 6)==0) { - s += 5; - cnt_select++; - } - break; - } - break; - case SQLSTATE_STRING: + switch (state) + { + case SQLSTATE_SQL: + switch (s[0]) + { + case '`': + state = SQLSTATE_IDENTIFIER; + quote = '`'; + break; + case '\'': + case '"': + state = SQLSTATE_STRING; + quote = *s; + break; + case '/': + if (s[1]=='*') { + if (mysql_extension == 1 && s[2] == '!') { + s += 2; + break; + } + s++; + state = SQLSTATE_MLCOMMENT; + cnt_comment++; + } + break; + case '-': + if (s[1]=='-') { + s++; + state = SQLSTATE_COMMENT; + cnt_comment++; + } + break; + case '#': + state = SQLSTATE_COMMENT; + cnt_comment++; + break; + case 'u': + case 'U': + if (strncasecmp("union", s, 5)==0) { + s += 4; + cnt_union++; + } + break; + case 's': + case 'S': + if (strncasecmp("select", s, 6)==0) { + s += 5; + cnt_select++; + } + break; + } + break; + case SQLSTATE_STRING: case SQLSTATE_IDENTIFIER: - if (s[0] == quote) { - if (s[1] == quote) { - s++; - } else { - state = SQLSTATE_SQL; - } - } - if (s[0] == '\\') { - s++; - } - break; + if (s[0] == quote) { + if (s[1] == quote) { + s++; + } else { + state = SQLSTATE_SQL; + } + } + if (s[0] == '\\') { + s++; + } + break; case SQLSTATE_COMMENT: - while (s[0] && s[0] != '\n') { - s++; - } - state = SQLSTATE_SQL; - break; - case SQLSTATE_MLCOMMENT: - while (s[0] && (s[0] != '*' || s[1] != '/')) { - s++; - } - if (s[0]) { - state = SQLSTATE_SQL; - } - break; - } - s++; + while (s[0] && s[0] != '\n') { + s++; + } + state = SQLSTATE_SQL; + break; + case SQLSTATE_MLCOMMENT: + while (s[0] && (s[0] != '*' || s[1] != '/')) { + s++; + } + if (s[0]) { + state = SQLSTATE_SQL; + } + break; + } + s++; } if (state == SQLSTATE_MLCOMMENT) { - cnt_opencomment = 1; + cnt_opencomment = 1; } - + if (cnt_opencomment && SUHOSIN_G(sql_opencomment)>0) { - suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query); - if (SUHOSIN_G(sql_opencomment)>1) { + suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query); + if (SUHOSIN_G(sql_opencomment)>1) { suhosin_bailout(TSRMLS_C); - } + } } - + if (cnt_comment && SUHOSIN_G(sql_comment)>0) { - suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query); - if (SUHOSIN_G(sql_comment)>1) { + suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query); + if (SUHOSIN_G(sql_comment)>1) { suhosin_bailout(TSRMLS_C); - } + } } if (cnt_union && SUHOSIN_G(sql_union)>0) { - suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query); - if (SUHOSIN_G(sql_union)>1) { + suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query); + if (SUHOSIN_G(sql_union)>1) { suhosin_bailout(TSRMLS_C); - } + } } if (cnt_select>1 && SUHOSIN_G(sql_mselect)>0) { - suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query); - if (SUHOSIN_G(sql_mselect)>1) { + suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query); + if (SUHOSIN_G(sql_mselect)>1) { suhosin_bailout(TSRMLS_C); - } + } } - + return (0); } @@ -1000,19 +992,19 @@ int ih_fixusername(IH_HANDLER_PARAMS) char *prefix, *postfix, *user, *user_match, *cp; zval *backup, *my_user; int prefix_len, postfix_len, len; - + SDEBUG("function (fixusername): %s", ih->name); - + prefix = SUHOSIN_G(sql_user_prefix); postfix = SUHOSIN_G(sql_user_postfix); user_match = SUHOSIN_G(sql_user_match); - + arg_count = (unsigned long) *p; if (ht < (long) ih->arg1) { return (0); } - + arg = (zval **) p - (arg_count - (long) ih->arg1 + 1); /* count from 0 */ backup = *arg; @@ -1046,18 +1038,18 @@ int ih_fixusername(IH_HANDLER_PARAMS) } prefix_len = strlen(prefix); postfix_len = strlen(postfix); - + MAKE_STD_ZVAL(my_user); my_user->type = IS_STRING; my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix); - + /* XXX: memory_leak? */ - *arg = my_user; - + *arg = my_user; + len = Z_STRLEN_P(my_user); user = Z_STRVAL_P(my_user); } - + if (user_match && user_match[0]) { #ifdef HAVE_FNMATCH if (fnmatch(user_match, user, 0) != 0) { @@ -1076,7 +1068,7 @@ int ih_fixusername(IH_HANDLER_PARAMS) } #endif } - + SDEBUG("function: %s - user: %s", ih->name, user); return (0); @@ -1105,7 +1097,7 @@ static int ih_function_exists(IH_HANDLER_PARAMS) } retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS); - + /* * A bit of a hack, but not a bad one: we see if the handler of the function * is actually one that displays "function is disabled" message. @@ -1130,7 +1122,7 @@ static int ih_function_exists(IH_HANDLER_PARAMS) } } } - + if (SUHOSIN_G(func_whitelist) != NULL) { if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) { retval = 0; @@ -1174,7 +1166,7 @@ ret: Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura, Copyright (C) 2000 - 2003, Richard J. Wagner - All rights reserved. + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -1187,8 +1179,8 @@ ret: notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. The names of its contributors may not be used to endorse or promote - products derived from this software without specific prior written + 3. The names of its contributors may not be used to endorse or promote + products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS @@ -1302,14 +1294,14 @@ static php_uint32 suhosin_mt_rand(TSRMLS_D) { /* Pull a 32-bit integer from the generator state Every other access function simply transforms the numbers extracted here */ - + register php_uint32 s1; if (SUHOSIN_G(mt_left) == 0) { suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left)); } --SUHOSIN_G(mt_left); - + s1 = *SUHOSIN_G(mt_next)++; s1 ^= (s1 >> 11); s1 ^= (s1 << 7) & 0x9d2c5680U; @@ -1329,11 +1321,11 @@ static void suhosin_gen_entropy(php_uint32 *entropybuf TSRMLS_DC) unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state); suhosin_SHA256_CTX context; int fd; - + code_value ^= code_value >> 32; stack_value ^= stack_value >> 32; heap_value ^= heap_value >> 32; - + seedbuf[0] = code_value; seedbuf[1] = stack_value; seedbuf[2] = heap_value; @@ -1372,7 +1364,7 @@ static void suhosin_gen_entropy(php_uint32 *entropybuf TSRMLS_DC) */ static void suhosin_srand_auto(TSRMLS_D) { - php_uint32 seed[8]; + php_uint32 seed[8]; suhosin_gen_entropy(&seed[0] TSRMLS_CC); suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state)); @@ -1387,7 +1379,7 @@ static void suhosin_srand_auto(TSRMLS_D) */ static void suhosin_mt_srand_auto(TSRMLS_D) { - php_uint32 seed[8]; + php_uint32 seed[8]; suhosin_gen_entropy(&seed[0] TSRMLS_CC); suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state)); @@ -1418,14 +1410,14 @@ static php_uint32 suhosin_rand(TSRMLS_D) { /* Pull a 32-bit integer from the generator state Every other access function simply transforms the numbers extracted here */ - + register php_uint32 s1; if (SUHOSIN_G(r_left) == 0) { suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left)); } --SUHOSIN_G(r_left); - + s1 = *SUHOSIN_G(r_next)++; s1 ^= (s1 >> 11); s1 ^= (s1 << 7) & 0x9d2c5680U; @@ -1443,7 +1435,7 @@ static int ih_srand(IH_HANDLER_PARAMS) SUHOSIN_G(r_is_seeded) = 0; return 1; } - + if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) { return 1; } @@ -1465,7 +1457,7 @@ static int ih_mt_srand(IH_HANDLER_PARAMS) SUHOSIN_G(mt_is_seeded) = 0; return 1; } - + if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE) { return 1; } @@ -1486,7 +1478,7 @@ static int ih_mt_rand(IH_HANDLER_PARAMS) long number; if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { - return (1); + return (1); } if (!SUHOSIN_G(mt_is_seeded)) { @@ -1510,7 +1502,7 @@ static int ih_rand(IH_HANDLER_PARAMS) long number; if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { - return (1); + return (1); } if (!SUHOSIN_G(r_is_seeded)) { @@ -1540,16 +1532,16 @@ internal_function_handler ihandlers[] = { { "preg_replace", ih_preg_replace, NULL, NULL, NULL }, { "mail", ih_mail, NULL, NULL, NULL }, { "symlink", ih_symlink, NULL, NULL, NULL }, - + { "srand", ih_srand, NULL, NULL, NULL }, { "mt_srand", ih_mt_srand, NULL, NULL, NULL }, { "rand", ih_rand, NULL, NULL, NULL }, { "mt_rand", ih_mt_rand, NULL, NULL, NULL }, { "getrandmax", ih_getrandmax, NULL, NULL, NULL }, { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL }, - + { "function_exists", ih_function_exists, NULL, NULL, NULL }, - + /* Mysqli */ { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL }, { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL }, @@ -1557,7 +1549,7 @@ internal_function_handler ihandlers[] = { { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL }, { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL }, { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL }, - + { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL }, { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL }, { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL }, @@ -1572,14 +1564,14 @@ internal_function_handler ihandlers[] = { { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL }, { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL }, // ---- - + /* Mysql API - deprecated in PHP 5.5 */ { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL }, { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL }, { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL }, { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL }, { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL }, - + #ifdef SUHOSIN_EXPERIMENTAL /* MaxDB */ { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL }, @@ -1588,7 +1580,7 @@ internal_function_handler ihandlers[] = { { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL }, { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL }, { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL }, - + { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL }, { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL }, { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL }, @@ -1607,7 +1599,7 @@ internal_function_handler ihandlers[] = { { "pdo::query", ih_querycheck, (void *)1, NULL, NULL }, { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL }, { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL }, - + /* Oracle OCI8 */ { "ocilogon", ih_fixusername, (void *)1, NULL, NULL }, { "ociplogon", ih_fixusername, (void *)1, NULL, NULL }, @@ -1653,7 +1645,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, zend_f zval **return_value_ptr; zval *this_ptr; int ht; - + if (fci) { return_value = *fci->retval_ptr_ptr; return_value_ptr = fci->retval_ptr_ptr; @@ -1666,7 +1658,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, zend_f return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL; this_ptr = execute_data_ptr->object; ht = execute_data_ptr->opline->extended_value; - } + } #else static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC) { @@ -1681,7 +1673,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope; lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name; function_name_strlen = strlen(lcname); - + /* handle methodcalls correctly */ if (ce != NULL) { char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1); @@ -1695,14 +1687,14 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re zend_str_tolower(lcname, function_name_strlen); } -#if PHP_VERSION_ID < 50500 +#if PHP_VERSION_ID < 50500 return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr; #endif SDEBUG("function: %s", lcname); if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { - + if (SUHOSIN_G(eval_whitelist) != NULL) { if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, function_name_strlen+1)) { suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of eval whitelist called: %s()", lcname); @@ -1723,7 +1715,7 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re } } } - + if (SUHOSIN_G(func_whitelist) != NULL) { if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, function_name_strlen+1)) { suhosin_log(S_EXECUTOR|S_GETCALLER, "function outside of whitelist called: %s()", lcname); @@ -1743,16 +1735,16 @@ static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int re } } } - + if (zend_hash_find(&ihandler_table, lcname, function_name_strlen+1, (void **)&ih) == SUCCESS) { - + int retval = 0; void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler; - + if (handler != ZEND_FN(display_disabled_function)) { retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU); } - + if (retval == 0) { #if PHP_VERSION_ID >= 50500 old_execute_internal(execute_data_ptr, fci, return_value_used TSRMLS_CC); @@ -1788,12 +1780,10 @@ static int function_lookup(zend_extension *extension) if (zo_set_oe_ex != NULL) { return ZEND_HASH_APPLY_STOP; } - - if (extension->handle != NULL) { - zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex"); - - } + if (extension->handle != NULL) { + zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex"); + } return 0; } @@ -1809,19 +1799,19 @@ void suhosin_hook_execute(TSRMLS_D) #if PHP_VERSION_ID >= 50500 old_execute_ex = zend_execute_ex; zend_execute_ex = suhosin_execute_ex; -#else +#else old_execute = zend_execute; zend_execute = suhosin_execute; #endif - + /* old_compile_file = zend_compile_file; zend_compile_file = suhosin_compile_file; */ #if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED - if (zo_set_oe_ex == NULL) { + if (zo_set_oe_ex == NULL) { zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex"); } - if (zo_set_oe_ex == NULL) { + if (zo_set_oe_ex == NULL) { zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup TSRMLS_CC); } @@ -1829,7 +1819,7 @@ void suhosin_hook_execute(TSRMLS_D) old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO); } #endif - + old_execute_internal = zend_execute_internal; if (old_execute_internal == NULL) { old_execute_internal = execute_internal; @@ -1842,14 +1832,14 @@ void suhosin_hook_execute(TSRMLS_D) zend_hash_add(&ihandler_table, ih->name, strlen(ih->name)+1, ih, sizeof(internal_function_handler), NULL); ih++; } - - + + /* Add additional protection layer, that SHOULD catch ZEND_INCLUDE_OR_EVAL *before* the engine tries to execute */ old_zend_stream_open = zend_stream_open_function; zend_stream_open_function = suhosin_zend_stream_open; - + } /* }}} */ @@ -1864,12 +1854,12 @@ void suhosin_unhook_execute() } #endif -#if PHP_VERSION_ID >= 50500 +#if PHP_VERSION_ID >= 50500 zend_execute_ex = old_execute_ex; #else zend_execute = old_execute; #endif - + /* zend_compile_file = old_compile_file; */ if (old_execute_internal == execute_internal) { @@ -1877,10 +1867,10 @@ void suhosin_unhook_execute() } zend_execute_internal = old_execute_internal; zend_hash_clean(&ihandler_table); - + /* remove zend_open protection */ zend_stream_open_function = old_zend_stream_open; - + } /* }}} */ diff --git a/header.c b/header.c index 6648df0..71982b6 100644 --- a/header.c +++ b/header.c @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ /* - $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ + $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -40,12 +40,12 @@ char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int v int l; buf = estrndup(name, name_len); - - + + name_len = php_url_decode(buf, name_len); normalize_varname(buf); name_len = strlen(buf); - + if (SUHOSIN_G(cookie_plainlist)) { if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { encrypt_return_plain: @@ -57,11 +57,11 @@ encrypt_return_plain: goto encrypt_return_plain; } } - + buf2 = estrndup(value, value_len); - + value_len = php_url_decode(buf2, value_len); - + d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); d_url = php_url_encode(d, strlen(d), &l); efree(d); @@ -72,25 +72,25 @@ encrypt_return_plain: char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC) { - int o_name_len = name_len; + int o_name_len = name_len; char *buf, *buf2, *d, *d_url; int l; buf = estrndup(name, name_len); - + name_len = php_url_decode(buf, name_len); normalize_varname(buf); name_len = strlen(buf); - + if (SUHOSIN_G(cookie_plainlist)) { if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { decrypt_return_plain: efree(buf); - memcpy(*where, name, o_name_len); - *where += o_name_len; - **where = '='; *where +=1; - memcpy(*where, value, value_len); - *where += value_len; + memcpy(*where, name, o_name_len); + *where += o_name_len; + **where = '='; *where +=1; + memcpy(*where, value, value_len); + *where += value_len; return *where; } } else if (SUHOSIN_G(cookie_cryptlist)) { @@ -98,21 +98,21 @@ decrypt_return_plain: goto decrypt_return_plain; } } - - + + buf2 = estrndup(value, value_len); - + value_len = php_url_decode(buf2, value_len); - + d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC); - if (d == NULL) { - goto skip_cookie; - } + if (d == NULL) { + goto skip_cookie; + } d_url = php_url_encode(d, l, &l); efree(d); - memcpy(*where, name, o_name_len); - *where += o_name_len; - **where = '=';*where += 1; + memcpy(*where, name, o_name_len); + *where += o_name_len; + **where = '=';*where += 1; memcpy(*where, d_url, l); *where += l; efree(d_url); @@ -141,28 +141,28 @@ char *suhosin_cookie_decryptor(TSRMLS_D) ret = decrypted = emalloc(strlen(raw_cookie)*4+1); raw_cookie = estrdup(raw_cookie); - SUHOSIN_G(raw_cookie) = estrdup(raw_cookie); + SUHOSIN_G(raw_cookie) = estrdup(raw_cookie); + - j = 0; tmp = raw_cookie; while (*tmp) { char *d_url;int varlen; while (*tmp == '\t' || *tmp == ' ') tmp++; var = tmp; while (*tmp && *tmp != ';' && *tmp != '=') tmp++; - + varlen = tmp-var; /*memcpy(decrypted, var, varlen); decrypted += varlen;*/ if (*tmp == 0) break; - + if (*tmp++ == ';') { *decrypted++ = ';'; continue; } - + /**decrypted++ = '=';*/ - + val = tmp; while (*tmp && *tmp != ';') tmp++; @@ -170,16 +170,16 @@ char *suhosin_cookie_decryptor(TSRMLS_D) if (*tmp == ';') { *decrypted++ = ';'; } - + if (*tmp == 0) break; tmp++; } *decrypted++ = 0; ret = erealloc(ret, decrypted-ret); - + SUHOSIN_G(decrypted_cookie) = ret; efree(raw_cookie); - + return ret; } /* }}} */ @@ -194,9 +194,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) { goto suhosin_skip_header_handling; } - + if (sapi_header && sapi_header->header) { - + tmp = sapi_header->header; for (i=0; iheader_len; i++, tmp++) { @@ -214,7 +214,7 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum } if (SUHOSIN_G(allow_multiheader)) { continue; - } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || + } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { char *fname = (char *)get_active_function_name(TSRMLS_C); @@ -236,8 +236,8 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) { char *start, *end, *rend, *tmp; - char *name, *value; - int nlen, vlen, len, tlen; + char *name, *value; + int nlen, vlen, len, tlen; char cryptkey[33]; suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); @@ -264,9 +264,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum } vlen = end-value; - value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC); + value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC); vlen = strlen(value); - + len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end; tmp = emalloc(len + 1); tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value); @@ -321,5 +321,3 @@ void suhosin_unhook_header_handler() * vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */ - - diff --git a/ifilter.c b/ifilter.c index fc25a55..43df750 100644 --- a/ifilter.c +++ b/ifilter.c @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ /* - $Id: ifilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ + $Id: ifilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -67,12 +67,12 @@ size_t suhosin_strncspn(const char *input, size_t n, const char *reject) void normalize_varname(char *varname) { char *s=varname, *index=NULL, *indexend=NULL, *p; - + /* overjump leading space */ while (*s == ' ') { s++; } - + /* and remove it */ if (s != varname) { memmove(varname, s, strlen(s)+1); @@ -104,7 +104,7 @@ void normalize_varname(char *varname) } indexend = strchr(index, ']'); indexend = indexend ? indexend + 1 : index + strlen(index); - + if (s != index) { memmove(s, index, strlen(index)+1); s += indexend-index; @@ -117,7 +117,7 @@ void normalize_varname(char *varname) index = s; } else { index = NULL; - } + } } *s++='\0'; } @@ -153,7 +153,7 @@ static void suhosin_server_strip(HashTable *arr, char *key, int klen) if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && Z_TYPE_PP(tzval) == IS_STRING) { - + s = t = (unsigned char *)Z_STRVAL_PP(tzval); for (; *t; t++) { if (suhosin_is_dangerous_char[*t]) { @@ -175,20 +175,20 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen) if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && Z_TYPE_PP(tzval) == IS_STRING) { - + temp = (unsigned char *)Z_STRVAL_PP(tzval); - + for (t = temp; *t; t++) { if (suhosin_is_dangerous_char[*t]) { extra += 2; } } - + /* no extra bytes required */ if (extra == 0) { return; } - + n = newv = emalloc(t - temp + 1 + extra); t = temp; for (t = temp; *t; t++, n++) { @@ -201,7 +201,7 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen) } } *n = 0; - + /* XXX: we leak memory here, but only for the duration of the request */ Z_STRVAL_PP(tzval) = (char *)newv; Z_STRLEN_PP(tzval) = n-newv; @@ -251,7 +251,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC) if (failure) { suhosin_log(S_VARS, "Attacker tried to overwrite a superglobal through a HTTP header"); } - + if (SUHOSIN_G(raw_cookie)) { zval *z; MAKE_STD_ZVAL(z); @@ -265,7 +265,7 @@ void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC) zend_hash_update(svars, "HTTP_COOKIE", sizeof("HTTP_COOKIE"), (void **)&z, sizeof(zval *), NULL); SUHOSIN_G(decrypted_cookie) = NULL; } - + if (SUHOSIN_G(server_encode)) { /* suhosin_server_encode(svars, "argv", sizeof("argv")); */ suhosin_server_encode(svars, "REQUEST_URI", sizeof("REQUEST_URI")); @@ -290,14 +290,14 @@ unsigned int suhosin_input_filter_wrapper(int arg, char *var, char **val, unsign { zend_bool already_scanned = SUHOSIN_G(already_scanned); SUHOSIN_G(already_scanned) = 0; - + if (SUHOSIN_G(do_not_scan)) { if (new_val_len) { *new_val_len = val_len; } - return 1; + return 1; } - + if (!already_scanned) { if (suhosin_input_filter(arg, var, val, val_len, new_val_len TSRMLS_CC)==0) { SUHOSIN_G(abort_request)=1; @@ -329,66 +329,66 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } /* Drop this variable if the limit was reached */ - switch (arg) { - case PARSE_GET: - SUHOSIN_G(att_get_vars)++; - SUHOSIN_G(att_request_variables)++; - if (SUHOSIN_G(no_more_get_variables)) { - return 0; - } - break; - case PARSE_POST: - SUHOSIN_G(att_post_vars)++; - SUHOSIN_G(att_request_variables)++; - if (SUHOSIN_G(no_more_post_variables)) { - return 0; - } - break; - case PARSE_COOKIE: - SUHOSIN_G(att_cookie_vars)++; - SUHOSIN_G(att_request_variables)++; - if (SUHOSIN_G(no_more_cookie_variables)) { - return 0; - } - break; - default: /* we do not want to protect parse_str() and friends */ - if (new_val_len) { - *new_val_len = val_len; - } - return 1; - } - - /* Drop this variable if the limit is now reached */ switch (arg) { - case PARSE_GET: + case PARSE_GET: + SUHOSIN_G(att_get_vars)++; + SUHOSIN_G(att_request_variables)++; + if (SUHOSIN_G(no_more_get_variables)) { + return 0; + } + break; + case PARSE_POST: + SUHOSIN_G(att_post_vars)++; + SUHOSIN_G(att_request_variables)++; + if (SUHOSIN_G(no_more_post_variables)) { + return 0; + } + break; + case PARSE_COOKIE: + SUHOSIN_G(att_cookie_vars)++; + SUHOSIN_G(att_request_variables)++; + if (SUHOSIN_G(no_more_cookie_variables)) { + return 0; + } + break; + default: /* we do not want to protect parse_str() and friends */ + if (new_val_len) { + *new_val_len = val_len; + } + return 1; + } + +/* Drop this variable if the limit is now reached */ + switch (arg) { + case PARSE_GET: if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) { suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var); if (!SUHOSIN_G(simulation)) { - SUHOSIN_G(no_more_get_variables) = 1; + SUHOSIN_G(no_more_get_variables) = 1; return 0; } } break; - case PARSE_COOKIE: + case PARSE_COOKIE: if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) { suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var); if (!SUHOSIN_G(simulation)) { - SUHOSIN_G(no_more_cookie_variables) = 1; + SUHOSIN_G(no_more_cookie_variables) = 1; return 0; } } break; - case PARSE_POST: + case PARSE_POST: if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) { suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var); if (!SUHOSIN_G(simulation)) { - SUHOSIN_G(no_more_post_variables) = 1; - return 0; + SUHOSIN_G(no_more_post_variables) = 1; + return 0; } } break; } - + /* Drop this variable if it begins with whitespace which is disallowed */ if (isspace(*var)) { if (SUHOSIN_G(disallow_ws)) { @@ -398,33 +398,33 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } switch (arg) { - case PARSE_GET: - if (SUHOSIN_G(disallow_get_ws)) { - suhosin_log(S_VARS, "GET variable name begins with disallowed whitespace - dropped variable '%s'", var); - if (!SUHOSIN_G(simulation)) { - return 0; - } - } - break; - case PARSE_POST: - if (SUHOSIN_G(disallow_post_ws)) { - suhosin_log(S_VARS, "POST variable name begins with disallowed whitespace - dropped variable '%s'", var); - if (!SUHOSIN_G(simulation)) { - return 0; - } - } - break; - case PARSE_COOKIE: - if (SUHOSIN_G(disallow_cookie_ws)) { - suhosin_log(S_VARS, "COOKIE variable name begins with disallowed whitespace - dropped variable '%s'", var); - if (!SUHOSIN_G(simulation)) { - return 0; - } - } - break; + case PARSE_GET: + if (SUHOSIN_G(disallow_get_ws)) { + suhosin_log(S_VARS, "GET variable name begins with disallowed whitespace - dropped variable '%s'", var); + if (!SUHOSIN_G(simulation)) { + return 0; + } + } + break; + case PARSE_POST: + if (SUHOSIN_G(disallow_post_ws)) { + suhosin_log(S_VARS, "POST variable name begins with disallowed whitespace - dropped variable '%s'", var); + if (!SUHOSIN_G(simulation)) { + return 0; + } + } + break; + case PARSE_COOKIE: + if (SUHOSIN_G(disallow_cookie_ws)) { + suhosin_log(S_VARS, "COOKIE variable name begins with disallowed whitespace - dropped variable '%s'", var); + if (!SUHOSIN_G(simulation)) { + return 0; + } + } + break; } } - + /* Drop this variable if it exceeds the value length limit */ if (SUHOSIN_G(max_value_length) && SUHOSIN_G(max_value_length) < val_len) { suhosin_log(S_VARS, "configured request variable value length limit exceeded - dropped variable '%s'", var); @@ -433,7 +433,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } switch (arg) { - case PARSE_GET: + case PARSE_GET: if (SUHOSIN_G(max_get_value_length) && SUHOSIN_G(max_get_value_length) < val_len) { suhosin_log(S_VARS, "configured GET variable value length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -441,7 +441,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_COOKIE: + case PARSE_COOKIE: if (SUHOSIN_G(max_cookie_value_length) && SUHOSIN_G(max_cookie_value_length) < val_len) { suhosin_log(S_VARS, "configured COOKIE variable value length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -449,7 +449,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_POST: + case PARSE_POST: if (SUHOSIN_G(max_post_value_length) && SUHOSIN_G(max_post_value_length) < val_len) { suhosin_log(S_VARS, "configured POST variable value length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -458,15 +458,15 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } break; } - + /* Normalize the variable name */ normalize_varname(var); - + /* Find length of variable name */ index = strchr(var, '['); total_len = strlen(var); var_len = index ? index-var : total_len; - + /* Drop this variable if it exceeds the varname/total length limit */ if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) { suhosin_log(S_VARS, "configured request variable name length limit exceeded - dropped variable '%s'", var); @@ -481,7 +481,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } switch (arg) { - case PARSE_GET: + case PARSE_GET: if (SUHOSIN_G(max_get_name_length) && SUHOSIN_G(max_get_name_length) < var_len) { suhosin_log(S_VARS, "configured GET variable name length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -495,7 +495,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_COOKIE: + case PARSE_COOKIE: if (SUHOSIN_G(max_cookie_name_length) && SUHOSIN_G(max_cookie_name_length) < var_len) { suhosin_log(S_VARS, "configured COOKIE variable name length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -509,7 +509,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_POST: + case PARSE_POST: if (SUHOSIN_G(max_post_name_length) && SUHOSIN_G(max_post_name_length) < var_len) { suhosin_log(S_VARS, "configured POST variable name length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -524,59 +524,59 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } break; } - + /* Find out array depth */ while (index) { char *index_end; unsigned int index_length; - + /* overjump '[' */ index++; - + /* increase array depth */ depth++; - + index_end = strchr(index, ']'); if (index_end == NULL) { index_end = index+strlen(index); } - + index_length = index_end - index; - + /* max. array index length */ if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { return 0; } - } + } switch (arg) { - case PARSE_GET: + case PARSE_GET: if (SUHOSIN_G(max_get_array_index_length) && SUHOSIN_G(max_get_array_index_length) < index_length) { suhosin_log(S_VARS, "configured GET variable array index length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { return 0; } - } + } break; - case PARSE_COOKIE: + case PARSE_COOKIE: if (SUHOSIN_G(max_cookie_array_index_length) && SUHOSIN_G(max_cookie_array_index_length) < index_length) { suhosin_log(S_VARS, "configured COOKIE variable array index length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { return 0; } - } + } break; - case PARSE_POST: + case PARSE_POST: if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) { suhosin_log(S_VARS, "configured POST variable array index length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { return 0; } - } + } break; } - + /* index whitelist/blacklist */ if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { @@ -593,10 +593,10 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } } - + index = strchr(index, '['); } - + /* Drop this variable if it exceeds the array depth limit */ if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) { suhosin_log(S_VARS, "configured request variable array depth limit exceeded - dropped variable '%s'", var); @@ -605,7 +605,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } switch (arg) { - case PARSE_GET: + case PARSE_GET: if (SUHOSIN_G(max_get_array_depth) && SUHOSIN_G(max_get_array_depth) < depth) { suhosin_log(S_VARS, "configured GET variable array depth limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -613,7 +613,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_COOKIE: + case PARSE_COOKIE: if (SUHOSIN_G(max_cookie_array_depth) && SUHOSIN_G(max_cookie_array_depth) < depth) { suhosin_log(S_VARS, "configured COOKIE variable array depth limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -621,7 +621,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_POST: + case PARSE_POST: if (SUHOSIN_G(max_post_array_depth) && SUHOSIN_G(max_post_array_depth) < depth) { suhosin_log(S_VARS, "configured POST variable array depth limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -632,9 +632,9 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } /* Check if variable value is truncated by a \0 */ - + if (val && *val && val_len != strnlen(*val, val_len)) { - + if (SUHOSIN_G(disallow_nul)) { suhosin_log(S_VARS, "ASCII-NUL chars not allowed within request variables - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -642,7 +642,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } switch (arg) { - case PARSE_GET: + case PARSE_GET: if (SUHOSIN_G(disallow_get_nul)) { suhosin_log(S_VARS, "ASCII-NUL chars not allowed within GET variables - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -650,7 +650,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_COOKIE: + case PARSE_COOKIE: if (SUHOSIN_G(disallow_cookie_nul)) { suhosin_log(S_VARS, "ASCII-NUL chars not allowed within COOKIE variables - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -658,7 +658,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v } } break; - case PARSE_POST: + case PARSE_POST: if (SUHOSIN_G(disallow_post_nul)) { suhosin_log(S_VARS, "ASCII-NUL chars not allowed within POST variables - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { @@ -668,7 +668,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v break; } } - + /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ /* This is to protect several silly scripts that do globalizing themself */ if (suhosin_is_protected_varname(var, var_len)) { @@ -681,17 +681,17 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v /* Okay let PHP register this variable */ SUHOSIN_G(cur_request_variables)++; switch (arg) { - case PARSE_GET: + case PARSE_GET: SUHOSIN_G(cur_get_vars)++; break; - case PARSE_COOKIE: + case PARSE_COOKIE: SUHOSIN_G(cur_cookie_vars)++; break; - case PARSE_POST: + case PARSE_POST: SUHOSIN_G(cur_post_vars)++; break; } - + if (new_val_len) { *new_val_len = val_len; } @@ -722,5 +722,3 @@ void suhosin_hook_register_server_variables() * vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */ - - diff --git a/php_suhosin.h b/php_suhosin.h index 326ceb2..a3d6de1 100644 --- a/php_suhosin.h +++ b/php_suhosin.h @@ -36,7 +36,7 @@ {FILE *f;f=fopen(SUHOSIN_LOG, "a+");if(f){fprintf(f,"[%u] ",getpid());fprintf(f, msg);fprintf(f,"\n");fclose(f);}} #else #define SDEBUG(msg...) -#endif +#endif #endif #ifndef PHP_VERSION_ID @@ -124,7 +124,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) zend_uint in_code_type; long execution_depth; zend_bool simulation; - zend_bool stealth; + zend_bool stealth; zend_bool protectkey; zend_bool executor_allow_symlink; char *filter_action; @@ -135,7 +135,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) long sql_opencomment; long sql_union; long sql_mselect; - + long max_execution_depth; zend_bool abort_request; long executor_include_max_traversal; @@ -212,7 +212,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) zend_bool upload_allow_utf8; #endif char *upload_verification_script; - + zend_bool no_more_variables; zend_bool no_more_get_variables; zend_bool no_more_post_variables; @@ -237,13 +237,13 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) char *log_filename; zend_bool log_file_time; long log_max_error_length; - + /* header handler */ zend_bool allow_multiheader; /* mailprotect */ long mailprotect; - + /* memory_limit */ long memory_limit; long hard_memory_limit; @@ -263,18 +263,18 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) BYTE fi[24],ri[24]; WORD fkey[120]; WORD rkey[120]; - + zend_bool session_encrypt; char* session_cryptkey; zend_bool session_cryptua; zend_bool session_cryptdocroot; long session_cryptraddr; long session_checkraddr; - + long session_max_id_length; - + char* decrypted_cookie; - char* raw_cookie; + char* raw_cookie; zend_bool cookie_encrypt; char* cookie_cryptkey; zend_bool cookie_cryptua; @@ -283,30 +283,30 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) long cookie_checkraddr; HashTable *cookie_plainlist; HashTable *cookie_cryptlist; - + zend_bool coredump; zend_bool apc_bug_workaround; zend_bool already_scanned; - zend_bool do_not_scan; - + zend_bool do_not_scan; + zend_bool server_encode; zend_bool server_strip; - + zend_bool disable_display_errors; - php_uint32 r_state[625]; - php_uint32 *r_next; - int r_left; - zend_bool srand_ignore; - zend_bool mt_srand_ignore; - php_uint32 mt_state[625]; - php_uint32 *mt_next; - int mt_left; + php_uint32 r_state[625]; + php_uint32 *r_next; + int r_left; + zend_bool srand_ignore; + zend_bool mt_srand_ignore; + php_uint32 mt_state[625]; + php_uint32 *mt_next; + int mt_left; char *seedingkey; zend_bool reseed_every_request; - zend_bool r_is_seeded; + zend_bool r_is_seeded; zend_bool mt_is_seeded; /* PERDIR Handling */ diff --git a/session.c b/session.c index 10c1652..b89aa7f 100644 --- a/session.c +++ b/session.c @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ /* - $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ + $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -57,55 +57,55 @@ ps_serializer *(*suhosin_find_ps_serializer)(char *name TSRMLS_DC) = NULL; int suhosin_session_encode(char **newstr, int *newlen TSRMLS_DC) { - smart_str buf = {0}; - php_serialize_data_t var_hash; - PS_ENCODE_VARS; - - PHP_VAR_SERIALIZE_INIT(var_hash); - - PS_ENCODE_LOOP( - smart_str_appendl(&buf, key, key_length); - if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) { - PHP_VAR_SERIALIZE_DESTROY(var_hash); - smart_str_free(&buf); - return FAILURE; - } - smart_str_appendc(&buf, PS_DELIMITER); - - php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); - } else { - smart_str_appendc(&buf, PS_UNDEF_MARKER); - smart_str_appendl(&buf, key, key_length); - smart_str_appendc(&buf, PS_DELIMITER); - ); - - if (newlen) { - *newlen = buf.len; - } - smart_str_0(&buf); - *newstr = buf.c; - - PHP_VAR_SERIALIZE_DESTROY(var_hash); - return SUCCESS; + smart_str buf = {0}; + php_serialize_data_t var_hash; + PS_ENCODE_VARS; + + PHP_VAR_SERIALIZE_INIT(var_hash); + + PS_ENCODE_LOOP( + smart_str_appendl(&buf, key, key_length); + if (key[0] == PS_UNDEF_MARKER || memchr(key, PS_DELIMITER, key_length)) { + PHP_VAR_SERIALIZE_DESTROY(var_hash); + smart_str_free(&buf); + return FAILURE; + } + smart_str_appendc(&buf, PS_DELIMITER); + + php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); + } else { + smart_str_appendc(&buf, PS_UNDEF_MARKER); + smart_str_appendl(&buf, key, key_length); + smart_str_appendc(&buf, PS_DELIMITER); + ); + + if (newlen) { + *newlen = buf.len; + } + smart_str_0(&buf); + *newstr = buf.c; + + PHP_VAR_SERIALIZE_DESTROY(var_hash); + return SUCCESS; } static void suhosin_send_cookie(TSRMLS_D) { - int * session_send_cookie = &SESSION_G(send_cookie); - char * base; - zend_ini_entry *ini_entry; - - /* The following is requires to be 100% compatible to PHP - versions where the hash extension is not available by default */ - if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) { + int * session_send_cookie = &SESSION_G(send_cookie); + char * base; + zend_ini_entry *ini_entry; + + /* The following is requires to be 100% compatible to PHP + versions where the hash extension is not available by default */ + if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) { #ifndef ZTS - base = (char *) ini_entry->mh_arg2; + base = (char *) ini_entry->mh_arg2; #else - base = (char *) ts_resource(*((int *) ini_entry->mh_arg2)); + base = (char *) ts_resource(*((int *) ini_entry->mh_arg2)); #endif - session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long)); - } - *session_send_cookie = 1; + session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long)); + } + *session_send_cookie = 1; } @@ -115,255 +115,255 @@ static int (*old_SessionRINIT)(INIT_FUNC_ARGS) = NULL; static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC) { - int r; - - int i;char *v,*KEY=(char *)key; + int r; + + int i;char *v,*KEY=(char *)key; - /* protect session vars */ + /* protect session vars */ /* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { - SESSION_G(http_session_vars)->refcount++; - }*/ - - /* protect dumb session handlers */ - if (key == NULL || !key[0] || + SESSION_G(http_session_vars)->refcount++; + }*/ + + /* protect dumb session handlers */ + if (key == NULL || !key[0] || (*mod_data == NULL && !SESSION_G(mod_user_implemented) )) { regenerate: - SDEBUG("regenerating key is %s", key); - KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC); - suhosin_send_cookie(TSRMLS_C); - } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) { - suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY); - if (!SUHOSIN_G(simulation)) { - goto regenerate; - } - } - - r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC); - - if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) { - char cryptkey[33]; - - SUHOSIN_G(do_not_scan) = 1; - suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); - - v = *val; - i = *vallen; - *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC); - SUHOSIN_G(do_not_scan) = 0; - if (*val == NULL) { - *val = estrndup("", 0); - *vallen = 0; - } - efree(v); - } - - return r; + SDEBUG("regenerating key is %s", key); + KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC); + suhosin_send_cookie(TSRMLS_C); + } else if (strlen(key) > SUHOSIN_G(session_max_id_length)) { + suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", KEY); + if (!SUHOSIN_G(simulation)) { + goto regenerate; + } + } + + r = SUHOSIN_G(old_s_read)(mod_data, KEY, val, vallen TSRMLS_CC); + + if (r == SUCCESS && SUHOSIN_G(session_encrypt) && *vallen > 0) { + char cryptkey[33]; + + SUHOSIN_G(do_not_scan) = 1; + suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); + + v = *val; + i = *vallen; + *val = suhosin_decrypt_string(v, i, "", 0, (char *)&cryptkey, vallen, SUHOSIN_G(session_checkraddr) TSRMLS_CC); + SUHOSIN_G(do_not_scan) = 0; + if (*val == NULL) { + *val = estrndup("", 0); + *vallen = 0; + } + efree(v); + } + + return r; } static int suhosin_hook_s_write(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC) { - int r; + int r; /* int nullify = 0;*/ - char *v = (char *)val; + char *v = (char *)val; - /* protect dumb session handlers */ - if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || + /* protect dumb session handlers */ + if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || (*mod_data == NULL && !SESSION_G(mod_user_implemented) )) { - r = FAILURE; - goto return_write; - } - - r = vallen; - - if (r > 0 && SUHOSIN_G(session_encrypt)) { - char cryptkey[33]; - - SUHOSIN_G(do_not_scan) = 1; - - suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); - - v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC); - - SUHOSIN_G(do_not_scan) = 0; - r = strlen(v); - } - - r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC); - + r = FAILURE; + goto return_write; + } + + r = vallen; + + if (r > 0 && SUHOSIN_G(session_encrypt)) { + char cryptkey[33]; + + SUHOSIN_G(do_not_scan) = 1; + + suhosin_generate_key(SUHOSIN_G(session_cryptkey), SUHOSIN_G(session_cryptua), SUHOSIN_G(session_cryptdocroot), SUHOSIN_G(session_cryptraddr), (char *)&cryptkey TSRMLS_CC); + + v = suhosin_encrypt_string(v, vallen, "", 0, (char *)&cryptkey TSRMLS_CC); + + SUHOSIN_G(do_not_scan) = 0; + r = strlen(v); + } + + r = SUHOSIN_G(old_s_write)(mod_data, key, v, r TSRMLS_CC); + return_write: - /* protect session vars */ + /* protect session vars */ /* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { - if (SESSION_G(http_session_vars)->refcount==1) { - nullify = 1; - } - zval_ptr_dtor(&SESSION_G(http_session_vars)); - if (nullify) { - suhosin_log(S_SESSION, "possible session variables double free attack stopped"); - SESSION_G(http_session_vars) = NULL; - } - }*/ - - return r; + if (SESSION_G(http_session_vars)->refcount==1) { + nullify = 1; + } + zval_ptr_dtor(&SESSION_G(http_session_vars)); + if (nullify) { + suhosin_log(S_SESSION, "possible session variables double free attack stopped"); + SESSION_G(http_session_vars) = NULL; + } + }*/ + + return r; } static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC) { - int r; + int r; - /* protect dumb session handlers */ - if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || + /* protect dumb session handlers */ + if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || (*mod_data == NULL && !SESSION_G(mod_user_implemented) )) { - return FAILURE; - } - - r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC); - - return r; + return FAILURE; + } + + r = SUHOSIN_G(old_s_destroy)(mod_data, key TSRMLS_CC); + + return r; } static void suhosin_hook_session_module(TSRMLS_D) { - ps_module *old_mod = SESSION_G(mod), *mod; - - if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) { - return; - } - - if (SUHOSIN_G(s_module) == NULL) { - SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module)); - if (mod == NULL) { - return; - } - } - - SUHOSIN_G(s_original_mod) = old_mod; - - mod = SUHOSIN_G(s_module); - memcpy(mod, old_mod, sizeof(ps_module)); - - SUHOSIN_G(old_s_read) = mod->s_read; - mod->s_read = suhosin_hook_s_read; - SUHOSIN_G(old_s_write) = mod->s_write; - mod->s_write = suhosin_hook_s_write; - SUHOSIN_G(old_s_destroy) = mod->s_destroy; - mod->s_destroy = suhosin_hook_s_destroy; - - SESSION_G(mod) = mod; + ps_module *old_mod = SESSION_G(mod), *mod; + + if (old_mod == NULL || SUHOSIN_G(s_module) == old_mod) { + return; + } + + if (SUHOSIN_G(s_module) == NULL) { + SUHOSIN_G(s_module) = mod = malloc(sizeof(ps_module)); + if (mod == NULL) { + return; + } + } + + SUHOSIN_G(s_original_mod) = old_mod; + + mod = SUHOSIN_G(s_module); + memcpy(mod, old_mod, sizeof(ps_module)); + + SUHOSIN_G(old_s_read) = mod->s_read; + mod->s_read = suhosin_hook_s_read; + SUHOSIN_G(old_s_write) = mod->s_write; + mod->s_write = suhosin_hook_s_write; + SUHOSIN_G(old_s_destroy) = mod->s_destroy; + mod->s_destroy = suhosin_hook_s_destroy; + + SESSION_G(mod) = mod; } static PHP_INI_MH(suhosin_OnUpdateSaveHandler) { - int r; + int r; - if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod) - && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) { - return SUCCESS; - } + if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod) + && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) { + return SUCCESS; + } - SESSION_G(mod) = SUHOSIN_G(s_original_mod); + SESSION_G(mod) = SUHOSIN_G(s_original_mod); - r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); - - suhosin_hook_session_module(TSRMLS_C); + r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); - return r; + suhosin_hook_session_module(TSRMLS_C); + + return r; } static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS) { - if (SESSION_G(mod) == NULL) { - char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0); - - if (value) { - suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC); - } - } - return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU); + if (SESSION_G(mod) == NULL) { + char *value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0); + + if (value) { + suhosin_OnUpdateSaveHandler(NULL, value, strlen(value), NULL, NULL, NULL, 0 TSRMLS_CC); + } + } + return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU); } void suhosin_hook_session(TSRMLS_D) { - ps_serializer *serializer; - zend_ini_entry *ini_entry; - zend_module_entry *module; + ps_serializer *serializer; + zend_ini_entry *ini_entry; + zend_module_entry *module; #ifdef ZTS - ts_rsrc_id *ps_globals_id_ptr; + ts_rsrc_id *ps_globals_id_ptr; #endif - - if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) { - return; - } - /* retrieve globals from module entry struct if possible */ + + if (zend_hash_find(&module_registry, "session", sizeof("session"), (void**)&module) == FAILURE) { + return; + } + /* retrieve globals from module entry struct if possible */ #ifdef ZTS - if (session_globals_id == 0) { - session_globals_id = *module->globals_id_ptr; - } + if (session_globals_id == 0) { + session_globals_id = *module->globals_id_ptr; + } #else - if (session_globals == NULL) { - session_globals = module->globals_ptr; - } + if (session_globals == NULL) { + session_globals = module->globals_ptr; + } #endif - - if (old_OnUpdateSaveHandler != NULL) { - return; - } - - /* hook request startup function of session module */ - old_SessionRINIT = module->request_startup_func; - module->request_startup_func = suhosin_hook_session_RINIT; - - /* retrieve pointer to session.save_handler ini entry */ - if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) { - return; - } - SUHOSIN_G(s_module) = NULL; - - /* replace OnUpdateMemoryLimit handler */ - old_OnUpdateSaveHandler = ini_entry->on_modify; - ini_entry->on_modify = suhosin_OnUpdateSaveHandler; - - suhosin_hook_session_module(TSRMLS_C); - - /* Protect the PHP serializer from ! attacks */ - serializer = (ps_serializer *) SESSION_G(serializer); - if (serializer != NULL && strcmp(serializer->name, "php")==0) { - serializer->encode = suhosin_session_encode; - } - - /* increase session identifier entropy */ - if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) { + + if (old_OnUpdateSaveHandler != NULL) { + return; + } + + /* hook request startup function of session module */ + old_SessionRINIT = module->request_startup_func; + module->request_startup_func = suhosin_hook_session_RINIT; + + /* retrieve pointer to session.save_handler ini entry */ + if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) { + return; + } + SUHOSIN_G(s_module) = NULL; + + /* replace OnUpdateMemoryLimit handler */ + old_OnUpdateSaveHandler = ini_entry->on_modify; + ini_entry->on_modify = suhosin_OnUpdateSaveHandler; + + suhosin_hook_session_module(TSRMLS_C); + + /* Protect the PHP serializer from ! attacks */ + serializer = (ps_serializer *) SESSION_G(serializer); + if (serializer != NULL && strcmp(serializer->name, "php")==0) { + serializer->encode = suhosin_session_encode; + } + + /* increase session identifier entropy */ + if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) { #ifndef PHP_WIN32 - /* ensure that /dev/urandom exists */ - int fd = VCWD_OPEN("/dev/urandom", O_RDONLY); - if (fd >= 0) { - close(fd); - SESSION_G(entropy_length) = 16; - SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1); - } + /* ensure that /dev/urandom exists */ + int fd = VCWD_OPEN("/dev/urandom", O_RDONLY); + if (fd >= 0) { + close(fd); + SESSION_G(entropy_length) = 16; + SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1); + } #endif - } + } } void suhosin_unhook_session(TSRMLS_D) { - if (old_OnUpdateSaveHandler != NULL) { - zend_ini_entry *ini_entry; - - /* retrieve pointer to session.save_handler ini entry */ - if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) { - return; - } - ini_entry->on_modify = old_OnUpdateSaveHandler; - - old_OnUpdateSaveHandler = NULL; - } + if (old_OnUpdateSaveHandler != NULL) { + zend_ini_entry *ini_entry; + + /* retrieve pointer to session.save_handler ini entry */ + if (zend_hash_find(EG(ini_directives), "session.save_handler", sizeof("session.save_handler"), (void **) &ini_entry) == FAILURE) { + return; + } + ini_entry->on_modify = old_OnUpdateSaveHandler; + + old_OnUpdateSaveHandler = NULL; + } } diff --git a/suhosin.c b/suhosin.c index 8336561..11f99f7 100644 --- a/suhosin.c +++ b/suhosin.c @@ -77,7 +77,7 @@ STATIC zend_extension suhosin_zend_extension_entry = { NULL, suhosin_op_array_ctor, suhosin_op_array_dtor, - + STANDARD_ZEND_EXTENSION_PROPERTIES }; @@ -86,15 +86,15 @@ static void suhosin_op_array_ctor(zend_op_array *op_array) TSRMLS_FETCH(); if (suhosin_zend_extension_entry.resource_number != -1) { - + unsigned long suhosin_flags = 0; - + if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL; } - + op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags; - + } } @@ -112,16 +112,16 @@ static void suhosin_op_array_dtor(zend_op_array *op_array) static void stealth_op_array_ctor(zend_op_array *op_array) { if (orig_op_array_ctor != NULL) { - orig_op_array_ctor(op_array); - } + orig_op_array_ctor(op_array); + } suhosin_op_array_ctor(op_array); } static void stealth_op_array_dtor(zend_op_array *op_array) { if (orig_op_array_dtor != NULL) { - orig_op_array_dtor(op_array); - } + orig_op_array_dtor(op_array); + } suhosin_op_array_dtor(op_array); } @@ -129,14 +129,14 @@ static int stealth_module_startup(zend_extension *extension) { int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension); suhosin_module_startup(extension); - return r; + return r; } static void stealth_module_shutdown(zend_extension *extension) { if (orig_module_shutdown != NULL) { - orig_module_shutdown(extension); - } + orig_module_shutdown(extension); + } suhosin_shutdown(extension); } @@ -146,22 +146,22 @@ static int suhosin_module_startup(zend_extension *extension) zend_module_entry *module_entry_ptr; int resid; TSRMLS_FETCH(); - + /* zend_register_module(&suhosin_module_entry TSRMLS_CC); */ - + if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) { - + if (extension) { - extension->handle = module_entry_ptr->handle; + extension->handle = module_entry_ptr->handle; } else { - zend_extension ext; - ext = suhosin_zend_extension_entry; - ext.handle = module_entry_ptr->handle; - /* - zend_llist_add_element(&zend_extensions, &ext); - extension = zend_llist_get_last(&zend_extensions); - */ - extension = &suhosin_zend_extension_entry; + zend_extension ext; + ext = suhosin_zend_extension_entry; + ext.handle = module_entry_ptr->handle; + /* + zend_llist_add_element(&zend_extensions, &ext); + extension = zend_llist_get_last(&zend_extensions); + */ + extension = &suhosin_zend_extension_entry; } module_entry_ptr->handle = NULL; @@ -198,14 +198,13 @@ static void suhosin_shutdown(zend_extension *extension) suhosin_unhook_header_handler(); suhosin_unhook_post_handlers(TSRMLS_C); /* suhosin_unhook_session(); - enabling this causes compability problems */ - - if (ze != NULL) { - ze->startup = orig_module_startup; - ze->shutdown = orig_module_shutdown; - ze->op_array_ctor = orig_op_array_ctor; - ze->op_array_dtor = orig_op_array_dtor; - } - + + if (ze != NULL) { + ze->startup = orig_module_startup; + ze->shutdown = orig_module_shutdown; + ze->op_array_ctor = orig_op_array_ctor; + ze->op_array_dtor = orig_op_array_dtor; + } } @@ -216,10 +215,10 @@ static int suhosin_startup_wrapper(zend_extension *ext) char *new_info; int new_info_length; TSRMLS_FETCH(); - + /* Ugly but working hack */ new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n") - + strlen(ext->author) + + strlen(ext->author) + strlen(ex->name) + strlen(ex->version) + strlen(ex->copyright) @@ -230,43 +229,42 @@ static int suhosin_startup_wrapper(zend_extension *ext) ext->author = new_info; ze->startup = old_startup; - + /* Stealth Mode */ orig_module_startup = ze->startup; orig_module_shutdown = ze->shutdown; orig_op_array_ctor = ze->op_array_ctor; orig_op_array_dtor = ze->op_array_dtor; - /*if (SUHOSIN_G(stealth) != 0) {*/ - ze->startup = stealth_module_startup; - ze->shutdown = stealth_module_shutdown; - ze->op_array_ctor = stealth_op_array_ctor; - ze->op_array_dtor = stealth_op_array_dtor; - /*}*/ - + /*if (SUHOSIN_G(stealth) != 0) {*/ + ze->startup = stealth_module_startup; + ze->shutdown = stealth_module_shutdown; + ze->op_array_ctor = stealth_op_array_ctor; + ze->op_array_dtor = stealth_op_array_dtor; + /*}*/ + if (old_startup != NULL) { res = old_startup(ext); } -/* ex->name = NULL; - ex->author = NULL; - ex->copyright = NULL; - ex->version = NULL;*/ +/* ex->name = NULL; + ex->author = NULL; + ex->copyright = NULL; + ex->version = NULL;*/ - /*zend_extensions.head=NULL;*/ + /*zend_extensions.head=NULL;*/ suhosin_module_startup(NULL); - - + return res; } /*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/ #define PERDIR_CHECK(upper, lower) \ - if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \ - return FAILURE; \ - } + if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \ + return FAILURE; \ + } #define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log) #define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec) @@ -283,94 +281,94 @@ static int suhosin_startup_wrapper(zend_extension *ext) static ZEND_INI_MH(OnUpdateSuhosin_perdir) { - char *tmp; + char *tmp; if (SUHOSIN_G(perdir)) { - pefree(SUHOSIN_G(perdir), 1); + pefree(SUHOSIN_G(perdir), 1); } SUHOSIN_G(perdir) = NULL; - - /* Initialize the perdir flags */ - SUHOSIN_G(log_perdir) = 0; - SUHOSIN_G(exec_perdir) = 0; - SUHOSIN_G(get_perdir) = 0; - SUHOSIN_G(cookie_perdir) = 0; - SUHOSIN_G(post_perdir) = 0; - SUHOSIN_G(request_perdir) = 0; - SUHOSIN_G(sql_perdir) = 0; - SUHOSIN_G(upload_perdir) = 0; - SUHOSIN_G(misc_perdir) = 0; - + + /* Initialize the perdir flags */ + SUHOSIN_G(log_perdir) = 0; + SUHOSIN_G(exec_perdir) = 0; + SUHOSIN_G(get_perdir) = 0; + SUHOSIN_G(cookie_perdir) = 0; + SUHOSIN_G(post_perdir) = 0; + SUHOSIN_G(request_perdir) = 0; + SUHOSIN_G(sql_perdir) = 0; + SUHOSIN_G(upload_perdir) = 0; + SUHOSIN_G(misc_perdir) = 0; + if (new_value == NULL) { return SUCCESS; } - - tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1); - - /* trim the whitespace */ - while (isspace(*tmp)) tmp++; - - /* should we deactivate perdir completely? */ - if (*tmp == 0 || *tmp == '0') { - return SUCCESS; - } - - /* no deactivation so check the flags */ - while (*tmp) { - switch (*tmp) { - case 'l': - case 'L': - SUHOSIN_G(log_perdir) = 1; - break; - case 'e': - case 'E': - SUHOSIN_G(exec_perdir) = 1; - break; - case 'g': - case 'G': - SUHOSIN_G(get_perdir) = 1; - break; - case 'c': - case 'C': - SUHOSIN_G(cookie_perdir) = 1; - break; - case 'p': - case 'P': - SUHOSIN_G(post_perdir) = 1; - break; - case 'r': - case 'R': - SUHOSIN_G(request_perdir) = 1; - break; - case 's': - case 'S': - SUHOSIN_G(sql_perdir) = 1; - break; - case 'u': - case 'U': - SUHOSIN_G(upload_perdir) = 1; - break; - case 'm': - case 'M': - SUHOSIN_G(misc_perdir) = 1; - break; - } - tmp++; - } + + tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1); + + /* trim the whitespace */ + while (isspace(*tmp)) tmp++; + + /* should we deactivate perdir completely? */ + if (*tmp == 0 || *tmp == '0') { + return SUCCESS; + } + + /* no deactivation so check the flags */ + while (*tmp) { + switch (*tmp) { + case 'l': + case 'L': + SUHOSIN_G(log_perdir) = 1; + break; + case 'e': + case 'E': + SUHOSIN_G(exec_perdir) = 1; + break; + case 'g': + case 'G': + SUHOSIN_G(get_perdir) = 1; + break; + case 'c': + case 'C': + SUHOSIN_G(cookie_perdir) = 1; + break; + case 'p': + case 'P': + SUHOSIN_G(post_perdir) = 1; + break; + case 'r': + case 'R': + SUHOSIN_G(request_perdir) = 1; + break; + case 's': + case 'S': + SUHOSIN_G(sql_perdir) = 1; + break; + case 'u': + case 'U': + SUHOSIN_G(upload_perdir) = 1; + break; + case 'm': + case 'M': + SUHOSIN_G(misc_perdir) = 1; + break; + } + tmp++; + } return SUCCESS; } #define dohandler(handler, name, upper, lower) \ - static ZEND_INI_MH(OnUpdate ## name ## handler) \ - { \ - PERDIR_CHECK(upper, lower) \ - return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \ - } \ + static ZEND_INI_MH(OnUpdate ## name ## handler) \ + { \ + PERDIR_CHECK(upper, lower) \ + return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \ + } \ #define dohandlers(name, upper, lower) \ - dohandler(Bool, name, upper, lower) \ - dohandler(String, name, upper, lower) \ - dohandler(Long, name, upper, lower) \ + dohandler(Bool, name, upper, lower) \ + dohandler(String, name, upper, lower) \ + dohandler(Long, name, upper, lower) \ dohandlers(Log, LOG, log) dohandlers(Exec, EXEC, exec) @@ -384,7 +382,7 @@ dohandlers(SQL, SQL, sql) static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY; } else { @@ -399,7 +397,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) } static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_syslog_facility) = LOG_USER; } else { @@ -409,7 +407,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) } static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_syslog_priority) = LOG_ALERT; } else { @@ -419,7 +417,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) } static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL); } else { @@ -434,7 +432,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) } static ZEND_INI_MH(OnUpdateSuhosin_log_stdout) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL); } else { @@ -449,7 +447,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_stdout) } static ZEND_INI_MH(OnUpdateSuhosin_log_script) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY; } else { @@ -464,11 +462,11 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_script) } static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (SUHOSIN_G(log_scriptname)) { pefree(SUHOSIN_G(log_scriptname),1); } - SUHOSIN_G(log_scriptname) = NULL; + SUHOSIN_G(log_scriptname) = NULL; if (new_value) { SUHOSIN_G(log_scriptname) = pestrdup(new_value,1); } @@ -476,7 +474,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) } static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY; } else { @@ -491,7 +489,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) } static ZEND_INI_MH(OnUpdateSuhosin_log_file) { - LOG_PERDIR_CHECK() + LOG_PERDIR_CHECK() if (!new_value) { SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY; } else { @@ -509,7 +507,7 @@ static void parse_list(HashTable **ht, char *list, zend_bool lc) { char *s = NULL, *e, *val; unsigned long dummy = 1; - + if (list == NULL) { list_destroy: if (*ht) { @@ -523,17 +521,17 @@ list_destroy: if (*list == 0) { goto list_destroy; } - + *ht = pemalloc(sizeof(HashTable), 1); zend_hash_init(*ht, 5, NULL, NULL, 1); - + if (lc) { - val = suhosin_str_tolower_dup(list, strlen(list)); - } else { - val = estrndup(list, strlen(list)); - } + val = suhosin_str_tolower_dup(list, strlen(list)); + } else { + val = estrndup(list, strlen(list)); + } e = val; - + while (*e) { switch (*e) { case ' ': @@ -561,42 +559,42 @@ list_destroy: static ZEND_INI_MH(OnUpdate_include_blacklist) { - EXEC_PERDIR_CHECK() + EXEC_PERDIR_CHECK() parse_list(&SUHOSIN_G(include_blacklist), new_value, 1); return SUCCESS; } static ZEND_INI_MH(OnUpdate_include_whitelist) { - EXEC_PERDIR_CHECK() + EXEC_PERDIR_CHECK() parse_list(&SUHOSIN_G(include_whitelist), new_value, 1); return SUCCESS; } static ZEND_INI_MH(OnUpdate_func_blacklist) { - EXEC_PERDIR_CHECK() + EXEC_PERDIR_CHECK() parse_list(&SUHOSIN_G(func_blacklist), new_value, 1); return SUCCESS; } static ZEND_INI_MH(OnUpdate_func_whitelist) { - EXEC_PERDIR_CHECK() + EXEC_PERDIR_CHECK() parse_list(&SUHOSIN_G(func_whitelist), new_value, 1); return SUCCESS; } static ZEND_INI_MH(OnUpdate_eval_blacklist) { - EXEC_PERDIR_CHECK() + EXEC_PERDIR_CHECK() parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1); return SUCCESS; } static ZEND_INI_MH(OnUpdate_eval_whitelist) { - EXEC_PERDIR_CHECK() + EXEC_PERDIR_CHECK() parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1); return SUCCESS; } @@ -662,16 +660,16 @@ static PHP_FUNCTION(suhosin_encrypt_cookie) char *name, *value; int name_len, value_len; char cryptkey[33]; - + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) { return; } - + if (!SUHOSIN_G(cookie_encrypt)) { return_plain: RETURN_STRINGL(value, value_len, 1); } - + if (SUHOSIN_G(cookie_plainlist)) { if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) { goto return_plain; @@ -681,10 +679,10 @@ return_plain: goto return_plain; } } - + suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC); - + RETVAL_STRING(value, 0); } /* }}} */ @@ -697,9 +695,9 @@ static PHP_FUNCTION(suhosin_get_raw_cookies) zval *array_ptr = return_value; char *strtok_buf = NULL; int val_len; - + array_init(array_ptr); - + if (SUHOSIN_G(raw_cookie)) { res = estrdup(SUHOSIN_G(raw_cookie)); } else { @@ -715,7 +713,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies) var = res; } if (!*var) { continue; } - + val = strchr(var, '='); if (val) { /* have a value */ *val++ = '\0'; @@ -727,7 +725,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies) val = ""; } php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); - + } efree(res); @@ -787,7 +785,7 @@ static zend_ini_entry shared_ini_entries[] = { STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) ZEND_INI_END() - + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals) ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir) @@ -795,7 +793,7 @@ PHP_INI_BEGIN() ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist) ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist) STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals) - ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist) + ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist) ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist) ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist) ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist) @@ -805,71 +803,71 @@ PHP_INI_BEGIN() STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals) - + STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals) - - - - STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) - - STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals) - - STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals) - - STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals) - - STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) -#ifdef SUHOSIN_EXPERIMENTAL - STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) -#endif - STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) - STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals) + + STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) + + STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals) + + STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals) + + STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals) + + STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) + #ifdef SUHOSIN_EXPERIMENTAL + STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) + #endif + STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) + + + STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals) @@ -883,8 +881,8 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals) #else /* HAVE_PHP_SESSION */ #warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT @@ -895,8 +893,8 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals) ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist) ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist) @@ -916,7 +914,7 @@ PHP_INI_END() */ char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC) { - if (sapi_module.getenv) { + if (sapi_module.getenv) { char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC); if (tmp) { value = estrdup(tmp); @@ -927,7 +925,7 @@ char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC) } else { /* fallback to the system's getenv() function */ char *tmp; - + name = estrndup(name, name_len); tmp = getenv(name); efree(name); @@ -979,25 +977,25 @@ PHP_MINIT_FUNCTION(suhosin) REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); } - + /* check if shared ini directives are already known (maybe a patched PHP) */ if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) { - + /* and update them */ zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries; - + while (p->name) { - + zend_ini_entry *i; - + if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) { /* continue registering them */ zend_register_ini_entries(p, module_number TSRMLS_CC); break; } - + SDEBUG("updating ini %s=%s", i->name, i->value); - + i->modifiable = p->modifiable; i->module_number = module_number; i->on_modify = p->on_modify; @@ -1008,15 +1006,15 @@ PHP_MINIT_FUNCTION(suhosin) p++; } } else { - + /* not registered yet, then simply use the API */ zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC); - + } /* and register the rest of the ini entries */ REGISTER_INI_ENTRIES(); - + /* Force display_errors=off */ if (SUHOSIN_G(disable_display_errors)) { zend_ini_entry *i; @@ -1034,14 +1032,14 @@ PHP_MINIT_FUNCTION(suhosin) } } } - + /* Load invisible to other Zend Extensions */ if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) { zend_extension extension; extension = suhosin_zend_extension_entry; extension.handle = NULL; zend_llist_add_element(&zend_extensions, &extension); - ze = NULL; + ze = NULL; } else { ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp); old_startup = ze->startup; @@ -1099,12 +1097,12 @@ PHP_RINIT_FUNCTION(suhosin) PHP_RSHUTDOWN_FUNCTION(suhosin) { SDEBUG("(RSHUTDOWN)"); - - /* We need to clear the input filtering + + /* We need to clear the input filtering variables in the request shutdown - because input filtering is done before + because input filtering is done before RINIT */ - + SUHOSIN_G(cur_request_variables) = 0; SUHOSIN_G(cur_cookie_vars) = 0; SUHOSIN_G(cur_get_vars) = 0; @@ -1115,28 +1113,28 @@ PHP_RSHUTDOWN_FUNCTION(suhosin) SUHOSIN_G(att_post_vars) = 0; SUHOSIN_G(num_uploads) = 0; - SUHOSIN_G(no_more_variables) = 0; - SUHOSIN_G(no_more_get_variables) = 0; - SUHOSIN_G(no_more_post_variables) = 0; - SUHOSIN_G(no_more_cookie_variables) = 0; - SUHOSIN_G(no_more_uploads) = 0; - + SUHOSIN_G(no_more_variables) = 0; + SUHOSIN_G(no_more_get_variables) = 0; + SUHOSIN_G(no_more_post_variables) = 0; + SUHOSIN_G(no_more_cookie_variables) = 0; + SUHOSIN_G(no_more_uploads) = 0; + SUHOSIN_G(abort_request) = 0; - + if (SUHOSIN_G(reseed_every_request)) { SUHOSIN_G(r_is_seeded) = 0; SUHOSIN_G(mt_is_seeded) = 0; } - + if (SUHOSIN_G(decrypted_cookie)) { efree(SUHOSIN_G(decrypted_cookie)); SUHOSIN_G(decrypted_cookie)=NULL; } - if (SUHOSIN_G(raw_cookie)) { + if (SUHOSIN_G(raw_cookie)) { efree(SUHOSIN_G(raw_cookie)); SUHOSIN_G(raw_cookie)=NULL; } - + return SUCCESS; } /* }}} */ @@ -1145,9 +1143,9 @@ PHP_RSHUTDOWN_FUNCTION(suhosin) */ static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type) { - TSRMLS_FETCH(); + TSRMLS_FETCH(); - PHPWRITE("[ protected ]", strlen("[ protected ]")); + PHPWRITE("[ protected ]", strlen("[ protected ]")); } /* }}} */ @@ -1181,35 +1179,35 @@ PHP_MINFO_FUNCTION(suhosin) } php_info_print_box_end(); - if (SUHOSIN_G(protectkey)) { - zend_ini_entry *i; - + if (SUHOSIN_G(protectkey)) { + zend_ini_entry *i; + if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { - i->displayer = suhosin_ini_displayer; - } + i->displayer = suhosin_ini_displayer; + } if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { - i->displayer = suhosin_ini_displayer; - } + i->displayer = suhosin_ini_displayer; + } if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { - i->displayer = suhosin_ini_displayer; - } - } - + i->displayer = suhosin_ini_displayer; + } + } + DISPLAY_INI_ENTRIES(); - if (SUHOSIN_G(protectkey)) { - zend_ini_entry *i; - + if (SUHOSIN_G(protectkey)) { + zend_ini_entry *i; + if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { - i->displayer = NULL; - } + i->displayer = NULL; + } if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { - i->displayer = NULL; - } + i->displayer = NULL; + } if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { - i->displayer = NULL; - } - } + i->displayer = NULL; + } + } } /* }}} */ diff --git a/ufilter.c b/ufilter.c index 203d76c..73573ad 100644 --- a/ufilter.c +++ b/ufilter.c @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ /* - $Id: ufilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ + $Id: ufilter.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ */ #ifdef HAVE_CONFIG_H @@ -48,12 +48,12 @@ static int check_fileupload_varname(char *varname TSRMLS_DC) /* Normalize the variable name */ normalize_varname(var); - + /* Find length of variable name */ index = strchr(var, '['); total_len = strlen(var); var_len = index ? index-var : total_len; - + /* Drop this variable if it exceeds the varname/total length limit */ if (SUHOSIN_G(max_varname_length) && SUHOSIN_G(max_varname_length) < var_len) { suhosin_log(S_FILES, "configured request variable name length limit exceeded - dropped variable '%s'", var); @@ -79,38 +79,38 @@ static int check_fileupload_varname(char *varname TSRMLS_DC) goto return_failure; } } - + /* Find out array depth */ while (index) { char *index_end; unsigned int index_length; - + /* overjump '[' */ index++; - + /* increase array depth */ depth++; - + index_end = strchr(index, ']'); if (index_end == NULL) { index_end = index+strlen(index); } - + index_length = index_end - index; - + if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) { suhosin_log(S_FILES, "configured request variable array index length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { goto return_failure; } - } + } if (SUHOSIN_G(max_post_array_index_length) && SUHOSIN_G(max_post_array_index_length) < index_length) { suhosin_log(S_FILES, "configured POST variable array index length limit exceeded - dropped variable '%s'", var); if (!SUHOSIN_G(simulation)) { goto return_failure; } - } - + } + /* index whitelist/blacklist */ if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { @@ -127,11 +127,11 @@ static int check_fileupload_varname(char *varname TSRMLS_DC) } } } - - - index = strchr(index, '['); + + + index = strchr(index, '['); } - + /* Drop this variable if it exceeds the array depth limit */ if (SUHOSIN_G(max_array_depth) && SUHOSIN_G(max_array_depth) < depth) { suhosin_log(S_FILES, "configured request variable array depth limit exceeded - dropped variable '%s'", var); @@ -145,8 +145,8 @@ static int check_fileupload_varname(char *varname TSRMLS_DC) goto return_failure; } } - - + + /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ /* This is to protect several silly scripts that do globalizing themself */ if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE || suhosin_is_protected_varname(var, var_len)) { @@ -158,10 +158,10 @@ static int check_fileupload_varname(char *varname TSRMLS_DC) efree(var); return SUCCESS; - + return_failure: efree(var); - return FAILURE; + return FAILURE; } /* }}} */ @@ -200,54 +200,54 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS SDEBUG("rfc1867_filter %u", event); switch (event) { - case MULTIPART_EVENT_START: - case MULTIPART_EVENT_FORMDATA: - /* nothing todo */ - break; - - case MULTIPART_EVENT_FILE_START: - { - multipart_event_file_start *mefs = (multipart_event_file_start *) event_data; - + case MULTIPART_EVENT_START: + case MULTIPART_EVENT_FORMDATA: + /* nothing todo */ + break; + + case MULTIPART_EVENT_FILE_START: + { + multipart_event_file_start *mefs = (multipart_event_file_start *) event_data; + /* Drop if no more variables flag is set */ - if (SUHOSIN_G(no_more_uploads)) { - goto continue_with_failure; - } - + if (SUHOSIN_G(no_more_uploads)) { + goto continue_with_failure; + } + /* Drop this fileupload if the limit is reached */ if (SUHOSIN_G(upload_limit) && SUHOSIN_G(upload_limit) <= SUHOSIN_G(num_uploads)) { suhosin_log(S_FILES, "configured fileupload limit exceeded - file dropped"); if (!SUHOSIN_G(simulation)) { - SUHOSIN_G(no_more_uploads) = 1; - goto continue_with_failure; + SUHOSIN_G(no_more_uploads) = 1; + goto continue_with_failure; } } - - - if (check_fileupload_varname(mefs->name TSRMLS_CC) == FAILURE) { - goto continue_with_failure; - } - } - - break; - - case MULTIPART_EVENT_FILE_DATA: - - if (SUHOSIN_G(upload_disallow_elf)) { - multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; - - if (mefd->offset == 0 && mefd->length > 10) { - if (mefd->data[0] == 0x7F && mefd->data[1] == 'E' && mefd->data[2] == 'L' && mefd->data[3] == 'F') { - suhosin_log(S_FILES, "uploaded file is an ELF executable - file dropped"); - if (!SUHOSIN_G(simulation)) { - goto continue_with_failure; - } - } - } - } - + + + if (check_fileupload_varname(mefs->name TSRMLS_CC) == FAILURE) { + goto continue_with_failure; + } + } + + break; + + case MULTIPART_EVENT_FILE_DATA: + + if (SUHOSIN_G(upload_disallow_elf)) { + multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; + + if (mefd->offset == 0 && mefd->length > 10) { + if (mefd->data[0] == 0x7F && mefd->data[1] == 'E' && mefd->data[2] == 'L' && mefd->data[3] == 'F') { + suhosin_log(S_FILES, "uploaded file is an ELF executable - file dropped"); + if (!SUHOSIN_G(simulation)) { + goto continue_with_failure; + } + } + } + } + if (SUHOSIN_G(upload_disallow_binary)) { - + multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; char *cp, *cpend; @@ -275,11 +275,11 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS } if (SUHOSIN_G(upload_remove_binary)) { - + multipart_event_file_data *mefd = (multipart_event_file_data *) event_data; size_t i, j; int n; - + for (i=0, j=0; ilength; i++) { if (mefd->data[i] >= 32 || isspace(mefd->data[i])) { mefd->data[j++] = mefd->data[i]; @@ -296,7 +296,7 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS #endif } mefd->data[j] = '\0'; - + SDEBUG("removing binary %zu %zu",i,j); /* IMPORTANT FOR DAISY CHAINING */ mefd->length = j; @@ -304,31 +304,31 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS *mefd->newlength = j; } } - - break; - - case MULTIPART_EVENT_FILE_END: - - if (SUHOSIN_G(upload_verification_script)) { - multipart_event_file_end *mefe = (multipart_event_file_end *) event_data; - char cmd[8192]; - FILE *in; - int first=1; + + break; + + case MULTIPART_EVENT_FILE_END: + + if (SUHOSIN_G(upload_verification_script)) { + multipart_event_file_end *mefe = (multipart_event_file_end *) event_data; + char cmd[8192]; + FILE *in; + int first=1; struct stat st; - char *sname = SUHOSIN_G(upload_verification_script); - - /* ignore files that will get deleted anyway */ - if (mefe->cancel_upload) { - break; - } - - /* ignore empty scriptnames */ - while (isspace(*sname)) ++sname; - if (*sname == 0) { - SUHOSIN_G(num_uploads)++; - break; - } - + char *sname = SUHOSIN_G(upload_verification_script); + + /* ignore files that will get deleted anyway */ + if (mefe->cancel_upload) { + break; + } + + /* ignore empty scriptnames */ + while (isspace(*sname)) ++sname; + if (*sname == 0) { + SUHOSIN_G(num_uploads)++; + break; + } + if (VCWD_STAT(sname, &st) < 0) { suhosin_log(S_FILES, "unable to find fileupload verification script %s - file dropped", sname); if (!SUHOSIN_G(simulation)) { @@ -343,29 +343,29 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS goto continue_with_failure; } else { goto continue_with_next; - } + } } - - ap_php_snprintf(cmd, sizeof(cmd), "%s %s 2>&1", sname, mefe->temp_filename); - - if ((in=VCWD_POPEN(cmd, "r"))==NULL) { - suhosin_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", sname); - if (!SUHOSIN_G(simulation)) { - goto continue_with_failure; - } else { - goto continue_with_next; - } - } - - retval = FAILURE; - - /* read and forget the result */ - while (1) { - int readbytes = fread(cmd, 1, sizeof(cmd), in); - if (readbytes<=0) { - break; - } - if (first) { + + ap_php_snprintf(cmd, sizeof(cmd), "%s %s 2>&1", sname, mefe->temp_filename); + + if ((in=VCWD_POPEN(cmd, "r"))==NULL) { + suhosin_log(S_FILES, "unable to execute fileupload verification script %s - file dropped", sname); + if (!SUHOSIN_G(simulation)) { + goto continue_with_failure; + } else { + goto continue_with_next; + } + } + + retval = FAILURE; + + /* read and forget the result */ + while (1) { + int readbytes = fread(cmd, 1, sizeof(cmd), in); + if (readbytes<=0) { + break; + } + if (first) { if (strncmp(cmd, "sh: ", 4) == 0) { /* assume this is an error */ suhosin_log(S_FILES, "error while executing fileupload verification script %s - file dropped", sname); @@ -378,30 +378,30 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS retval = atoi(cmd) == 1 ? SUCCESS : FAILURE; first = 0; } - } - } - pclose(in); - } - - if (retval != SUCCESS) { - suhosin_log(S_FILES, "fileupload verification script disallows file - file dropped"); - if (!SUHOSIN_G(simulation)) { - goto continue_with_failure; - } - } - - SUHOSIN_G(num_uploads)++; - break; - - case MULTIPART_EVENT_END: - /* nothing todo */ - break; - - default: - /* unknown: return failure */ - goto continue_with_failure; + } + } + pclose(in); + } + + if (retval != SUCCESS) { + suhosin_log(S_FILES, "fileupload verification script disallows file - file dropped"); + if (!SUHOSIN_G(simulation)) { + goto continue_with_failure; + } + } + + SUHOSIN_G(num_uploads)++; + break; + + case MULTIPART_EVENT_END: + /* nothing todo */ + break; + + default: + /* unknown: return failure */ + goto continue_with_failure; } -continue_with_next: +continue_with_next: #if HAVE_RFC1867_CALLBACK if (php_rfc1867_callback != NULL) { return php_rfc1867_callback(event, event_data, extra TSRMLS_CC); @@ -409,7 +409,7 @@ continue_with_next: #endif return SUCCESS; continue_with_failure: - SUHOSIN_G(abort_request) = 1; + SUHOSIN_G(abort_request) = 1; return FAILURE; } -- cgit v1.3