summaryrefslogtreecommitdiff
path: root/execute.c
diff options
context:
space:
mode:
Diffstat (limited to 'execute.c')
-rw-r--r--execute.c84
1 files changed, 42 insertions, 42 deletions
diff --git a/execute.c b/execute.c
index 1a7388b..4648b93 100644
--- a/execute.c
+++ b/execute.c
@@ -55,8 +55,8 @@ ZEND_API static void (*old_execute_internal)(zend_execute_data *execute_data, zv
55ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, zval *return_value); 55ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, zval *return_value);
56ZEND_API static void (*old_execute)(zend_op_array *op_array, zval *return_value); 56ZEND_API static void (*old_execute)(zend_op_array *op_array, zval *return_value);
57ZEND_API static void suhosin_execute(zend_op_array *op_array, zval *return_value); 57ZEND_API static void suhosin_execute(zend_op_array *op_array, zval *return_value);
58// static void (*old_execute_ZO)(zend_op_array *op_array, long dummy TSRMLS_DC); 58// static void (*old_execute_ZO)(zend_op_array *op_array, long dummy);
59// static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC); 59// static void suhosin_execute_ZO(zend_op_array *op_array, long dummy);
60// static void *(*zo_set_oe_ex)(void *ptr) = NULL; 60// static void *(*zo_set_oe_ex)(void *ptr) = NULL;
61 61
62 62
@@ -248,7 +248,7 @@ static int suhosin_check_filename(char *s, int len)
248 248
249// ZEND_API static int (*old_zend_stream_open)(const char *filename, zend_file_handle *handle); 249// ZEND_API static int (*old_zend_stream_open)(const char *filename, zend_file_handle *handle);
250// 250//
251// static int suhosin_zend_stream_open(const char *filename, zend_file_handle *fh TSRMLS_DC) 251// static int suhosin_zend_stream_open(const char *filename, zend_file_handle *fh)
252// { 252// {
253// zend_execute_data *exd; 253// zend_execute_data *exd;
254// exd=EG(current_execute_data); 254// exd=EG(current_execute_data);
@@ -258,45 +258,45 @@ static int suhosin_check_filename(char *s, int len)
258// switch (filetype) { 258// switch (filetype) {
259// case SUHOSIN_CODE_TYPE_LONGNAME: 259// case SUHOSIN_CODE_TYPE_LONGNAME:
260// suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename); 260// suhosin_log(S_INCLUDE, "Include filename ('%s') is too long", filename);
261// suhosin_bailout(TSRMLS_C); 261// suhosin_bailout();
262// break; 262// break;
263// 263//
264// case SUHOSIN_CODE_TYPE_UPLOADED: 264// case SUHOSIN_CODE_TYPE_UPLOADED:
265// suhosin_log(S_INCLUDE, "Include filename is an uploaded file"); 265// suhosin_log(S_INCLUDE, "Include filename is an uploaded file");
266// suhosin_bailout(TSRMLS_C); 266// suhosin_bailout();
267// break; 267// break;
268// 268//
269// case SUHOSIN_CODE_TYPE_0FILE: 269// case SUHOSIN_CODE_TYPE_0FILE:
270// suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character"); 270// suhosin_log(S_INCLUDE, "Include filename contains an ASCIIZ character");
271// suhosin_bailout(TSRMLS_C); 271// suhosin_bailout();
272// break; 272// break;
273// 273//
274// case SUHOSIN_CODE_TYPE_WRITABLE: 274// case SUHOSIN_CODE_TYPE_WRITABLE:
275// suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename); 275// suhosin_log(S_INCLUDE, "Include filename ('%s') is writable by PHP process", filename);
276// suhosin_bailout(TSRMLS_C); 276// suhosin_bailout();
277// break; 277// break;
278// 278//
279// case SUHOSIN_CODE_TYPE_BLACKURL: 279// case SUHOSIN_CODE_TYPE_BLACKURL:
280// suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename); 280// suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is forbidden by the blacklist", filename);
281// suhosin_bailout(TSRMLS_C); 281// suhosin_bailout();
282// break; 282// break;
283// 283//
284// case SUHOSIN_CODE_TYPE_BADURL: 284// case SUHOSIN_CODE_TYPE_BADURL:
285// suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename); 285// suhosin_log(S_INCLUDE, "Include filename ('%s') is a URL that is not allowed", filename);
286// suhosin_bailout(TSRMLS_C); 286// suhosin_bailout();
287// break; 287// break;
288// 288//
289// case SUHOSIN_CODE_TYPE_MANYDOTS: 289// case SUHOSIN_CODE_TYPE_MANYDOTS:
290// suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename); 290// suhosin_log(S_INCLUDE, "Include filename ('%s') contains too many '../'", filename);
291// suhosin_bailout(TSRMLS_C); 291// suhosin_bailout();
292// break; 292// break;
293// } 293// }
294// } 294// }
295// return old_zend_stream_open(filename, fh TSRMLS_CC); 295// return old_zend_stream_open(filename, fh);
296// } 296// }
297 297
298 298
299static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC) 299static int suhosin_detect_codetype(zend_op_array *op_array)
300{ 300{
301 if (op_array->filename == NULL) { 301 if (op_array->filename == NULL) {
302 return SUHOSIN_CODE_TYPE_UNKNOWN; 302 return SUHOSIN_CODE_TYPE_UNKNOWN;
@@ -353,7 +353,7 @@ static int suhosin_detect_codetype(zend_op_array *op_array TSRMLS_DC)
353 353
354 } else { 354 } else {
355 355
356 return suhosin_check_filename(s, strlen(s) TSRMLS_CC); 356 return suhosin_check_filename(s, strlen(s));
357 357
358 } 358 }
359 359
@@ -414,7 +414,7 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
414 // 414 //
415 // ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); 415 // ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action);
416 // ctr.response_code = code; 416 // ctr.response_code = code;
417 // sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); 417 // sapi_header_op(SAPI_HEADER_REPLACE, &ctr);
418 // efree(ctr.line); 418 // efree(ctr.line);
419 // } else { 419 // } else {
420 // zend_file_handle file_handle; 420 // zend_file_handle file_handle;
@@ -425,17 +425,17 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
425 // code = 200; 425 // code = 200;
426 // } 426 // }
427 // 427 //
428 // if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) { 428 // if (zend_stream_open(action, &file_handle) == SUCCESS) {
429 // if (!file_handle.opened_path) { 429 // if (!file_handle.opened_path) {
430 // file_handle.opened_path = estrndup(action, strlen(action)); 430 // file_handle.opened_path = estrndup(action, strlen(action));
431 // } 431 // }
432 // new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); 432 // new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE);
433 // zend_destroy_file_handle(&file_handle TSRMLS_CC); 433 // zend_destroy_file_handle(&file_handle);
434 // if (new_op_array) { 434 // if (new_op_array) {
435 // EG(return_value_ptr_ptr) = &result; 435 // EG(return_value_ptr_ptr) = &result;
436 // EG(active_op_array) = new_op_array; 436 // EG(active_op_array) = new_op_array;
437 // zend_execute(new_op_array TSRMLS_CC); 437 // zend_execute(new_op_array);
438 // destroy_op_array(new_op_array TSRMLS_CC); 438 // destroy_op_array(new_op_array);
439 // efree(new_op_array); 439 // efree(new_op_array);
440 // 440 //
441 // if (!EG(exception)) 441 // if (!EG(exception))
@@ -454,7 +454,7 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
454 // } 454 // }
455 // } 455 // }
456 // 456 //
457 // sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC); 457 // sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code);
458 // zend_bailout(); 458 // zend_bailout();
459 // } 459 // }
460 } 460 }
@@ -465,7 +465,7 @@ ZEND_API static void suhosin_execute_ex(zend_execute_data *execute_data)
465 465
466 if (SUHOSIN7_G(max_execution_depth) && SUHOSIN7_G(execution_depth) > SUHOSIN7_G(max_execution_depth)) { 466 if (SUHOSIN7_G(max_execution_depth) && SUHOSIN7_G(execution_depth) > SUHOSIN7_G(max_execution_depth)) {
467 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated"); 467 suhosin_log(S_EXECUTOR|S_GETCALLER, "maximum execution depth reached - script terminated");
468 suhosin_bailout(TSRMLS_C); 468 suhosin_bailout();
469 } 469 }
470 470
471 // fn = (char *)execute_data->func->op_array.filename; 471 // fn = (char *)execute_data->func->op_array.filename;
@@ -539,37 +539,37 @@ not_evaled_code:
539 539
540 case SUHOSIN_CODE_TYPE_LONGNAME: 540 case SUHOSIN_CODE_TYPE_LONGNAME:
541 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", ZSTR_VAL(execute_data->func->op_array.filename)); 541 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is too long", ZSTR_VAL(execute_data->func->op_array.filename));
542 suhosin_bailout(TSRMLS_C); 542 suhosin_bailout();
543 break; 543 break;
544 544
545 case SUHOSIN_CODE_TYPE_MANYDOTS: 545 case SUHOSIN_CODE_TYPE_MANYDOTS:
546 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", ZSTR_VAL(execute_data->func->op_array.filename)); 546 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') contains too many '../'", ZSTR_VAL(execute_data->func->op_array.filename));
547 suhosin_bailout(TSRMLS_C); 547 suhosin_bailout();
548 break; 548 break;
549 549
550 case SUHOSIN_CODE_TYPE_UPLOADED: 550 case SUHOSIN_CODE_TYPE_UPLOADED:
551 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file"); 551 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename is an uploaded file");
552 suhosin_bailout(TSRMLS_C); 552 suhosin_bailout();
553 break; 553 break;
554 554
555 case SUHOSIN_CODE_TYPE_0FILE: 555 case SUHOSIN_CODE_TYPE_0FILE:
556 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character"); 556 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename contains an ASCIIZ character");
557 suhosin_bailout(TSRMLS_C); 557 suhosin_bailout();
558 break; 558 break;
559 559
560 case SUHOSIN_CODE_TYPE_WRITABLE: 560 case SUHOSIN_CODE_TYPE_WRITABLE:
561 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", ZSTR_VAL(execute_data->func->op_array.filename)); 561 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is writable by PHP process", ZSTR_VAL(execute_data->func->op_array.filename));
562 suhosin_bailout(TSRMLS_C); 562 suhosin_bailout();
563 break; 563 break;
564 564
565 case SUHOSIN_CODE_TYPE_BLACKURL: 565 case SUHOSIN_CODE_TYPE_BLACKURL:
566 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", ZSTR_VAL(execute_data->func->op_array.filename)); 566 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is forbidden by the blacklist", ZSTR_VAL(execute_data->func->op_array.filename));
567 suhosin_bailout(TSRMLS_C); 567 suhosin_bailout();
568 break; 568 break;
569 569
570 case SUHOSIN_CODE_TYPE_BADURL: 570 case SUHOSIN_CODE_TYPE_BADURL:
571 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", ZSTR_VAL(execute_data->func->op_array.filename)); 571 suhosin_log(S_INCLUDE|S_GETCALLER, "Include filename ('%s') is a URL that is not allowed", ZSTR_VAL(execute_data->func->op_array.filename));
572 suhosin_bailout(TSRMLS_C); 572 suhosin_bailout();
573 break; 573 break;
574 574
575 case SUHOSIN_CODE_TYPE_BADFILE: 575 case SUHOSIN_CODE_TYPE_BADFILE:
@@ -577,12 +577,12 @@ not_evaled_code:
577// #define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));" 577// #define DIE_WITH_MSG "die('disallowed_file'.chr(10).chr(10));"
578// cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1); 578// cs.value.str.val = estrndup(DIE_WITH_MSG, sizeof(DIE_WITH_MSG)-1);
579// cs.value.str.len = sizeof(DIE_WITH_MSG)-1; 579// cs.value.str.len = sizeof(DIE_WITH_MSG)-1;
580// new_op_array = compile_string(&cs, "suhosin internal code" TSRMLS_CC); 580// new_op_array = compile_string(&cs, "suhosin internal code");
581// if (new_op_array) { 581// if (new_op_array) {
582// op_array = new_op_array; 582// op_array = new_op_array;
583// goto continue_execution; 583// goto continue_execution;
584// } 584// }
585 suhosin_bailout(TSRMLS_C); 585 suhosin_bailout();
586 break; 586 break;
587 587
588 case SUHOSIN_CODE_TYPE_COMMANDLINE: 588 case SUHOSIN_CODE_TYPE_COMMANDLINE:
@@ -626,7 +626,7 @@ typedef struct _internal_function_handler {
626// **subject, 626// **subject,
627// **limit, **zcount; 627// **limit, **zcount;
628// 628//
629// if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|ZZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) { 629// if (zend_parse_parameters(ZEND_NUM_ARGS(), "ZZZ|ZZ", &regex, &replace, &subject, &limit, &zcount) == FAILURE) {
630// return(0); 630// return(0);
631// } 631// }
632// 632//
@@ -693,7 +693,7 @@ typedef struct _internal_function_handler {
693// return (0); 693// return (0);
694// } 694// }
695// 695//
696// if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", 696// if (zend_parse_parameters(ZEND_NUM_ARGS(), "sss|ss",
697// &to, &to_len, 697// &to, &to_len,
698// &subject, &subject_len, 698// &subject, &subject_len,
699// &message, &message_len, 699// &message, &message_len,
@@ -790,7 +790,7 @@ typedef struct _internal_function_handler {
790// 790//
791// int ih_querycheck(IH_HANDLER_PARAMS) 791// int ih_querycheck(IH_HANDLER_PARAMS)
792// { 792// {
793// void **p = zend_vm_stack_top(TSRMLS_C) - 1; 793// void **p = zend_vm_stack_top() - 1;
794// unsigned long arg_count; 794// unsigned long arg_count;
795// zval **arg; 795// zval **arg;
796// char *query, *s, *e; 796// char *query, *s, *e;
@@ -916,28 +916,28 @@ typedef struct _internal_function_handler {
916// if (cnt_opencomment && SUHOSIN7_G(sql_opencomment)>0) { 916// if (cnt_opencomment && SUHOSIN7_G(sql_opencomment)>0) {
917// suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query); 917// suhosin_log(S_SQL, "Open comment in SQL query: '%*s'", len, query);
918// if (SUHOSIN7_G(sql_opencomment)>1) { 918// if (SUHOSIN7_G(sql_opencomment)>1) {
919// suhosin_bailout(TSRMLS_C); 919// suhosin_bailout();
920// } 920// }
921// } 921// }
922// 922//
923// if (cnt_comment && SUHOSIN7_G(sql_comment)>0) { 923// if (cnt_comment && SUHOSIN7_G(sql_comment)>0) {
924// suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query); 924// suhosin_log(S_SQL, "Comment in SQL query: '%*s'", len, query);
925// if (SUHOSIN7_G(sql_comment)>1) { 925// if (SUHOSIN7_G(sql_comment)>1) {
926// suhosin_bailout(TSRMLS_C); 926// suhosin_bailout();
927// } 927// }
928// } 928// }
929// 929//
930// if (cnt_union && SUHOSIN7_G(sql_union)>0) { 930// if (cnt_union && SUHOSIN7_G(sql_union)>0) {
931// suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query); 931// suhosin_log(S_SQL, "UNION in SQL query: '%*s'", len, query);
932// if (SUHOSIN7_G(sql_union)>1) { 932// if (SUHOSIN7_G(sql_union)>1) {
933// suhosin_bailout(TSRMLS_C); 933// suhosin_bailout();
934// } 934// }
935// } 935// }
936// 936//
937// if (cnt_select>1 && SUHOSIN7_G(sql_mselect)>0) { 937// if (cnt_select>1 && SUHOSIN7_G(sql_mselect)>0) {
938// suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query); 938// suhosin_log(S_SQL, "Multiple SELECT in SQL query: '%*s'", len, query);
939// if (SUHOSIN7_G(sql_mselect)>1) { 939// if (SUHOSIN7_G(sql_mselect)>1) {
940// suhosin_bailout(TSRMLS_C); 940// suhosin_bailout();
941// } 941// }
942// } 942// }
943// 943//
@@ -947,7 +947,7 @@ typedef struct _internal_function_handler {
947// 947//
948// int ih_fixusername(IH_HANDLER_PARAMS) 948// int ih_fixusername(IH_HANDLER_PARAMS)
949// { 949// {
950// void **p = zend_vm_stack_top(TSRMLS_C) - 1; 950// void **p = zend_vm_stack_top() - 1;
951// unsigned long arg_count; 951// unsigned long arg_count;
952// zval **arg; 952// zval **arg;
953// char *prefix, *postfix, *user, *user_match, *cp; 953// char *prefix, *postfix, *user, *user_match, *cp;
@@ -1197,8 +1197,8 @@ internal_function_handler ihandlers[] = {
1197 { NULL, NULL, NULL, NULL, NULL } 1197 { NULL, NULL, NULL, NULL, NULL }
1198}; 1198};
1199 1199
1200#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C)); 1200#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name());
1201#define FUNCTION_SIMULATE_WARNING() zend_error(E_WARNING, "SIMULATION - %s() has been disabled for security reasons", get_active_function_name(TSRMLS_C)); 1201#define FUNCTION_SIMULATE_WARNING() zend_error(E_WARNING, "SIMULATION - %s() has been disabled for security reasons", get_active_function_name());
1202 1202
1203/* {{{ void suhosin_execute_internal 1203/* {{{ void suhosin_execute_internal
1204 * This function provides a hook for internal execution */ 1204 * This function provides a hook for internal execution */
@@ -1324,7 +1324,7 @@ execute_internal_bailout:
1324 // efree(lcname); 1324 // efree(lcname);
1325 // } 1325 // }
1326 FUNCTION_WARNING() 1326 FUNCTION_WARNING()
1327 suhosin_bailout(TSRMLS_C); 1327 suhosin_bailout();
1328} 1328}
1329/* }}} */ 1329/* }}} */
1330 1330
@@ -1365,7 +1365,7 @@ void suhosin_hook_execute()
1365 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex"); 1365 zo_set_oe_ex = (void *)DL_FETCH_SYMBOL(NULL, "zend_optimizer_set_oe_ex");
1366 } 1366 }
1367 if (zo_set_oe_ex == NULL) { 1367 if (zo_set_oe_ex == NULL) {
1368 zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup TSRMLS_CC); 1368 zend_llist_apply(&zend_extensions, (llist_apply_func_t)function_lookup);
1369 } 1369 }
1370 1370
1371 if (zo_set_oe_ex != NULL) { 1371 if (zo_set_oe_ex != NULL) {