summaryrefslogtreecommitdiff
path: root/suhosin7.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2016-01-29 13:55:22 +0100
committerBen Fuhrmannek2016-01-29 13:55:22 +0100
commitd209a0a5962e62de134b56495349028e1fa97f76 (patch)
treee720aa57d4677c9b2f64e36b268bdcebf4a8220d /suhosin7.c
parent39d0c84c8467ccd2272d10c858f8f746c26904c4 (diff)
code cleanup for a fresh start
Diffstat (limited to 'suhosin7.c')
-rw-r--r--suhosin7.c421
1 files changed, 386 insertions, 35 deletions
diff --git a/suhosin7.c b/suhosin7.c
index ebea5ab..4aa755d 100644
--- a/suhosin7.c
+++ b/suhosin7.c
@@ -34,15 +34,344 @@
34ZEND_DECLARE_MODULE_GLOBALS(suhosin7) 34ZEND_DECLARE_MODULE_GLOBALS(suhosin7)
35 35
36/* True global resources - no need for thread safety here */ 36/* True global resources - no need for thread safety here */
37static int le_suhosin7; 37// static int le_suhosin7;
38
39/* ------------------------------------------------------------------------ */
40/* PERDIR CHECKS */
41#define PERDIR_CHECK(lower) \
42 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \
43 return FAILURE; \
44 }
45
46#define LOG_PERDIR_CHECK() PERDIR_CHECK(log)
47#define EXEC_PERDIR_CHECK() PERDIR_CHECK(exec)
48#define MISC_PERDIR_CHECK() PERDIR_CHECK(misc)
49#define GET_PERDIR_CHECK() PERDIR_CHECK(get)
50#define POST_PERDIR_CHECK() PERDIR_CHECK(post)
51#define COOKIE_PERDIR_CHECK() PERDIR_CHECK(cookie)
52#define REQUEST_PERDIR_CHECK() PERDIR_CHECK(request)
53#define UPLOAD_PERDIR_CHECK() PERDIR_CHECK(upload)
54#define SQL_PERDIR_CHECK() PERDIR_CHECK(sql)
55
56#define dohandler(handler, name, lower) \
57 static ZEND_INI_MH(OnUpdate ## name ## handler) \
58 { \
59 PERDIR_CHECK(lower) \
60 return OnUpdate ## handler (entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); \
61 } \
62
63#define dohandlers(name, lower) \
64 dohandler(Bool, name, lower) \
65 dohandler(String, name, lower) \
66 dohandler(Long, name, lower) \
67
68dohandlers(Log, log)
69dohandlers(Exec, exec)
70dohandlers(Misc, misc)
71dohandlers(Get, get)
72dohandlers(Post, post)
73dohandlers(Cookie, cookie)
74dohandlers(Request, request)
75dohandlers(Upload, upload)
76dohandlers(SQL, sql)
77
78
79/* ------------------------------------------------------------------------ */
80#define PERDIR_CASE(l, U, name) \
81 case l: \
82 case U: \
83 SUHOSIN7_G(name ## _perdir) = 1; \
84 break;
85
86static ZEND_INI_MH(OnUpdateSuhosin_perdir)
87{
88 char *tmp;
89
90 if (SUHOSIN_G(perdir)) {
91 pefree(SUHOSIN_G(perdir), 1);
92 }
93 SUHOSIN_G(perdir) = NULL;
94
95 /* Initialize the perdir flags */
96 SUHOSIN_G(log_perdir) = 0;
97 SUHOSIN_G(exec_perdir) = 0;
98 SUHOSIN_G(misc_perdir) = 0;
99 SUHOSIN_G(get_perdir) = 0;
100 SUHOSIN_G(post_perdir) = 0;
101 SUHOSIN_G(cookie_perdir) = 0;
102 SUHOSIN_G(request_perdir) = 0;
103 SUHOSIN_G(upload_perdir) = 0;
104 SUHOSIN_G(sql_perdir) = 0;
105
106 if (new_value == NULL) {
107 return SUCCESS;
108 }
109
110 tmp = SUHOSIN_G(perdir) = pestrdup(ZSTR_VAL(new_value), 1);
111
112 /* trim the whitespace */
113 while (isspace(*tmp)) tmp++;
114
115 /* should we deactivate perdir completely? */
116 if (*tmp == 0 || *tmp == '0') {
117 return SUCCESS;
118 }
119
120 /* no deactivation so check the flags */
121 while (*tmp) {
122 switch (*tmp) {
123 PERDIR_CASE('l', 'L', log)
124 PERDIR_CASE('e', 'E', exec)
125 PERDIR_CASE('g', 'G', get)
126 PERDIR_CASE('c', 'C', cookie)
127 PERDIR_CASE('p', 'P', post)
128 PERDIR_CASE('r', 'R', request)
129 PERDIR_CASE('s', 'S', sql)
130 PERDIR_CASE('u', 'U', upload)
131 PERDIR_CASE('m', 'M', misc)
132 }
133 tmp++;
134 }
135 return SUCCESS;
136}
137
138static void parse_list(HashTable **ht, char *list, zend_bool lc)
139{
140 char *s = NULL, *e, *val;
141 // unsigned long dummy = 1;
142
143 if (list == NULL) {
144list_destroy:
145 if (*ht) {
146 zend_hash_destroy(*ht);
147 pefree(*ht, 1);
148 }
149 *ht = NULL;
150 return;
151 }
152 while (*list == ' ' || *list == '\t') list++;
153 if (*list == 0) {
154 goto list_destroy;
155 }
156
157 *ht = pemalloc(sizeof(HashTable), 1);
158 zend_hash_init(*ht, 5, NULL, NULL, 1);
159
160 val = estrndup(list, strlen(list));
161 if (lc) {
162 zend_str_tolower(val, strlen(list));
163 }
164
165 e = val;
166
167 while (*e) {
168 switch (*e) {
169 case ' ':
170 case ',':
171 if (s) {
172 *e = '\0';
173 zend_hash_str_add_empty_element(*ht, s, e-s);
174 // zend_hash_str_add(*ht, s, e-s, &dummy, sizeof(unsigned long), NULL);
175 s = NULL;
176 }
177 break;
178 default:
179 if (!s) {
180 s = e;
181 }
182 break;
183 }
184 e++;
185 }
186 if (s) {
187 // zend_hash_str_add(*ht, s, e-s, &dummy, sizeof(unsigned long), NULL);
188 zend_hash_str_add_empty_element(*ht, s, e-s);
189 }
190 efree(val);
191
192}
193
194#define S7_INI_MH_EXECLIST(name) \
195static ZEND_INI_MH(OnUpdateSuhosin_ ## name) \
196{ \
197 EXEC_PERDIR_CHECK(); \
198 parse_list(&SUHOSIN_G(name), ZSTR_VAL(new_value), 1); \
199 return SUCCESS; \
200}
201S7_INI_MH_EXECLIST(include_whitelist)
202S7_INI_MH_EXECLIST(include_blacklist)
203S7_INI_MH_EXECLIST(eval_whitelist)
204S7_INI_MH_EXECLIST(eval_blacklist)
205S7_INI_MH_EXECLIST(func_whitelist)
206S7_INI_MH_EXECLIST(func_blacklist)
207
208static ZEND_INI_MH(OnUpdateSuhosin_cookie_cryptlist)
209{
210 COOKIE_PERDIR_CHECK();
211 parse_list(&SUHOSIN_G(cookie_cryptlist), ZSTR_VAL(new_value), 0);
212 return SUCCESS;
213}
214
215static ZEND_INI_MH(OnUpdateSuhosin_cookie_plainlist)
216{
217 COOKIE_PERDIR_CHECK();
218 parse_list(&SUHOSIN_G(cookie_plainlist), ZSTR_VAL(new_value), 0);
219 return SUCCESS;
220}
221
222/* ------------------------------------------------------------------------ */
223
224#define STD_S7_INI_ENTRY(name, default_value, modifiable, on_modify, property_name) \
225 STD_PHP_INI_ENTRY(name, default_value, modifiable, on_modify, property_name, zend_suhosin7_globals, suhosin7_globals)
226#define STD_S7_INI_BOOLEAN(name, default_value, modifiable, on_modify, property_name) \
227 STD_PHP_INI_BOOLEAN(name, default_value, modifiable, on_modify, property_name, zend_suhosin7_globals, suhosin7_globals)
228// #define STD_S7_INI_LIST(name, modifiable, )
38 229
39/* {{{ PHP_INI 230/* {{{ PHP_INI
40 */ 231 */
41PHP_INI_BEGIN() 232PHP_INI_BEGIN()
42 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin7_globals, suhosin7_globals) 233 // STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin7_globals, suhosin7_globals)
43 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin7_globals, suhosin7_globals) 234 // STD_S7_INI_BOOLEAN("suhosin.cookie.cryptkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin7_globals, suhosin7_globals)
44 STD_PHP_INI_ENTRY("suhosin.global_value", "42", PHP_INI_ALL, OnUpdateLong, global_value, zend_suhosin7_globals, suhosin7_globals) 235 // STD_S7_INI_ENTRY("suhosin.global_value", "42", PHP_INI_ALL, OnUpdateLong, global_value, zend_suhosin7_globals, suhosin7_globals)
45 STD_PHP_INI_ENTRY("suhosin.global_string", "foobar", PHP_INI_ALL, OnUpdateString, global_string, zend_suhosin7_globals, suhosin7_globals) 236 // STD_S7_INI_ENTRY("suhosin.global_string", "foobar", PHP_INI_ALL, OnUpdateString, global_string, zend_suhosin7_globals, suhosin7_globals)
237
238 PHP_INI_ENTRY("suhosin.perdir", "0", PHP_INI_SYSTEM, OnUpdateSuhosin_perdir)
239 // PHP_INI_ENTRY("suhosin.log.syslog", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog)
240 // PHP_INI_ENTRY("suhosin.log.syslog.facility", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog_facility)
241 // PHP_INI_ENTRY("suhosin.log.syslog.priority", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_syslog_priority)
242 // PHP_INI_ENTRY("suhosin.log.sapi", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_sapi)
243 // PHP_INI_ENTRY("suhosin.log.stdout", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_stdout)
244 // PHP_INI_ENTRY("suhosin.log.script", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_script)
245 // PHP_INI_ENTRY("suhosin.log.script.name", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_scriptname)
246 // STD_S7_INI_BOOLEAN("suhosin.log.use-x-forwarded-for", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLogBool, log_use_x_forwarded_for)
247 // PHP_INI_ENTRY("suhosin.log.phpscript", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_phpscript)
248 // STD_S7_INI_ENTRY("suhosin.log.phpscript.name", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLogString, log_phpscriptname)
249 // PHP_INI_ENTRY("suhosin.log.file", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_log_file)
250 // STD_S7_INI_ENTRY("suhosin.log.file.name", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLogString, log_filename)
251 // STD_S7_INI_BOOLEAN("suhosin.log.file.time", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLogBool, log_file_time)
252 // STD_S7_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe)
253
254 // STD_S7_INI_ENTRY("suhosin.executor.include.max_traversal", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal)
255 PHP_INI_ENTRY("suhosin.executor.include.whitelist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_include_whitelist)
256 PHP_INI_ENTRY("suhosin.executor.include.blacklist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_include_blacklist)
257 // STD_S7_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files)
258 PHP_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_eval_whitelist)
259 PHP_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_eval_blacklist)
260 PHP_INI_ENTRY("suhosin.executor.func.whitelist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_func_whitelist)
261 PHP_INI_ENTRY("suhosin.executor.func.blacklist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_func_blacklist)
262 // STD_S7_INI_BOOLEAN("suhosin.executor.disable_eval", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecBool, executor_disable_eval)
263 // STD_S7_INI_BOOLEAN("suhosin.executor.disable_emodifier", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecBool, executor_disable_emod)
264 //
265 // STD_S7_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink)
266 // STD_S7_INI_ENTRY("suhosin.executor.max_depth", "750", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateExecLong, max_execution_depth)
267 //
268 //
269 // STD_S7_INI_BOOLEAN("suhosin.multiheader", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader)
270 // STD_S7_INI_ENTRY("suhosin.mail.protect", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, mailprotect)
271 // STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit)
272 // STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation)
273 // STD_S7_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action)
274 //
275 // STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey)
276 // STD_S7_INI_BOOLEAN("suhosin.coredump", "0", PHP_INI_SYSTEM, OnUpdateBool, coredump)
277 // STD_S7_INI_BOOLEAN("suhosin.stealth", "1", PHP_INI_SYSTEM, OnUpdateBool, stealth)
278 // STD_S7_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", PHP_INI_SYSTEM, OnUpdateBool, apc_bug_workaround)
279 // STD_S7_INI_BOOLEAN("suhosin.disable.display_errors", "0", PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors)
280
281
282 //
283 // STD_S7_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables)
284 // STD_S7_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length)
285 // STD_S7_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length)
286 // STD_S7_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth)
287 // STD_S7_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length)
288 // STD_S7_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length)
289 // STD_S7_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestString, array_index_whitelist)
290 // STD_S7_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestString, array_index_blacklist)
291 // STD_S7_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul)
292 // STD_S7_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws)
293 //
294 // STD_S7_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars)
295 // STD_S7_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length)
296 // STD_S7_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length)
297 // STD_S7_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length)
298 // STD_S7_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth)
299 // STD_S7_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length)
300 // STD_S7_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul)
301 // STD_S7_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws)
302 //
303 // STD_S7_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars)
304 // STD_S7_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length)
305 // STD_S7_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length)
306 // STD_S7_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length)
307 // STD_S7_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth)
308 // STD_S7_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length)
309 // STD_S7_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul)
310 // STD_S7_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws)
311 //
312 // STD_S7_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars)
313 // STD_S7_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length)
314 // STD_S7_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length)
315 // STD_S7_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length)
316 // STD_S7_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth)
317 // STD_S7_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length)
318 // STD_S7_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul)
319 // STD_S7_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws)
320 //
321 // STD_S7_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit)
322 // STD_S7_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines)
323 // STD_S7_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf)
324 // STD_S7_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary)
325 // STD_S7_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary)
326#ifdef SUHOSIN_EXPERIMENTAL
327 // STD_S7_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8)
328#endif
329 // STD_S7_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script)
330
331
332 // STD_S7_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error)
333 // STD_S7_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix)
334 // STD_S7_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix)
335 // STD_S7_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match)
336 // STD_S7_INI_ENTRY("suhosin.sql.comment", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_comment)
337 // STD_S7_INI_ENTRY("suhosin.sql.opencomment", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_opencomment)
338 // STD_S7_INI_ENTRY("suhosin.sql.multiselect", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_mselect)
339 // STD_S7_INI_ENTRY("suhosin.sql.union", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_union)
340
341#ifdef HAVE_PHP_SESSION
342 // STD_S7_INI_BOOLEAN("suhosin.session.encrypt", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_encrypt)
343 // STD_S7_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey)
344 // STD_S7_INI_BOOLEAN("suhosin.session.cryptua", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_cryptua)
345 // STD_S7_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot)
346 // STD_S7_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr)
347 // STD_S7_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr)
348 // STD_S7_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length)
349#else /* HAVE_PHP_SESSION */
350#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT. THIS IS A BAD IDEA!
351#ifndef SUHOSIN_WITHOUT_SESSION
352#error Please recompile with -DSUHOSIN_WITHOUT_SESSION if you really know what you are doing.
353#endif
354#endif /* HAVE_PHP_SESSION */
355
356
357 // STD_S7_INI_BOOLEAN("suhosin.cookie.encrypt", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_encrypt)
358 // STD_S7_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieString, cookie_cryptkey)
359 // STD_S7_INI_BOOLEAN("suhosin.cookie.cryptua", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_cryptua)
360 // STD_S7_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateCookieBool, cookie_cryptdocroot)
361 // STD_S7_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, cookie_cryptraddr)
362 // STD_S7_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, cookie_checkraddr)
363 PHP_INI_ENTRY("suhosin.cookie.cryptlist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_cookie_cryptlist)
364 PHP_INI_ENTRY("suhosin.cookie.plainlist", NULL, PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateSuhosin_cookie_plainlist)
365 //
366 // STD_S7_INI_BOOLEAN("suhosin.server.encode", "1", PHP_INI_SYSTEM, OnUpdateBool, server_encode)
367 // STD_S7_INI_BOOLEAN("suhosin.server.strip", "1", PHP_INI_SYSTEM, OnUpdateBool, server_strip)
368 //
369 // STD_S7_INI_ENTRY("suhosin.rand.seedingkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, seedingkey)
370 // STD_S7_INI_BOOLEAN("suhosin.rand.reseed_every_request", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, reseed_every_request)
371 // STD_S7_INI_BOOLEAN("suhosin.srand.ignore", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, srand_ignore)
372 // STD_S7_INI_BOOLEAN("suhosin.mt_srand.ignore", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscBool, mt_srand_ignore)
373
374
46PHP_INI_END() 375PHP_INI_END()
47/* }}} */ 376/* }}} */
48 377
@@ -61,6 +390,24 @@ static void php_suhosin7_init_globals(zend_suhosin7_globals *suhosin7_globals)
61 */ 390 */
62PHP_MINIT_FUNCTION(suhosin7) 391PHP_MINIT_FUNCTION(suhosin7)
63{ 392{
393 SDEBUG("(MINIT)");
394 ZEND_INIT_MODULE_GLOBALS(suhosin7, php_suhosin7_init_globals, NULL);
395
396 /* only register constants if they have not previously been registered by a patched PHP */
397 // if (zend_hash_str_exists(EG(zend_constants), "S_MEMORY", sizeof("S_MEMORY"))==0) {
398 REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS);
399 REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS);
400 REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS);
401 REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS);
402 REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS);
403 REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS);
404 REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS);
405 REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS);
406 REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS);
407 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
408 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
409 // }
410
64 REGISTER_INI_ENTRIES(); 411 REGISTER_INI_ENTRIES();
65 return SUCCESS; 412 return SUCCESS;
66} 413}
@@ -70,6 +417,7 @@ PHP_MINIT_FUNCTION(suhosin7)
70 */ 417 */
71PHP_MSHUTDOWN_FUNCTION(suhosin7) 418PHP_MSHUTDOWN_FUNCTION(suhosin7)
72{ 419{
420 SDEBUG("(MSHUTDOWN)");
73 UNREGISTER_INI_ENTRIES(); 421 UNREGISTER_INI_ENTRIES();
74 return SUCCESS; 422 return SUCCESS;
75} 423}
@@ -80,6 +428,7 @@ PHP_MSHUTDOWN_FUNCTION(suhosin7)
80 */ 428 */
81PHP_RINIT_FUNCTION(suhosin7) 429PHP_RINIT_FUNCTION(suhosin7)
82{ 430{
431 SDEBUG("(RINIT)");
83#if defined(COMPILE_DL_SUHOSIN7) && defined(ZTS) 432#if defined(COMPILE_DL_SUHOSIN7) && defined(ZTS)
84 ZEND_TSRMLS_CACHE_UPDATE(); 433 ZEND_TSRMLS_CACHE_UPDATE();
85#endif 434#endif
@@ -92,15 +441,17 @@ PHP_RINIT_FUNCTION(suhosin7)
92 */ 441 */
93PHP_RSHUTDOWN_FUNCTION(suhosin7) 442PHP_RSHUTDOWN_FUNCTION(suhosin7)
94{ 443{
444 SDEBUG("(RSHUTDOWN)");
445
95 return SUCCESS; 446 return SUCCESS;
96} 447}
97/* }}} */ 448/* }}} */
98 449
99/* {{{ suhosin_ini_displayer(zend_ini_entry *ini_entry, int type) 450/* {{{ suhosin_ini_displayer(PHP_INI_ENTRY *ini_entry, int type)
100 */ 451 */
101static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type) 452static void suhosin_ini_displayer(php_ini_entry *ini_entry, int type)
102{ 453{
103 PHPWRITE("[ protected ]", strlen("[ protected ]")); 454 PHPWRITE("[ protected ]", strlen("[ protected ]"));
104} 455}
105/* }}} */ 456/* }}} */
106 457
@@ -126,42 +477,42 @@ PHP_MINFO_FUNCTION(suhosin7)
126 PUTS(!sapi_module.phpinfo_as_text?"<br /><br />":"\n\n"); 477 PUTS(!sapi_module.phpinfo_as_text?"<br /><br />":"\n\n");
127 if (sapi_module.phpinfo_as_text) { 478 if (sapi_module.phpinfo_as_text) {
128 PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); 479 PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n");
129 PUTS("Copyright (c) 2007-2015 SektionEins GmbH\n"); 480 PUTS("Copyright (c) 2007-2016 SektionEins GmbH\n");
130 } else { 481 } else {
131 PUTS("Copyright (c) 2006-2007 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a><br />\n"); 482 PUTS("Copyright (c) 2006-2007 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a><br />\n");
132 PUTS("Copyright (c) 2007-2015 <a href=\"http://www.sektioneins.de/\">SektionEins GmbH</a>\n"); 483 PUTS("Copyright (c) 2007-2016 <a href=\"http://www.sektioneins.de/\">SektionEins GmbH</a>\n");
133 } 484 }
134 php_info_print_box_end(); 485 php_info_print_box_end();
135 486
136 if (SUHOSIN7_G(protectkey)) { 487 if (SUHOSIN7_G(protectkey)) {
137 zend_ini_entry *i; 488 php_ini_entry *i;
489
490 if ((i=zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("suhosin.cookie.cryptkey")))) {
491 i->displayer = suhosin_ini_displayer;
492 }
493 if ((i=zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("suhosin.session.cryptkey")))) {
494 i->displayer = suhosin_ini_displayer;
495 }
496 if ((i=zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("suhosin.rand.seedingkey")))) {
497 i->displayer = suhosin_ini_displayer;
498 }
499 }
138 500
139 if ((i=zend_hash_str_find_ptr(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey")-1))) {
140 i->displayer = suhosin_ini_displayer;
141 }
142 if ((i=zend_hash_str_find_ptr(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey")-1))) {
143 i->displayer = suhosin_ini_displayer;
144 }
145 if ((i=zend_hash_str_find_ptr(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey")-1))) {
146 i->displayer = suhosin_ini_displayer;
147 }
148 }
149
150 DISPLAY_INI_ENTRIES(); 501 DISPLAY_INI_ENTRIES();
151 502
152 if (SUHOSIN7_G(protectkey)) { 503 if (SUHOSIN7_G(protectkey)) {
153 zend_ini_entry *i; 504 php_ini_entry *i;
154 505
155 if ((i=zend_hash_str_find_ptr(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey")))) { 506 if ((i=zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("suhosin.cookie.cryptkey")))) {
156 i->displayer = NULL; 507 i->displayer = NULL;
157 } 508 }
158 if ((i=zend_hash_str_find_ptr(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey")-1))) { 509 if ((i=zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("suhosin.session.cryptkey")))) {
159 i->displayer = NULL; 510 i->displayer = NULL;
160 } 511 }
161 if ((i=zend_hash_str_find_ptr(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey")-1))) { 512 if ((i=zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("suhosin.rand.seedingkey")))) {
162 i->displayer = NULL; 513 i->displayer = NULL;
163 } 514 }
164 } 515 }
165 516
166} 517}
167/* }}} */ 518/* }}} */