summaryrefslogtreecommitdiff
path: root/execute.c
diff options
context:
space:
mode:
Diffstat (limited to 'execute.c')
-rw-r--r--execute.c181
1 files changed, 90 insertions, 91 deletions
diff --git a/execute.c b/execute.c
index 4b52fe4..698c637 100644
--- a/execute.c
+++ b/execute.c
@@ -17,7 +17,6 @@
17 +----------------------------------------------------------------------+ 17 +----------------------------------------------------------------------+
18*/ 18*/
19 19
20/* $Id: execute.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ */
21// #if 0 20// #if 0
22#ifdef HAVE_CONFIG_H 21#ifdef HAVE_CONFIG_H
23#include "config.h" 22#include "config.h"
@@ -90,13 +89,13 @@ static int match_include_list(HashTable *ht, char *s, size_t slen)
90 h2 = h2 == NULL ? NULL : h2 + 4; 89 h2 = h2 == NULL ? NULL : h2 + 4;
91 char *t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h <= h2) ? h : h2 ) ); 90 char *t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h <= h2) ? h : h2 ) );
92 if (h == NULL) return -1; // no URL 91 if (h == NULL) return -1; // no URL
93 92
94 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { 93 while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
95 t--; 94 t--;
96 } 95 }
97 96
98 size_t tlen = slen - (t - s); 97 size_t tlen = slen - (t - s);
99 98
100 zend_ulong num_key; 99 zend_ulong num_key;
101 zend_string *key; 100 zend_string *key;
102 ZEND_HASH_FOREACH_KEY(ht, num_key, key) { 101 ZEND_HASH_FOREACH_KEY(ht, num_key, key) {
@@ -137,7 +136,7 @@ static int suhosin_check_filename(char *s, int slen)
137 char fname[MAXPATHLEN+1]; 136 char fname[MAXPATHLEN+1];
138 137
139 memcpy(fname, s, slen); 138 memcpy(fname, s, slen);
140 fname[slen] = 0; 139 fname[slen] = 0;
141 s = (char *)fname; 140 s = (char *)fname;
142 char *e = s + slen; 141 char *e = s + slen;
143 142
@@ -145,7 +144,7 @@ static int suhosin_check_filename(char *s, int slen)
145 if (slen != strlen(s)) { 144 if (slen != strlen(s)) {
146 return SUHOSIN_CODE_TYPE_0FILE; 145 return SUHOSIN_CODE_TYPE_0FILE;
147 } 146 }
148 147
149 SDEBUG("fn=%s", s); 148 SDEBUG("fn=%s", s);
150 /* disallow uploaded files */ 149 /* disallow uploaded files */
151 if (SG(rfc1867_uploaded_files)) { 150 if (SG(rfc1867_uploaded_files)) {
@@ -153,7 +152,7 @@ static int suhosin_check_filename(char *s, int slen)
153 return SUHOSIN_CODE_TYPE_UPLOADED; 152 return SUHOSIN_CODE_TYPE_UPLOADED;
154 } 153 }
155 } 154 }
156 155
157 /* count number of directory traversals */ 156 /* count number of directory traversals */
158 int traversal_conut = 0; 157 int traversal_conut = 0;
159 for (int i = 0; i < slen-3; i++) { 158 for (int i = 0; i < slen-3; i++) {
@@ -165,7 +164,7 @@ static int suhosin_check_filename(char *s, int slen)
165 if (SUHOSIN7_G(executor_include_max_traversal) && traversal_conut > SUHOSIN7_G(executor_include_max_traversal)) { 164 if (SUHOSIN7_G(executor_include_max_traversal) && traversal_conut > SUHOSIN7_G(executor_include_max_traversal)) {
166 return SUHOSIN_CODE_TYPE_MANYDOTS; 165 return SUHOSIN_CODE_TYPE_MANYDOTS;
167 } 166 }
168 167
169 SDEBUG("include wl=%p bl=%p", SUHOSIN7_G(include_whitelist), SUHOSIN7_G(include_blacklist)); 168 SDEBUG("include wl=%p bl=%p", SUHOSIN7_G(include_whitelist), SUHOSIN7_G(include_blacklist));
170 /* no black or whitelist then disallow all */ 169 /* no black or whitelist then disallow all */
171 if (SUHOSIN7_G(include_whitelist) == NULL && SUHOSIN7_G(include_blacklist) == NULL) { 170 if (SUHOSIN7_G(include_whitelist) == NULL && SUHOSIN7_G(include_blacklist) == NULL) {
@@ -184,7 +183,7 @@ static int suhosin_check_filename(char *s, int slen)
184 } 183 }
185 } 184 }
186 } 185 }
187 186
188check_filename_skip_lists: 187check_filename_skip_lists:
189 188
190 /* disallow writable files */ 189 /* disallow writable files */
@@ -211,7 +210,7 @@ static void suhosin_check_codetype(zend_ulong code_type, char *filename)
211 } 210 }
212 } 211 }
213 break; 212 break;
214 213
215 // case SUHOSIN_CODE_TYPE_REGEXP: 214 // case SUHOSIN_CODE_TYPE_REGEXP:
216 // if (SUHOSIN7_G(executor_disable_emod)) { 215 // if (SUHOSIN7_G(executor_disable_emod)) {
217 // suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration"); 216 // suhosin_log(S_EXECUTOR|S_GETCALLER, "use of preg_replace() with /e modifier is forbidden by configuration");
@@ -220,7 +219,7 @@ static void suhosin_check_codetype(zend_ulong code_type, char *filename)
220 // } 219 // }
221 // } 220 // }
222 // break; 221 // break;
223 222
224 case SUHOSIN_CODE_TYPE_MBREGEXP: 223 case SUHOSIN_CODE_TYPE_MBREGEXP:
225 if (SUHOSIN7_G(executor_disable_emod)) { 224 if (SUHOSIN7_G(executor_disable_emod)) {
226 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of /e modifier in replace function is forbidden by configuration"); 225 suhosin_log(S_EXECUTOR|S_GETCALLER, "use of /e modifier in replace function is forbidden by configuration");
@@ -229,13 +228,13 @@ static void suhosin_check_codetype(zend_ulong code_type, char *filename)
229 } 228 }
230 } 229 }
231 break; 230 break;
232 231
233 case SUHOSIN_CODE_TYPE_ASSERT: 232 case SUHOSIN_CODE_TYPE_ASSERT:
234 break; 233 break;
235 234
236 case SUHOSIN_CODE_TYPE_CFUNC: 235 case SUHOSIN_CODE_TYPE_CFUNC:
237 break; 236 break;
238 237
239 case SUHOSIN_CODE_TYPE_LONGNAME: 238 case SUHOSIN_CODE_TYPE_LONGNAME:
240 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is too long: %s", filename); 239 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is too long: %s", filename);
241 suhosin_bailout(); 240 suhosin_bailout();
@@ -245,27 +244,27 @@ static void suhosin_check_codetype(zend_ulong code_type, char *filename)
245 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains too many '../': %s", filename); 244 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains too many '../': %s", filename);
246 suhosin_bailout(); 245 suhosin_bailout();
247 break; 246 break;
248 247
249 case SUHOSIN_CODE_TYPE_UPLOADED: 248 case SUHOSIN_CODE_TYPE_UPLOADED:
250 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file"); 249 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file");
251 suhosin_bailout(); 250 suhosin_bailout();
252 break; 251 break;
253 252
254 case SUHOSIN_CODE_TYPE_0FILE: 253 case SUHOSIN_CODE_TYPE_0FILE:
255 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character"); 254 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character");
256 suhosin_bailout(); 255 suhosin_bailout();
257 break; 256 break;
258 257
259 case SUHOSIN_CODE_TYPE_WRITABLE: 258 case SUHOSIN_CODE_TYPE_WRITABLE:
260 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is writable by PHP process: %s", filename); 259 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is writable by PHP process: %s", filename);
261 suhosin_bailout(); 260 suhosin_bailout();
262 break; 261 break;
263 262
264 case SUHOSIN_CODE_TYPE_BLACKURL: 263 case SUHOSIN_CODE_TYPE_BLACKURL:
265 suhosin_log(S_INCLUDE|S_GETCALLER, "Included URL is blacklisted: %s", filename); 264 suhosin_log(S_INCLUDE|S_GETCALLER, "Included URL is blacklisted: %s", filename);
266 suhosin_bailout(); 265 suhosin_bailout();
267 break; 266 break;
268 267
269 case SUHOSIN_CODE_TYPE_BADURL: 268 case SUHOSIN_CODE_TYPE_BADURL:
270 suhosin_log(S_INCLUDE|S_GETCALLER, "Included URL is not allowed: %s", filename); 269 suhosin_log(S_INCLUDE|S_GETCALLER, "Included URL is not allowed: %s", filename);
271 suhosin_bailout(); 270 suhosin_bailout();
@@ -295,11 +294,11 @@ static void suhosin_check_codetype(zend_ulong code_type, char *filename)
295 294
296ZEND_API static int (*old_zend_stream_open)(const char *filename, zend_file_handle *handle) = NULL; 295ZEND_API static int (*old_zend_stream_open)(const char *filename, zend_file_handle *handle) = NULL;
297 296
298// 297//
299ZEND_API static int suhosin_zend_stream_open(const char *filename, zend_file_handle *handle) 298ZEND_API static int suhosin_zend_stream_open(const char *filename, zend_file_handle *handle)
300{ 299{
301 zend_execute_data *execute_data = EG(current_execute_data); 300 zend_execute_data *execute_data = EG(current_execute_data);
302 301
303 if ((execute_data != NULL) && (execute_data->opline != NULL) && (execute_data->opline->opcode == ZEND_INCLUDE_OR_EVAL)) { 302 if ((execute_data != NULL) && (execute_data->opline != NULL) && (execute_data->opline->opcode == ZEND_INCLUDE_OR_EVAL)) {
304 int filetype = suhosin_check_filename((char *)filename, strlen(filename)); 303 int filetype = suhosin_check_filename((char *)filename, strlen(filename));
305 suhosin_check_codetype(filetype, (char*)filename); 304 suhosin_check_codetype(filetype, (char*)filename);
@@ -319,11 +318,11 @@ static inline int suhosin_detect_codetype(zend_op_array *op_array)
319 318
320 /* eval, assert, create_function, mb_ereg_replace */ 319 /* eval, assert, create_function, mb_ereg_replace */
321 if (op_array->type == ZEND_EVAL_CODE) { 320 if (op_array->type == ZEND_EVAL_CODE) {
322 321
323 if (s == NULL) { 322 if (s == NULL) {
324 return SUHOSIN_CODE_TYPE_UNKNOWN; 323 return SUHOSIN_CODE_TYPE_UNKNOWN;
325 } 324 }
326 325
327 if (strstr(s, "eval()'d code") != NULL) { 326 if (strstr(s, "eval()'d code") != NULL) {
328 return SUHOSIN_CODE_TYPE_EVAL; 327 return SUHOSIN_CODE_TYPE_EVAL;
329 } 328 }
@@ -343,7 +342,7 @@ static inline int suhosin_detect_codetype(zend_op_array *op_array)
343 if (strstr(s, "runtime-created function") != NULL) { 342 if (strstr(s, "runtime-created function") != NULL) {
344 return SUHOSIN_CODE_TYPE_CFUNC; 343 return SUHOSIN_CODE_TYPE_CFUNC;
345 } 344 }
346 345
347 if (strstr(s, "Command line code") != NULL) { 346 if (strstr(s, "Command line code") != NULL) {
348 return SUHOSIN_CODE_TYPE_COMMANDLINE; 347 return SUHOSIN_CODE_TYPE_COMMANDLINE;
349 } 348 }
@@ -359,17 +358,17 @@ static inline int suhosin_detect_codetype(zend_op_array *op_array)
359 if (strstr(s, "Command line end code") != NULL) { 358 if (strstr(s, "Command line end code") != NULL) {
360 return SUHOSIN_CODE_TYPE_COMMANDLINE; 359 return SUHOSIN_CODE_TYPE_COMMANDLINE;
361 } 360 }
362 361
363 if (strstr(s, "suhosin internal code") != NULL) { 362 if (strstr(s, "suhosin internal code") != NULL) {
364 return SUHOSIN_CODE_TYPE_SUHOSIN; 363 return SUHOSIN_CODE_TYPE_SUHOSIN;
365 } 364 }
366 365
367 } else { 366 } else {
368 367
369 return suhosin_check_filename(s, strlen(s)); 368 return suhosin_check_filename(s, strlen(s));
370 369
371 } 370 }
372 371
373 return SUHOSIN_CODE_TYPE_UNKNOWN; 372 return SUHOSIN_CODE_TYPE_UNKNOWN;
374} 373}
375 374
@@ -384,19 +383,19 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
384 old_execute_ex(execute_data); 383 old_execute_ex(execute_data);
385 return; 384 return;
386 } 385 }
387 386
388 zend_op_array *new_op_array; 387 zend_op_array *new_op_array;
389 int op_array_type;//, len; 388 int op_array_type;//, len;
390 // char *fn; 389 // char *fn;
391 zval cs; 390 zval cs;
392 zend_ulong orig_code_type; 391 zend_ulong orig_code_type;
393 unsigned long *suhosin_flags = NULL; 392 unsigned long *suhosin_flags = NULL;
394 393
395 /* log variable dropping statistics */ 394 /* log variable dropping statistics */
396 if (SUHOSIN7_G(abort_request)) { 395 if (SUHOSIN7_G(abort_request)) {
397 396
398 SUHOSIN7_G(abort_request) = 0; /* we only want this to happen the first time */ 397 SUHOSIN7_G(abort_request) = 0; /* we only want this to happen the first time */
399 398
400 if (SUHOSIN7_G(att_request_variables)-SUHOSIN7_G(cur_request_variables) > 0) { 399 if (SUHOSIN7_G(att_request_variables)-SUHOSIN7_G(cur_request_variables) > 0) {
401 suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", 400 suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)",
402 SUHOSIN7_G(att_request_variables)-SUHOSIN7_G(cur_request_variables), 401 SUHOSIN7_G(att_request_variables)-SUHOSIN7_G(cur_request_variables),
@@ -404,33 +403,33 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
404 SUHOSIN7_G(att_post_vars)-SUHOSIN7_G(cur_post_vars), 403 SUHOSIN7_G(att_post_vars)-SUHOSIN7_G(cur_post_vars),
405 SUHOSIN7_G(att_cookie_vars)-SUHOSIN7_G(cur_cookie_vars)); 404 SUHOSIN7_G(att_cookie_vars)-SUHOSIN7_G(cur_cookie_vars));
406 } 405 }
407 406
408 // if (!SUHOSIN7_G(simulation) && SUHOSIN7_G(filter_action)) { 407 // if (!SUHOSIN7_G(simulation) && SUHOSIN7_G(filter_action)) {
409 // 408 //
410 // char *action = SUHOSIN7_G(filter_action); 409 // char *action = SUHOSIN7_G(filter_action);
411 // long code = -1; 410 // long code = -1;
412 // 411 //
413 // while (*action == ' ' || *action == '\t') action++; 412 // while (*action == ' ' || *action == '\t') action++;
414 // 413 //
415 // if (*action >= '0' && *action <= '9') { 414 // if (*action >= '0' && *action <= '9') {
416 // char *end = action; 415 // char *end = action;
417 // while (*end && *end != ',' && *end != ';') end++; 416 // while (*end && *end != ',' && *end != ';') end++;
418 // code = zend_atoi(action, end-action); 417 // code = zend_atoi(action, end-action);
419 // action = end; 418 // action = end;
420 // } 419 // }
421 // 420 //
422 // while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++; 421 // while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++;
423 // 422 //
424 // if (*action) { 423 // if (*action) {
425 // 424 //
426 // if (strncasecmp("http://", action, sizeof("http://")-1)==0 425 // if (strncasecmp("http://", action, sizeof("http://")-1)==0
427 // || strncasecmp("https://", action, sizeof("https://")-1)==0) { 426 // || strncasecmp("https://", action, sizeof("https://")-1)==0) {
428 // sapi_header_line ctr = {0}; 427 // sapi_header_line ctr = {0};
429 // 428 //
430 // if (code == -1) { 429 // if (code == -1) {
431 // code = 302; 430 // code = 302;
432 // } 431 // }
433 // 432 //
434 // ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); 433 // ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action);
435 // ctr.response_code = code; 434 // ctr.response_code = code;
436 // sapi_header_op(SAPI_HEADER_REPLACE, &ctr); 435 // sapi_header_op(SAPI_HEADER_REPLACE, &ctr);
@@ -439,11 +438,11 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
439 // zend_file_handle file_handle; 438 // zend_file_handle file_handle;
440 // zend_op_array *new_op_array; 439 // zend_op_array *new_op_array;
441 // zval *result = NULL; 440 // zval *result = NULL;
442 // 441 //
443 // if (code == -1) { 442 // if (code == -1) {
444 // code = 200; 443 // code = 200;
445 // } 444 // }
446 // 445 //
447 // if (zend_stream_open(action, &file_handle) == SUCCESS) { 446 // if (zend_stream_open(action, &file_handle) == SUCCESS) {
448 // if (!file_handle.opened_path) { 447 // if (!file_handle.opened_path) {
449 // file_handle.opened_path = estrndup(action, strlen(action)); 448 // file_handle.opened_path = estrndup(action, strlen(action));
@@ -456,7 +455,7 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
456 // zend_execute(new_op_array); 455 // zend_execute(new_op_array);
457 // destroy_op_array(new_op_array); 456 // destroy_op_array(new_op_array);
458 // efree(new_op_array); 457 // efree(new_op_array);
459 // 458 //
460 // if (!EG(exception)) 459 // if (!EG(exception))
461 // { 460 // {
462 // if (EG(return_value_ptr_ptr)) { 461 // if (EG(return_value_ptr_ptr)) {
@@ -472,24 +471,24 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
472 // } 471 // }
473 // } 472 // }
474 // } 473 // }
475 // 474 //
476 // sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code); 475 // sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code);
477 // zend_bailout(); 476 // zend_bailout();
478 // } 477 // }
479 } 478 }
480 479
481 // SDEBUG("%s %s", op_array->filename, op_array->function_name); 480 // SDEBUG("%s %s", op_array->filename, op_array->function_name);
482 481
483 SUHOSIN7_G(execution_depth)++; 482 SUHOSIN7_G(execution_depth)++;
484 483
485 if (SUHOSIN7_G(max_execution_depth) && SUHOSIN7_G(execution_depth) > SUHOSIN7_G(max_execution_depth)) { 484 if (SUHOSIN7_G(max_execution_depth) && SUHOSIN7_G(execution_depth) > SUHOSIN7_G(max_execution_depth)) {
486 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated"); 485 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated");
487 suhosin_bailout(); 486 suhosin_bailout();
488 } 487 }
489 488
490 // fn = (char *)execute_data->func->op_array.filename; 489 // fn = (char *)execute_data->func->op_array.filename;
491 // len = strlen(fn); 490 // len = strlen(fn);
492 491
493 orig_code_type = SUHOSIN7_G(in_code_type); 492 orig_code_type = SUHOSIN7_G(in_code_type);
494 if (execute_data->func->op_array.type == ZEND_EVAL_CODE) { 493 if (execute_data->func->op_array.type == ZEND_EVAL_CODE) {
495 SUHOSIN7_G(in_code_type) = SUHOSIN_EVAL; 494 SUHOSIN7_G(in_code_type) = SUHOSIN_EVAL;
@@ -497,7 +496,7 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
497 // if (suhosin_zend_extension_entry.resource_number != -1) { 496 // if (suhosin_zend_extension_entry.resource_number != -1) {
498 // suhosin_flags = (unsigned long *) &execute_data->func->op_array.reserved[suhosin_zend_extension_entry.resource_number]; 497 // suhosin_flags = (unsigned long *) &execute_data->func->op_array.reserved[suhosin_zend_extension_entry.resource_number];
499 // SDEBUG("suhosin flags: %08lx", *suhosin_flags); 498 // SDEBUG("suhosin flags: %08lx", *suhosin_flags);
500 // 499 //
501 // if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) { 500 // if (*suhosin_flags & SUHOSIN_FLAG_CREATED_BY_EVAL) {
502 // SUHOSIN7_G(in_code_type) = SUHOSIN_EVAL; 501 // SUHOSIN7_G(in_code_type) = SUHOSIN_EVAL;
503 // } 502 // }
@@ -505,7 +504,7 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
505 // goto not_evaled_code; 504 // goto not_evaled_code;
506 // } 505 // }
507 // } 506 // }
508 507
509 if (zend_string_equals_literal(execute_data->func->op_array.filename, "eval()'d code")) { 508 if (zend_string_equals_literal(execute_data->func->op_array.filename, "eval()'d code")) {
510 SUHOSIN7_G(in_code_type) = SUHOSIN_EVAL; 509 SUHOSIN7_G(in_code_type) = SUHOSIN_EVAL;
511 } // else { 510 } // else {
@@ -523,7 +522,7 @@ not_evaled_code:
523/* if (SUHOSIN7_G(deactivate)) { 522/* if (SUHOSIN7_G(deactivate)) {
524 goto continue_execution; 523 goto continue_execution;
525 } 524 }
526*/ 525*/
527 526
528 op_array_type = suhosin_detect_codetype(&execute_data->func->op_array); 527 op_array_type = suhosin_detect_codetype(&execute_data->func->op_array);
529 char *filename = execute_data->func->op_array.filename ? ZSTR_VAL(execute_data->func->op_array.filename) : "<unknown>"; 528 char *filename = execute_data->func->op_array.filename ? ZSTR_VAL(execute_data->func->op_array.filename) : "<unknown>";
@@ -553,7 +552,7 @@ static suhosin_internal_function_handler ihandlers[] = {
553 // { "mail", ih_mail, NULL, NULL, NULL }, 552 // { "mail", ih_mail, NULL, NULL, NULL },
554 // { "symlink", ih_symlink, NULL, NULL, NULL }, 553 // { "symlink", ih_symlink, NULL, NULL, NULL },
555 S7_IH_ENTRY0i(symlink) 554 S7_IH_ENTRY0i(symlink)
556 555
557 // random number functions 556 // random number functions
558 S7_IH_ENTRY0i(srand) 557 S7_IH_ENTRY0i(srand)
559 S7_IH_ENTRY0i(mt_srand) 558 S7_IH_ENTRY0i(mt_srand)
@@ -561,9 +560,9 @@ static suhosin_internal_function_handler ihandlers[] = {
561 S7_IH_ENTRY0i(mt_rand) 560 S7_IH_ENTRY0i(mt_rand)
562 S7_IH_ENTRY0i(getrandmax) 561 S7_IH_ENTRY0i(getrandmax)
563 S7_IH_ENTRY0("mt_getrandmax", getrandmax) 562 S7_IH_ENTRY0("mt_getrandmax", getrandmax)
564 563
565 S7_IH_ENTRY0i(function_exists) 564 S7_IH_ENTRY0i(function_exists)
566 565
567 /* Mysqli */ 566 /* Mysqli */
568 // { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL }, 567 // { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
569 // { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL }, 568 // { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
@@ -571,7 +570,7 @@ static suhosin_internal_function_handler ihandlers[] = {
571 // { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL }, 570 // { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
572 // { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL }, 571 // { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
573 // { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL }, 572 // { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
574 573
575 // { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL }, 574 // { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
576 // { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL }, 575 // { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
577 // { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL }, 576 // { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
@@ -586,14 +585,14 @@ static suhosin_internal_function_handler ihandlers[] = {
586 // { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL }, 585 // { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
587 // { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL }, 586 // { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
588 // ---- 587 // ----
589 588
590 /* Mysql API - deprecated in PHP 5.5 */ 589 /* Mysql API - deprecated in PHP 5.5 */
591 // { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL }, 590 // { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
592 // { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL }, 591 // { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
593 // { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL }, 592 // { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
594 // { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL }, 593 // { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
595 // { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL }, 594 // { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
596 595
597#ifdef SUHOSIN7_EXPERIMENTAL 596#ifdef SUHOSIN7_EXPERIMENTAL
598 /* MaxDB */ 597 /* MaxDB */
599 // { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL }, 598 // { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
@@ -602,7 +601,7 @@ static suhosin_internal_function_handler ihandlers[] = {
602 // { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL }, 601 // { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
603 // { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL }, 602 // { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
604 // { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL }, 603 // { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
605 // 604 //
606 // { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL }, 605 // { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
607 // { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL }, 606 // { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
608 // { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL }, 607 // { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
@@ -621,7 +620,7 @@ static suhosin_internal_function_handler ihandlers[] = {
621 // { "pdo::query", ih_querycheck, (void *)1, NULL, NULL }, 620 // { "pdo::query", ih_querycheck, (void *)1, NULL, NULL },
622 // { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL }, 621 // { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL },
623 // { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL }, 622 // { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL },
624 623
625 /* Oracle OCI8 */ 624 /* Oracle OCI8 */
626 // { "ocilogon", ih_fixusername, (void *)1, NULL, NULL }, 625 // { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
627 // { "ociplogon", ih_fixusername, (void *)1, NULL, NULL }, 626 // { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
@@ -639,7 +638,7 @@ static suhosin_internal_function_handler ihandlers[] = {
639 /* Informix */ 638 /* Informix */
640 // { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL }, 639 // { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
641 // { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL }, 640 // { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
642 // 641 //
643 /* Firebird/InterBase */ 642 /* Firebird/InterBase */
644 // { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL }, 643 // { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
645 // { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL }, 644 // { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
@@ -671,21 +670,21 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
671 suhosin_bailout(); 670 suhosin_bailout();
672 return; 671 return;
673 } 672 }
674 673
675 zend_function *func = execute_data->func; 674 zend_function *func = execute_data->func;
676 if (func == NULL) { 675 if (func == NULL) {
677 suhosin_log(S_EXECUTOR|S_GETCALLER, "execution without function context. something is wrong."); 676 suhosin_log(S_EXECUTOR|S_GETCALLER, "execution without function context. something is wrong.");
678 suhosin_bailout(); 677 suhosin_bailout();
679 } 678 }
680 679
681 680
682 // zval *return_value; 681 // zval *return_value;
683 // zval **return_value_ptr; 682 // zval **return_value_ptr;
684 // zval *this_ptr; 683 // zval *this_ptr;
685 int ht = 0; 684 int ht = 0;
686 int retval = SUCCESS; 685 int retval = SUCCESS;
687 686
688 687
689 // if (fci) { 688 // if (fci) {
690 // return_value = *fci->retval_ptr_ptr; 689 // return_value = *fci->retval_ptr_ptr;
691 // return_value_ptr = fci->retval_ptr_ptr; 690 // return_value_ptr = fci->retval_ptr_ptr;
@@ -698,17 +697,17 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
698 // return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL; 697 // return_value_ptr = (fbc->common.fn_flags & ZEND_ACC_RETURN_REFERENCE) ? &ret->var.ptr : NULL;
699 // this_ptr = execute_data_ptr->object; 698 // this_ptr = execute_data_ptr->object;
700 // ht = execute_data->opline->extended_value; 699 // ht = execute_data->opline->extended_value;
701 // } 700 // }
702 701
703 // char *lcname; 702 // char *lcname;
704 // int function_name_strlen, free_lcname = 0; 703 // int function_name_strlen, free_lcname = 0;
705 // zend_class_entry *ce = NULL; 704 // zend_class_entry *ce = NULL;
706 // internal_function_handler *ih; 705 // internal_function_handler *ih;
707 // 706 //
708 // ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope; 707 // ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope;
709 // lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name; 708 // lcname = (char *)((zend_internal_function *) execute_data_ptr->function_state.function)->function_name;
710 // function_name_strlen = strlen(lcname); 709 // function_name_strlen = strlen(lcname);
711 710
712 /* handle methodcalls correctly */ 711 /* handle methodcalls correctly */
713 // if (ce != NULL) { 712 // if (ce != NULL) {
714 // char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1); 713 // char *tmp = (char *) emalloc(function_name_strlen + 2 + ce->name_length + 1);
@@ -730,11 +729,11 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
730 // no function name -> skip whitelists/blacklists 729 // no function name -> skip whitelists/blacklists
731 goto execute_internal_continue; 730 goto execute_internal_continue;
732 } 731 }
733 732
734 SDEBUG("function: [%s]/%zu", ZSTR_VAL(function_name), ZSTR_LEN(function_name)) ; 733 SDEBUG("function: [%s]/%zu", ZSTR_VAL(function_name), ZSTR_LEN(function_name)) ;
735 734
736 if (SUHOSIN7_G(in_code_type) == SUHOSIN_EVAL) { 735 if (SUHOSIN7_G(in_code_type) == SUHOSIN_EVAL) {
737 736
738 if (SUHOSIN7_G(eval_whitelist) != NULL) { 737 if (SUHOSIN7_G(eval_whitelist) != NULL) {
739 if (!zend_hash_exists(SUHOSIN7_G(eval_whitelist), function_name)) { 738 if (!zend_hash_exists(SUHOSIN7_G(eval_whitelist), function_name)) {
740 suhosin_log(S_EXECUTOR|S_GETCALLER, "eval'd function not whitelisted: %s()", ZSTR_VAL(function_name)); 739 suhosin_log(S_EXECUTOR|S_GETCALLER, "eval'd function not whitelisted: %s()", ZSTR_VAL(function_name));
@@ -755,7 +754,7 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
755 } 754 }
756 } 755 }
757 } 756 }
758 757
759 if (SUHOSIN7_G(func_whitelist) != NULL) { 758 if (SUHOSIN7_G(func_whitelist) != NULL) {
760 if (!zend_hash_exists(SUHOSIN7_G(func_whitelist), function_name)) { 759 if (!zend_hash_exists(SUHOSIN7_G(func_whitelist), function_name)) {
761 suhosin_log(S_EXECUTOR|S_GETCALLER, "function not whitelisted: %s()", ZSTR_VAL(function_name)); 760 suhosin_log(S_EXECUTOR|S_GETCALLER, "function not whitelisted: %s()", ZSTR_VAL(function_name));
@@ -775,19 +774,19 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z
775 } 774 }
776 } 775 }
777 } 776 }
778 777
779 suhosin_internal_function_handler *ih; 778 suhosin_internal_function_handler *ih;
780 if ((ih = zend_hash_find_ptr(&ihandler_table, function_name))) { 779 if ((ih = zend_hash_find_ptr(&ihandler_table, function_name))) {
781 void *handler = execute_data->func->internal_function.handler; 780 void *handler = execute_data->func->internal_function.handler;
782 781
783 if (handler != ZEND_FN(display_disabled_function)) { 782 if (handler != ZEND_FN(display_disabled_function)) {
784 retval = ih->handler(S7_IH_HANDLER_PARAM_PASSTHRU); 783 retval = ih->handler(S7_IH_HANDLER_PARAM_PASSTHRU);
785 } 784 }
786 785
787 } 786 }
788 787
789execute_internal_continue: 788execute_internal_continue:
790 789
791 if (retval == SUCCESS) { 790 if (retval == SUCCESS) {
792 old_execute_internal(execute_data, return_value); 791 old_execute_internal(execute_data, return_value);
793 } 792 }
@@ -813,13 +812,13 @@ execute_internal_bailout:
813// if (zo_set_oe_ex != NULL) { 812// if (zo_set_oe_ex != NULL) {
814// return ZEND_HASH_APPLY_STOP; 813// return ZEND_HASH_APPLY_STOP;
815// } 814// }
816// 815//
817// if (extension->handle != NULL) { 816// if (extension->handle != NULL) {
818// 817//
819// zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex"); 818// zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(extension->handle, "zend_optimizer_set_oe_ex");
820// 819//
821// } 820// }
822// 821//
823// return 0; 822// return 0;
824// } 823// }
825/* }}} */ 824/* }}} */
@@ -831,29 +830,29 @@ void suhosin_hook_execute()
831{ 830{
832 old_execute_ex = zend_execute_ex; 831 old_execute_ex = zend_execute_ex;
833 zend_execute_ex = suhosin_execute_ex; 832 zend_execute_ex = suhosin_execute_ex;
834 833
835/* old_compile_file = zend_compile_file; 834/* old_compile_file = zend_compile_file;
836 zend_compile_file = suhosin_compile_file; */ 835 zend_compile_file = suhosin_compile_file; */
837 836
838// #if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED 837// #if ZO_COMPATIBILITY_HACK_TEMPORARY_DISABLED
839// if (zo_set_oe_ex == NULL) { 838// if (zo_set_oe_ex == NULL) {
840// zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex"); 839// zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex");
841// } 840// }
842// if (zo_set_oe_ex == NULL) { 841// if (zo_set_oe_ex == NULL) {
843// zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup); 842// zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup);
844// } 843// }
845// 844//
846// if (zo_set_oe_ex != NULL) { 845// if (zo_set_oe_ex != NULL) {
847// old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO); 846// old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO);
848// } 847// }
849// #endif 848// #endif
850 849
851 old_execute_internal = zend_execute_internal; 850 old_execute_internal = zend_execute_internal;
852 if (old_execute_internal == NULL) { 851 if (old_execute_internal == NULL) {
853 old_execute_internal = execute_internal; 852 old_execute_internal = execute_internal;
854 } 853 }
855 zend_execute_internal = suhosin_execute_internal; 854 zend_execute_internal = suhosin_execute_internal;
856 855
857 /* register internal function handlers */ 856 /* register internal function handlers */
858 zend_hash_init(&ihandler_table, 16, NULL, NULL, 1); 857 zend_hash_init(&ihandler_table, 16, NULL, NULL, 1);
859 suhosin_internal_function_handler *ih = &ihandlers[0]; 858 suhosin_internal_function_handler *ih = &ihandlers[0];
@@ -863,8 +862,8 @@ void suhosin_hook_execute()
863 zend_hash_str_add_ptr(&ihandler_table, ih->name, strlen(ih->name), ih); 862 zend_hash_str_add_ptr(&ihandler_table, ih->name, strlen(ih->name), ih);
864 ih++; 863 ih++;
865 } 864 }
866 865
867 866
868 /* Add additional protection layer, that SHOULD 867 /* Add additional protection layer, that SHOULD
869 catch ZEND_INCLUDE_OR_EVAL *before* the engine tries 868 catch ZEND_INCLUDE_OR_EVAL *before* the engine tries
870 to execute */ 869 to execute */
@@ -872,7 +871,7 @@ void suhosin_hook_execute()
872 old_zend_stream_open = zend_stream_open_function; 871 old_zend_stream_open = zend_stream_open_function;
873 } 872 }
874 zend_stream_open_function = suhosin_zend_stream_open; 873 zend_stream_open_function = suhosin_zend_stream_open;
875 874
876} 875}
877/* }}} */ 876/* }}} */
878 877
@@ -888,7 +887,7 @@ void suhosin_unhook_execute()
888// #endif 887// #endif
889 888
890 zend_execute_ex = old_execute_ex; 889 zend_execute_ex = old_execute_ex;
891 890
892/* zend_compile_file = old_compile_file; */ 891/* zend_compile_file = old_compile_file; */
893 892
894 if (old_execute_internal == execute_internal) { 893 if (old_execute_internal == execute_internal) {
@@ -896,10 +895,10 @@ void suhosin_unhook_execute()
896 } 895 }
897 zend_execute_internal = old_execute_internal; 896 zend_execute_internal = old_execute_internal;
898 zend_hash_clean(&ihandler_table); 897 zend_hash_clean(&ihandler_table);
899 898
900 /* remove zend_open protection */ 899 /* remove zend_open protection */
901 zend_stream_open_function = old_zend_stream_open; 900 zend_stream_open_function = old_zend_stream_open;
902 901
903} 902}
904/* }}} */ 903/* }}} */
905 904