memory limit

author: Ben Fuhrmannek 2016-03-03 15:36:40 +0100
committer: Ben Fuhrmannek 2016-03-03 15:36:40 +0100
commit: 3e77c15105551dee21edac0ab090ffaf10c4ff4d (patch)
tree: 7e756df9267432260e4a329f9f3c0eb7b978c763
parent: adbeda7daaa6ff3a1fbc25d35cc62a1979214f7f (diff)
8 files changed, 159 insertions, 6 deletions
diff --git a/execute.c b/execute.c
index 353f691..ea9b21a 100644
--- a/execute.c
+++ b/execute.c
@@ -151,7 +151,7 @@ static int suhosin_check_filename(char *s, int slen)
        SDEBUG("fn=%s", s);
        /* disallow uploaded files */
        if (SG(rfc1867_uploaded_files)) {
-                if (zend_hash_str_exists(SG(rfc1867_uploaded_files), s, slen)) { // <--- TODO: range check
+                if (zend_hash_str_exists(SG(rfc1867_uploaded_files), s, slen)) {
                        return SUHOSIN_CODE_TYPE_UPLOADED;
                }
        }
@@ -777,9 +777,7 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
        }
        
        suhosin_internal_function_handler *ih;
-        // SDEBUG("before %d", zend_hash_exists(&ihandler_table, function_name));
        if ((ih = zend_hash_find_ptr(&ihandler_table, function_name))) {
-        // SDEBUG("AFTER");
                void *handler = execute_data->func->internal_function.handler;
                
                if (handler != ZEND_FN(display_disabled_function)) {
diff --git a/memory_limit.c b/memory_limit.c
index 5b8b438..2a7a114 100644
--- a/memory_limit.c
+++ b/memory_limit.c
@@ -52,6 +52,7 @@ static PHP_INI_MH(suhosin_OnChangeMemoryLimit)
        if (new_value) {
                PG(memory_limit) = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value));
                if (hard_memory_limit > 0) {
+                        // SDEBUG("%lld > %lld ?", PG(memory_limit), hard_memory_limit);
                        if (PG(memory_limit) > hard_memory_limit) {
                                suhosin_log(S_MISC, "script tried to increase memory_limit to " ZEND_LONG_FMT " bytes which is above the allowed value", PG(memory_limit));
                                if (!SUHOSIN7_G(simulation)) {
diff --git a/suhosin7.c b/suhosin7.c
index 7e29f2e..1537130 100644
--- a/suhosin7.c
+++ b/suhosin7.c
@@ -309,8 +309,8 @@ PHP_INI_BEGIN()
        // 
        STD_S7_INI_BOOLEAN("suhosin.multiheader",                       "0",    PHP_INI_PERDIR|PHP_INI_SYSTEM,  OnUpdateMiscBool, allow_multiheader)
        // STD_S7_INI_ENTRY("suhosin.mail.protect",                     "0",    PHP_INI_PERDIR|PHP_INI_SYSTEM,  OnUpdateMiscLong, mailprotect)
-        // STD_S7_INI_ENTRY("suhosin.memory_limit",                     "0",    PHP_INI_PERDIR|PHP_INI_SYSTEM,  OnUpdateMiscLong, memory_limit)
+        STD_S7_INI_ENTRY("suhosin.memory_limit",                        "0",    PHP_INI_PERDIR|PHP_INI_SYSTEM,  OnUpdateMiscLong, memory_limit)
-        // STD_S7_INI_BOOLEAN("suhosin.simulation",                     "0",    PHP_INI_PERDIR|PHP_INI_SYSTEM,  OnUpdateMiscBool, simulation)
+        STD_S7_INI_BOOLEAN("suhosin.simulation",                        "0",    PHP_INI_PERDIR|PHP_INI_SYSTEM,  OnUpdateMiscBool, simulation)
        // STD_S7_INI_ENTRY("suhosin.filter.action",                    NULL,   PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action)
        // 
        STD_S7_INI_BOOLEAN("suhosin.protectkey",                        "1",    PHP_INI_SYSTEM, OnUpdateBool, protectkey)
@@ -517,7 +517,7 @@ PHP_MINIT_FUNCTION(suhosin7)
        suhosin_hook_header_handler();
        suhosin_hook_execute();
-        // suhosin_hook_memory_limit();
+        suhosin_hook_memory_limit();
        // suhosin_hook_sha256();
        return SUCCESS;
diff --git a/tests/executor/memory_limit.phpt b/tests/executor/memory_limit.phpt
new file mode 100644
index 0000000..404ab19
--- /dev/null
+++ b/tests/executor/memory_limit.phpt
@@ -0,0 +1,29 @@
+--TEST--
+memory_limit test: set suhosin hard_limit to normal limit
+--SKIPIF--
+<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; ?>
+--INI--
+memory_limit=16M
+suhosin.memory_limit=0
+suhosin.log.syslog=0
+suhosin.log.script=0
+suhosin.log.sapi=2
+--FILE--
+<?php
+    ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
+?>
+--EXPECTF--
+13M
+14M
+15M
+16M
+ALERT - script tried to increase memory_limit to 17825792 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 6)
+16M
+ALERT - script tried to increase memory_limit to 18874368 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7)
+16M
diff --git a/tests/executor/memory_limit_64bit.phpt b/tests/executor/memory_limit_64bit.phpt
new file mode 100644
index 0000000..35be80b
--- /dev/null
+++ b/tests/executor/memory_limit_64bit.phpt
@@ -0,0 +1,43 @@
+--TEST--
+memory_limit test: set suhosin hard_limit to normal limit (64 bit)
+--SKIPIF--
+<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; 
+else if (PHP_INT_SIZE != 8) print "skip This is not a 64 bit system";
+?>
+--INI--
+memory_limit=16M
+suhosin.memory_limit=0
+suhosin.log.syslog=0
+suhosin.log.script=0
+suhosin.log.sapi=2
+--FILE--
+<?php
+    ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "2G"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "3G"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "4G"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "5G"); echo ini_get("memory_limit"), "\n";
+?>
+--EXPECTF--
+13M
+14M
+15M
+16M
+ALERT - script tried to increase memory_limit to 17825792 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 6)
+16M
+ALERT - script tried to increase memory_limit to 18874368 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7)
+16M
+ALERT - script tried to increase memory_limit to 2147483648 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 8)
+16M
+ALERT - script tried to increase memory_limit to 3221225472 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 9)
+16M
+ALERT - script tried to increase memory_limit to 4294967296 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 10)
+16M
+ALERT - script tried to increase memory_limit to 5368709120 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 11)
+16M
diff --git a/tests/executor/memory_limit_64bit_10G.phpt b/tests/executor/memory_limit_64bit_10G.phpt
new file mode 100644
index 0000000..284db50
--- /dev/null
+++ b/tests/executor/memory_limit_64bit_10G.phpt
@@ -0,0 +1,36 @@
+--TEST--
+memory_limit test: set suhosin hard_limit to normal limit (64 bit) - 10 GB
+--SKIPIF--
+<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; 
+else if (PHP_INT_SIZE != 8) print "skip This is not a 64 bit system";
+?>
+--INI--
+memory_limit=10G
+suhosin.memory_limit=0
+suhosin.log.syslog=0
+suhosin.log.script=0
+suhosin.log.sapi=2
+--FILE--
+<?php
+    ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "2G"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "3G"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "4G"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "5G"); echo ini_get("memory_limit"), "\n";
+?>
+--EXPECTF--
+13M
+14M
+15M
+16M
+17M
+18M
+2G
+3G
+4G
+5G
diff --git a/tests/executor/memory_limit_negative.phpt b/tests/executor/memory_limit_negative.phpt
new file mode 100644
index 0000000..7fad546
--- /dev/null
+++ b/tests/executor/memory_limit_negative.phpt
@@ -0,0 +1,18 @@
+--TEST--
+memory_limit test: trying to set memory_limit to a negative value
+--SKIPIF--
+<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; ?>
+--INI--
+memory_limit=16M
+suhosin.memory_limit=17M
+suhosin.log.syslog=0
+suhosin.log.script=0
+suhosin.log.sapi=2
+--FILE--
+<?php
+    ini_set("memory_limit", "-200000"); echo ini_get("memory_limit"), "\n";
+?>
+--EXPECTF--
+ALERT - script tried to disable memory_limit by setting it to a negative value -%d bytes which is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
+16M
diff --git a/tests/executor/memory_limit_other_hardlimit.phpt b/tests/executor/memory_limit_other_hardlimit.phpt
new file mode 100644
index 0000000..cac11dc
--- /dev/null
+++ b/tests/executor/memory_limit_other_hardlimit.phpt
@@ -0,0 +1,28 @@
+--TEST--
+memory_limit test: set suhosin hard_limit to normal limit + 1M
+--SKIPIF--
+<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; ?>
+--INI--
+memory_limit=16M
+suhosin.memory_limit=17M
+suhosin.log.syslog=0
+suhosin.log.script=0
+suhosin.log.sapi=2
+--FILE--
+<?php
+    ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
+    ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
+?>
+--EXPECTF--
+13M
+14M
+15M
+16M
+17M
+ALERT - script tried to increase memory_limit to %d bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7)
+17M
author	Ben Fuhrmannek	2016-03-03 15:36:40 +0100
committer	Ben Fuhrmannek	2016-03-03 15:36:40 +0100
commit	3e77c15105551dee21edac0ab090ffaf10c4ff4d (patch)
tree	7e756df9267432260e4a329f9f3c0eb7b978c763
parent	adbeda7daaa6ff3a1fbc25d35cc62a1979214f7f (diff)

diff --git a/execute.c b/execute.c index 353f691..ea9b21a 100644 --- a/execute.c +++ b/execute.c
@@ -151,7 +151,7 @@ static int suhosin_check_filename(char *s, int slen)
151	SDEBUG("fn=%s", s);	151	SDEBUG("fn=%s", s);
152	/* disallow uploaded files */	152	/* disallow uploaded files */
153	if (SG(rfc1867_uploaded_files)) {	153	if (SG(rfc1867_uploaded_files)) {
154	if (zend_hash_str_exists(SG(rfc1867_uploaded_files), s, slen)) { // <--- TODO: range check	154	if (zend_hash_str_exists(SG(rfc1867_uploaded_files), s, slen)) {
155	return SUHOSIN_CODE_TYPE_UPLOADED;	155	return SUHOSIN_CODE_TYPE_UPLOADED;
156	}	156	}
157	}	157	}
@@ -777,9 +777,7 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
777	}	777	}
778		778
779	suhosin_internal_function_handler *ih;	779	suhosin_internal_function_handler *ih;
780	// SDEBUG("before %d", zend_hash_exists(&ihandler_table, function_name));
781	if ((ih = zend_hash_find_ptr(&ihandler_table, function_name))) {	780	if ((ih = zend_hash_find_ptr(&ihandler_table, function_name))) {
782	// SDEBUG("AFTER");
783	void *handler = execute_data->func->internal_function.handler;	781	void *handler = execute_data->func->internal_function.handler;
784		782
785	if (handler != ZEND_FN(display_disabled_function)) {	783	if (handler != ZEND_FN(display_disabled_function)) {


diff --git a/memory_limit.c b/memory_limit.c index 5b8b438..2a7a114 100644 --- a/memory_limit.c +++ b/memory_limit.c
@@ -52,6 +52,7 @@ static PHP_INI_MH(suhosin_OnChangeMemoryLimit)
52	if (new_value) {	52	if (new_value) {
53	PG(memory_limit) = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value));	53	PG(memory_limit) = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value));
54	if (hard_memory_limit > 0) {	54	if (hard_memory_limit > 0) {
		55	// SDEBUG("%lld > %lld ?", PG(memory_limit), hard_memory_limit);
55	if (PG(memory_limit) > hard_memory_limit) {	56	if (PG(memory_limit) > hard_memory_limit) {
56	suhosin_log(S_MISC, "script tried to increase memory_limit to " ZEND_LONG_FMT " bytes which is above the allowed value", PG(memory_limit));	57	suhosin_log(S_MISC, "script tried to increase memory_limit to " ZEND_LONG_FMT " bytes which is above the allowed value", PG(memory_limit));
57	if (!SUHOSIN7_G(simulation)) {	58	if (!SUHOSIN7_G(simulation)) {


diff --git a/suhosin7.c b/suhosin7.c index 7e29f2e..1537130 100644 --- a/suhosin7.c +++ b/suhosin7.c
@@ -309,8 +309,8 @@ PHP_INI_BEGIN()
309	//	309	//
310	STD_S7_INI_BOOLEAN("suhosin.multiheader", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader)	310	STD_S7_INI_BOOLEAN("suhosin.multiheader", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader)
311	// STD_S7_INI_ENTRY("suhosin.mail.protect", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscLong, mailprotect)	311	// STD_S7_INI_ENTRY("suhosin.mail.protect", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscLong, mailprotect)
312	// STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit)	312	STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit)
313	// STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation)	313	STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR\|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation)
314	// STD_S7_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM\|PHP_INI_PERDIR, OnUpdateMiscString, filter_action)	314	// STD_S7_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM\|PHP_INI_PERDIR, OnUpdateMiscString, filter_action)
315	//	315	//
316	STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey)	316	STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey)
@@ -517,7 +517,7 @@ PHP_MINIT_FUNCTION(suhosin7)
517	suhosin_hook_header_handler();	517	suhosin_hook_header_handler();
518	suhosin_hook_execute();	518	suhosin_hook_execute();
519		519
520	// suhosin_hook_memory_limit();	520	suhosin_hook_memory_limit();
521	// suhosin_hook_sha256();	521	// suhosin_hook_sha256();
522		522
523	return SUCCESS;	523	return SUCCESS;


diff --git a/tests/executor/memory_limit.phpt b/tests/executor/memory_limit.phpt new file mode 100644 index 0000000..404ab19 --- /dev/null +++ b/tests/executor/memory_limit.phpt
@@ -0,0 +1,29 @@
		1	--TEST--
		2	memory_limit test: set suhosin hard_limit to normal limit
		3	--SKIPIF--
		4	<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; ?>
		5	--INI--
		6	memory_limit=16M
		7	suhosin.memory_limit=0
		8	suhosin.log.syslog=0
		9	suhosin.log.script=0
		10	suhosin.log.sapi=2
		11	--FILE--
		12	<?php
		13	ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
		14	ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
		15	ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
		16	ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
		17	ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
		18	ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
		19	?>
		20	--EXPECTF--
		21	13M
		22	14M
		23	15M
		24	16M
		25	ALERT - script tried to increase memory_limit to 17825792 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 6)
		26	16M
		27	ALERT - script tried to increase memory_limit to 18874368 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7)
		28	16M
		29


diff --git a/tests/executor/memory_limit_64bit.phpt b/tests/executor/memory_limit_64bit.phpt new file mode 100644 index 0000000..35be80b --- /dev/null +++ b/tests/executor/memory_limit_64bit.phpt
@@ -0,0 +1,43 @@
		1	--TEST--
		2	memory_limit test: set suhosin hard_limit to normal limit (64 bit)
		3	--SKIPIF--
		4	<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support";
		5	else if (PHP_INT_SIZE != 8) print "skip This is not a 64 bit system";
		6	?>
		7	--INI--
		8	memory_limit=16M
		9	suhosin.memory_limit=0
		10	suhosin.log.syslog=0
		11	suhosin.log.script=0
		12	suhosin.log.sapi=2
		13	--FILE--
		14	<?php
		15	ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
		16	ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
		17	ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
		18	ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
		19	ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
		20	ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
		21	ini_set("memory_limit", "2G"); echo ini_get("memory_limit"), "\n";
		22	ini_set("memory_limit", "3G"); echo ini_get("memory_limit"), "\n";
		23	ini_set("memory_limit", "4G"); echo ini_get("memory_limit"), "\n";
		24	ini_set("memory_limit", "5G"); echo ini_get("memory_limit"), "\n";
		25	?>
		26	--EXPECTF--
		27	13M
		28	14M
		29	15M
		30	16M
		31	ALERT - script tried to increase memory_limit to 17825792 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 6)
		32	16M
		33	ALERT - script tried to increase memory_limit to 18874368 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7)
		34	16M
		35	ALERT - script tried to increase memory_limit to 2147483648 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 8)
		36	16M
		37	ALERT - script tried to increase memory_limit to 3221225472 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 9)
		38	16M
		39	ALERT - script tried to increase memory_limit to 4294967296 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 10)
		40	16M
		41	ALERT - script tried to increase memory_limit to 5368709120 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 11)
		42	16M
		43


diff --git a/tests/executor/memory_limit_64bit_10G.phpt b/tests/executor/memory_limit_64bit_10G.phpt new file mode 100644 index 0000000..284db50 --- /dev/null +++ b/tests/executor/memory_limit_64bit_10G.phpt
@@ -0,0 +1,36 @@
		1	--TEST--
		2	memory_limit test: set suhosin hard_limit to normal limit (64 bit) - 10 GB
		3	--SKIPIF--
		4	<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support";
		5	else if (PHP_INT_SIZE != 8) print "skip This is not a 64 bit system";
		6	?>
		7	--INI--
		8	memory_limit=10G
		9	suhosin.memory_limit=0
		10	suhosin.log.syslog=0
		11	suhosin.log.script=0
		12	suhosin.log.sapi=2
		13	--FILE--
		14	<?php
		15	ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
		16	ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
		17	ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
		18	ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
		19	ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
		20	ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
		21	ini_set("memory_limit", "2G"); echo ini_get("memory_limit"), "\n";
		22	ini_set("memory_limit", "3G"); echo ini_get("memory_limit"), "\n";
		23	ini_set("memory_limit", "4G"); echo ini_get("memory_limit"), "\n";
		24	ini_set("memory_limit", "5G"); echo ini_get("memory_limit"), "\n";
		25	?>
		26	--EXPECTF--
		27	13M
		28	14M
		29	15M
		30	16M
		31	17M
		32	18M
		33	2G
		34	3G
		35	4G
		36	5G


diff --git a/tests/executor/memory_limit_negative.phpt b/tests/executor/memory_limit_negative.phpt new file mode 100644 index 0000000..7fad546 --- /dev/null +++ b/tests/executor/memory_limit_negative.phpt
@@ -0,0 +1,18 @@
		1	--TEST--
		2	memory_limit test: trying to set memory_limit to a negative value
		3	--SKIPIF--
		4	<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; ?>
		5	--INI--
		6	memory_limit=16M
		7	suhosin.memory_limit=17M
		8	suhosin.log.syslog=0
		9	suhosin.log.script=0
		10	suhosin.log.sapi=2
		11	--FILE--
		12	<?php
		13	ini_set("memory_limit", "-200000"); echo ini_get("memory_limit"), "\n";
		14	?>
		15	--EXPECTF--
		16	ALERT - script tried to disable memory_limit by setting it to a negative value -%d bytes which is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
		17	16M
		18


diff --git a/tests/executor/memory_limit_other_hardlimit.phpt b/tests/executor/memory_limit_other_hardlimit.phpt new file mode 100644 index 0000000..cac11dc --- /dev/null +++ b/tests/executor/memory_limit_other_hardlimit.phpt
@@ -0,0 +1,28 @@
		1	--TEST--
		2	memory_limit test: set suhosin hard_limit to normal limit + 1M
		3	--SKIPIF--
		4	<?php if (!function_exists("memory_get_usage")) print "skip PHP not compiled with memory_limit support"; ?>
		5	--INI--
		6	memory_limit=16M
		7	suhosin.memory_limit=17M
		8	suhosin.log.syslog=0
		9	suhosin.log.script=0
		10	suhosin.log.sapi=2
		11	--FILE--
		12	<?php
		13	ini_set("memory_limit", "13M"); echo ini_get("memory_limit"), "\n";
		14	ini_set("memory_limit", "14M"); echo ini_get("memory_limit"), "\n";
		15	ini_set("memory_limit", "15M"); echo ini_get("memory_limit"), "\n";
		16	ini_set("memory_limit", "16M"); echo ini_get("memory_limit"), "\n";
		17	ini_set("memory_limit", "17M"); echo ini_get("memory_limit"), "\n";
		18	ini_set("memory_limit", "18M"); echo ini_get("memory_limit"), "\n";
		19	?>
		20	--EXPECTF--
		21	13M
		22	14M
		23	15M
		24	16M
		25	17M
		26	ALERT - script tried to increase memory_limit to %d bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7)
		27	17M
		28