summaryrefslogtreecommitdiff
path: root/suhosin7.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2016-02-24 00:36:35 +0100
committerBen Fuhrmannek2016-02-24 00:36:35 +0100
commit346455c6b5716c8ce095235428614e15c0adf13e (patch)
treeaaa648869e88287ed34c6d36cc06474d062b4b32 /suhosin7.c
parent35b7c9a0e3f8a0daf1718a8ba9889a2aec24dc84 (diff)
cookie encryption
Diffstat (limited to 'suhosin7.c')
-rw-r--r--suhosin7.c84
1 files changed, 63 insertions, 21 deletions
diff --git a/suhosin7.c b/suhosin7.c
index 9ed1eca..3b84767 100644
--- a/suhosin7.c
+++ b/suhosin7.c
@@ -1,8 +1,9 @@
1/* 1/*
2 +----------------------------------------------------------------------+ 2 +----------------------------------------------------------------------+
3 | PHP Version 7 | 3 | Suhosin Version 1 |
4 +----------------------------------------------------------------------+ 4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2015 The PHP Group | 5 | Copyright (c) 2006-2007 The Hardened-PHP Project |
6 | Copyright (c) 2007-2016 SektionEins GmbH |
6 +----------------------------------------------------------------------+ 7 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, | 8 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is | 9 | that is bundled with this package in the file LICENSE, and is |
@@ -12,7 +13,8 @@
12 | obtain it through the world-wide-web, please send a note to | 13 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. | 14 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+ 15 +----------------------------------------------------------------------+
15 | Author: | 16 | Authors: Stefan Esser <sesser@sektioneins.de> |
17 | Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de> |
16 +----------------------------------------------------------------------+ 18 +----------------------------------------------------------------------+
17*/ 19*/
18 20
@@ -270,16 +272,10 @@ DEF_LOG_UPDATER(OnUpdateSuhosin_log_stdout, log_stdout, "suhosin.log.stdout")
270 STD_PHP_INI_ENTRY(name, default_value, modifiable, on_modify, property_name, zend_suhosin7_globals, suhosin7_globals) 272 STD_PHP_INI_ENTRY(name, default_value, modifiable, on_modify, property_name, zend_suhosin7_globals, suhosin7_globals)
271#define STD_S7_INI_BOOLEAN(name, default_value, modifiable, on_modify, property_name) \ 273#define STD_S7_INI_BOOLEAN(name, default_value, modifiable, on_modify, property_name) \
272 STD_PHP_INI_BOOLEAN(name, default_value, modifiable, on_modify, property_name, zend_suhosin7_globals, suhosin7_globals) 274 STD_PHP_INI_BOOLEAN(name, default_value, modifiable, on_modify, property_name, zend_suhosin7_globals, suhosin7_globals)
273// #define STD_S7_INI_LIST(name, modifiable, )
274 275
275/* {{{ PHP_INI 276/* {{{ PHP_INI
276 */ 277 */
277PHP_INI_BEGIN() 278PHP_INI_BEGIN()
278 // STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin7_globals, suhosin7_globals)
279 // STD_S7_INI_BOOLEAN("suhosin.cookie.cryptkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin7_globals, suhosin7_globals)
280 // STD_S7_INI_ENTRY("suhosin.global_value", "42", PHP_INI_ALL, OnUpdateLong, global_value, zend_suhosin7_globals, suhosin7_globals)
281 // STD_S7_INI_ENTRY("suhosin.global_string", "foobar", PHP_INI_ALL, OnUpdateString, global_string, zend_suhosin7_globals, suhosin7_globals)
282
283 PHP_INI_ENTRY("suhosin.perdir", "0", PHP_INI_SYSTEM, OnUpdateSuhosin_perdir) 279 PHP_INI_ENTRY("suhosin.perdir", "0", PHP_INI_SYSTEM, OnUpdateSuhosin_perdir)
284 // PHP_INI_ENTRY("suhosin.log.syslog", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog) 280 // PHP_INI_ENTRY("suhosin.log.syslog", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog)
285 // PHP_INI_ENTRY("suhosin.log.syslog.facility", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog_facility) 281 // PHP_INI_ENTRY("suhosin.log.syslog.facility", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog_facility)
@@ -311,14 +307,14 @@ PHP_INI_BEGIN()
311 STD_S7_INI_ENTRY("suhosin.executor.max_depth", "750", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecLong, max_execution_depth) 307 STD_S7_INI_ENTRY("suhosin.executor.max_depth", "750", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecLong, max_execution_depth)
312 // 308 //
313 // 309 //
314 // STD_S7_INI_BOOLEAN("suhosin.multiheader", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader) 310 STD_S7_INI_BOOLEAN("suhosin.multiheader", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader)
315 // STD_S7_INI_ENTRY("suhosin.mail.protect", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, mailprotect) 311 // STD_S7_INI_ENTRY("suhosin.mail.protect", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, mailprotect)
316 // STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit) 312 // STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit)
317 // STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation) 313 // STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation)
318 // STD_S7_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action) 314 // STD_S7_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action)
319 // 315 //
320 // STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey) 316 STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey)
321 // STD_S7_INI_BOOLEAN("suhosin.coredump", "0", PHP_INI_SYSTEM, OnUpdateBool, coredump) 317 STD_S7_INI_BOOLEAN("suhosin.coredump", "0", PHP_INI_SYSTEM, OnUpdateBool, coredump)
322 // STD_S7_INI_BOOLEAN("suhosin.stealth", "1", PHP_INI_SYSTEM, OnUpdateBool, stealth) 318 // STD_S7_INI_BOOLEAN("suhosin.stealth", "1", PHP_INI_SYSTEM, OnUpdateBool, stealth)
323 // STD_S7_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", PHP_INI_SYSTEM, OnUpdateBool, apc_bug_workaround) 319 // STD_S7_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", PHP_INI_SYSTEM, OnUpdateBool, apc_bug_workaround)
324 STD_S7_INI_BOOLEAN("suhosin.disable.display_errors", "0", PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors) 320 STD_S7_INI_BOOLEAN("suhosin.disable.display_errors", "0", PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors)
@@ -399,15 +395,15 @@ PHP_INI_BEGIN()
399#endif /* HAVE_PHP_SESSION */ 395#endif /* HAVE_PHP_SESSION */
400 396
401 397
402 // STD_S7_INI_BOOLEAN("suhosin.cookie.encrypt", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_encrypt) 398 STD_S7_INI_BOOLEAN("suhosin.cookie.encrypt", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_encrypt)
403 // STD_S7_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieString, cookie_cryptkey) 399 STD_S7_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieString, cookie_cryptkey)
404 // STD_S7_INI_BOOLEAN("suhosin.cookie.cryptua", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_cryptua) 400 STD_S7_INI_BOOLEAN("suhosin.cookie.cryptua", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_cryptua)
405 // STD_S7_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_cryptdocroot) 401 STD_S7_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_cryptdocroot)
406 // STD_S7_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, cookie_cryptraddr) 402 STD_S7_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, cookie_cryptraddr)
407 // STD_S7_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, cookie_checkraddr) 403 STD_S7_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, cookie_checkraddr)
408 PHP_INI_ENTRY("suhosin.cookie.cryptlist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_cookie_cryptlist) 404 PHP_INI_ENTRY("suhosin.cookie.cryptlist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_cookie_cryptlist)
409 PHP_INI_ENTRY("suhosin.cookie.plainlist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_cookie_plainlist) 405 PHP_INI_ENTRY("suhosin.cookie.plainlist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_cookie_plainlist)
410 // 406 //
411 STD_S7_INI_BOOLEAN("suhosin.server.encode", "1", PHP_INI_SYSTEM, OnUpdateBool, server_encode) 407 STD_S7_INI_BOOLEAN("suhosin.server.encode", "1", PHP_INI_SYSTEM, OnUpdateBool, server_encode)
412 STD_S7_INI_BOOLEAN("suhosin.server.strip", "1", PHP_INI_SYSTEM, OnUpdateBool, server_strip) 408 STD_S7_INI_BOOLEAN("suhosin.server.strip", "1", PHP_INI_SYSTEM, OnUpdateBool, server_strip)
413 // 409 //
@@ -511,11 +507,17 @@ PHP_MINIT_FUNCTION(suhosin7)
511 zend_string_release(val0); 507 zend_string_release(val0);
512 } 508 }
513 509
510 // init
511 suhosin_aes_gentables();
512
514 // hooks 513 // hooks
515 // suhosin_hook_memory_limit();
516 suhosin_hook_treat_data(); 514 suhosin_hook_treat_data();
517 suhosin_hook_execute(); 515 suhosin_hook_input_filter();
518 suhosin_hook_register_server_variables(); 516 suhosin_hook_register_server_variables();
517 suhosin_hook_header_handler();
518 suhosin_hook_execute();
519
520 // suhosin_hook_memory_limit();
519 // suhosin_hook_sha256(); 521 // suhosin_hook_sha256();
520 522
521 return SUCCESS; 523 return SUCCESS;
@@ -538,6 +540,9 @@ PHP_MSHUTDOWN_FUNCTION(suhosin7)
538PHP_RINIT_FUNCTION(suhosin7) 540PHP_RINIT_FUNCTION(suhosin7)
539{ 541{
540 SDEBUG("(RINIT)"); 542 SDEBUG("(RINIT)");
543 SUHOSIN7_G(in_code_type) = SUHOSIN_NORMAL;
544 SUHOSIN7_G(execution_depth) = 0;
545
541 return SUCCESS; 546 return SUCCESS;
542} 547}
543/* }}} */ 548/* }}} */
@@ -548,6 +553,43 @@ PHP_RINIT_FUNCTION(suhosin7)
548PHP_RSHUTDOWN_FUNCTION(suhosin7) 553PHP_RSHUTDOWN_FUNCTION(suhosin7)
549{ 554{
550 SDEBUG("(RSHUTDOWN)"); 555 SDEBUG("(RSHUTDOWN)");
556 /* We need to clear the input filtering
557 variables in the request shutdown
558 because input filtering is done before
559 RINIT */
560
561 SUHOSIN7_G(cur_request_variables) = 0;
562 SUHOSIN7_G(cur_cookie_vars) = 0;
563 SUHOSIN7_G(cur_get_vars) = 0;
564 SUHOSIN7_G(cur_post_vars) = 0;
565 SUHOSIN7_G(att_request_variables) = 0;
566 SUHOSIN7_G(att_cookie_vars) = 0;
567 SUHOSIN7_G(att_get_vars) = 0;
568 SUHOSIN7_G(att_post_vars) = 0;
569 // SUHOSIN7_G(num_uploads) = 0;
570
571 SUHOSIN7_G(no_more_variables) = 0;
572 SUHOSIN7_G(no_more_get_variables) = 0;
573 SUHOSIN7_G(no_more_post_variables) = 0;
574 SUHOSIN7_G(no_more_cookie_variables) = 0;
575 SUHOSIN7_G(no_more_uploads) = 0;
576
577 SUHOSIN7_G(abort_request) = 0;
578
579 // if (SUHOSIN7_G(reseed_every_request)) {
580 // SUHOSIN7_G(r_is_seeded) = 0;
581 // SUHOSIN7_G(mt_is_seeded) = 0;
582 // }
583
584 if (SUHOSIN7_G(decrypted_cookie)) {
585 efree(SUHOSIN7_G(decrypted_cookie));
586 SUHOSIN7_G(decrypted_cookie)=NULL;
587 }
588 if (SUHOSIN7_G(raw_cookie)) {
589 efree(SUHOSIN7_G(raw_cookie));
590 SUHOSIN7_G(raw_cookie)=NULL;
591 }
592
551 return SUCCESS; 593 return SUCCESS;
552} 594}
553/* }}} */ 595/* }}} */