1 files changed, 23 insertions, 152 deletions
diff --git a/treat_data.c b/treat_data.c
index d842afc..bdd06c0 100644
--- a/treat_data.c
+++ b/treat_data.c
@@ -3,7 +3,7 @@
  | Suhosin Version 1                                                    |
  +----------------------------------------------------------------------+
  | Copyright (c) 2006-2007 The Hardened-PHP Project                     |
-  | Copyright (c) 2007-2015 SektionEins GmbH                             |
+  | Copyright (c) 2007-2016 SektionEins GmbH                             |
  +----------------------------------------------------------------------+
  | This source file is subject to version 3.01 of the PHP license,      |
  | that is bundled with this package in the file LICENSE, and is        |
@@ -13,7 +13,8 @@
  | obtain it through the world-wide-web, please send a note to          |
  | license@php.net so we can mail you a copy immediately.               |
  +----------------------------------------------------------------------+
-  | Author: Stefan Esser <sesser@sektioneins.de>                         |
+  | Authors: Stefan Esser <sesser@sektioneins.de>                        |
+  |          Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de>              |
  +----------------------------------------------------------------------+
 */
 /*
@@ -31,176 +32,46 @@
 #include "php_variables.h"
 #include "ext/standard/url.h"
+static SAPI_TREAT_DATA_FUNC((*orig_treat_data)) = NULL;
 SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
 {
-        char *res = NULL, *var, *val, *separator = NULL;
-        const char *c_var;
-        zval array;
-        int free_buffer = 0;
-        char *strtok_buf = NULL;
-        zend_long count = 0;
-        /* Mark that we were not yet called */
-        // SUHOSIN7_G(already_scanned) = 0;
-        ZVAL_UNDEF(&array);
        switch (arg) {
                case PARSE_POST:
-                case PARSE_GET:
+                        if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_post_vars) == 0 || 
-                case PARSE_COOKIE:
+                                SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_post_vars))) {
-                        array_init(&array);
+                                SUHOSIN7_G(max_post_vars) = SUHOSIN7_G(max_request_variables);
-                        switch (arg) {
-                                case PARSE_POST:
-                                        zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
-                                        ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
-                                        if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_post_vars) == 0 || 
-                                            SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_post_vars))) {
-                                                SUHOSIN7_G(max_post_vars) = SUHOSIN7_G(max_request_variables);
-                                        }
-                                        break;
-                                case PARSE_GET:
-                                        zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
-                                        ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
-                                        if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_get_vars) == 0 || 
-                                            SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_get_vars))) {
-                                                SUHOSIN7_G(max_get_vars) = SUHOSIN7_G(max_request_variables);
-                                        }
-                                        break;
-                                case PARSE_COOKIE:
-                                        zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
-                                        ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
-                                        if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_cookie_vars) == 0 || 
-                                            SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_cookie_vars))) {
-                                                SUHOSIN7_G(max_cookie_vars) = SUHOSIN7_G(max_request_variables);
-                                        }
-                                        break;
                        }
                        break;
-                default:
-                        ZVAL_COPY_VALUE(&array, destArray);
-                        break;
-        }
-        if (arg == PARSE_POST) {
-                sapi_handle_post(&array);
-                return;
-        }
-        if (arg == PARSE_GET) {         /* GET data */
-                c_var = SG(request_info).query_string;
-                if (c_var && *c_var) {
-                        res = (char *) estrdup(c_var);
-                        free_buffer = 1;
-                } else {
-                        free_buffer = 0;
-                }
-        } else if (arg == PARSE_COOKIE) {               /* Cookie data */
-                c_var = SG(request_info).cookie_data;
-                if (c_var && *c_var) {
-                        // if (SUHOSIN7_G(cookie_encrypt)) {
-                                // res = (char *) estrdup(suhosin_cookie_decryptor());
-                        // } else {
-                                res = (char *) estrdup(c_var);
-                        // }
-                        free_buffer = 1;
-                } else {
-                        free_buffer = 0;
-                }
-        } else if (arg == PARSE_STRING) {               /* String data */
-                res = str;
-                free_buffer = 1;
-        }
-        if (!res) {
-                return;
-        }
-        switch (arg) {
                case PARSE_GET:
-                case PARSE_STRING:
+                        if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_get_vars) == 0 || 
-                        separator = (char *) estrdup(PG(arg_separator).input);
+                                SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_get_vars))) {
+                                SUHOSIN7_G(max_get_vars) = SUHOSIN7_G(max_request_variables);
+                        }
                        break;
                case PARSE_COOKIE:
-                        separator = ";\0";
+                        if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_cookie_vars) == 0 || 
-                        break;
+                                SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_cookie_vars))) {
-        }
+                                SUHOSIN7_G(max_cookie_vars) = SUHOSIN7_G(max_request_variables);
-        var = php_strtok_r(res, separator, &strtok_buf);
-        while (var) {
-                val = strchr(var, '=');
-                if (arg == PARSE_COOKIE) {
-                        /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
-                        while (isspace(*var)) {
-                                var++;
                        }
-                        if (var == val || *var == '\0') {
-                                goto next_cookie;
-                        }
-                }
-                if (++count > PG(max_input_vars)) {
-                        php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
                        break;
-                }
-                SDEBUG("calling input filter from treat_data");
-                if (val) { /* have a value */
-                        size_t val_len;
-                        size_t new_val_len;
-                        *val++ = '\0';
-                        php_url_decode(var, strlen(var));
-                        val_len = php_url_decode(val, strlen(val));
-                        val = estrndup(val, val_len);
-                        if (suhosin_input_filter(arg, var, &val, val_len, &new_val_len)) {
-                                // if (sapi_module.input_filter(arg, var, &val, new_val_len, &new_val_len)) {
-                                        php_register_variable_safe(var, val, new_val_len, &array);
-                                // }
-                        } else {
-                                SUHOSIN7_G(abort_request) = 1;
-                        }
-                        efree(val);
-                } else {
-                        size_t val_len;
-                        size_t new_val_len;
-                        php_url_decode(var, strlen(var));
-                        val_len = 0;
-                        val = estrndup("", val_len);
-                        if (suhosin_input_filter(arg, var, &val, val_len, &new_val_len)) {
-                                // if (sapi_module.input_filter(arg, var, &val, new_val_len, &new_val_len)) {
-                                        php_register_variable_safe(var, val, new_val_len, &array);
-                                // }
-                        } else {
-                                SUHOSIN7_G(abort_request) = 1;
-                        }
-                        efree(val);
-                }
-next_cookie:
-                var = php_strtok_r(NULL, separator, &strtok_buf);
        }
-        if (arg != PARSE_COOKIE) {
+        if (arg == PARSE_COOKIE && SUHOSIN7_G(cookie_encrypt) && SG(request_info).cookie_data) {
-                efree(separator);
+                SG(request_info).cookie_data = suhosin_cookie_decryptor(SG(request_info).cookie_data);
        }
+        
-        if (free_buffer) {
+        if (orig_treat_data) {
-                efree(res);
+                orig_treat_data(arg, str, destArray);
        }
 }
 void suhosin_hook_treat_data()
 {
-        // sapi_register_treat_data(suhosin_treat_data);
+        if (orig_treat_data == NULL) {
-        
+                orig_treat_data = sapi_module.treat_data;
-        if (old_input_filter == NULL) {
-                old_input_filter = sapi_module.input_filter;
        }
-        sapi_module.input_filter = suhosin_input_filter_wrapper;
+        sapi_module.treat_data = suhosin_treat_data;
 }

diff --git a/treat_data.c b/treat_data.c index d842afc..bdd06c0 100644 --- a/treat_data.c +++ b/treat_data.c
@@ -3,7 +3,7 @@
3	\| Suhosin Version 1 \|	3	\| Suhosin Version 1 \|
4	+----------------------------------------------------------------------+	4	+----------------------------------------------------------------------+
5	\| Copyright (c) 2006-2007 The Hardened-PHP Project \|	5	\| Copyright (c) 2006-2007 The Hardened-PHP Project \|
6	\| Copyright (c) 2007-2015 SektionEins GmbH \|	6	\| Copyright (c) 2007-2016 SektionEins GmbH \|
7	+----------------------------------------------------------------------+	7	+----------------------------------------------------------------------+
8	\| This source file is subject to version 3.01 of the PHP license, \|	8	\| This source file is subject to version 3.01 of the PHP license, \|
9	\| that is bundled with this package in the file LICENSE, and is \|	9	\| that is bundled with this package in the file LICENSE, and is \|
@@ -13,7 +13,8 @@
13	\| obtain it through the world-wide-web, please send a note to \|	13	\| obtain it through the world-wide-web, please send a note to \|
14	\| license@php.net so we can mail you a copy immediately. \|	14	\| license@php.net so we can mail you a copy immediately. \|
15	+----------------------------------------------------------------------+	15	+----------------------------------------------------------------------+
16	\| Author: Stefan Esser <sesser@sektioneins.de> \|	16	\| Authors: Stefan Esser <sesser@sektioneins.de> \|
		17	\| Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de> \|
17	+----------------------------------------------------------------------+	18	+----------------------------------------------------------------------+
18	*/	19	*/
19	/*	20	/*
@@ -31,176 +32,46 @@
31	#include "php_variables.h"	32	#include "php_variables.h"
32	#include "ext/standard/url.h"	33	#include "ext/standard/url.h"
33		34
		35	static SAPI_TREAT_DATA_FUNC((*orig_treat_data)) = NULL;
		36
34	SAPI_TREAT_DATA_FUNC(suhosin_treat_data)	37	SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
35	{	38	{
36	char res = NULL, var, val, separator = NULL;
37	const char *c_var;
38	zval array;
39	int free_buffer = 0;
40	char *strtok_buf = NULL;
41	zend_long count = 0;
42
43	/* Mark that we were not yet called */
44	// SUHOSIN7_G(already_scanned) = 0;
45
46	ZVAL_UNDEF(&array);
47	switch (arg) {	39	switch (arg) {
48	case PARSE_POST:	40	case PARSE_POST:
49	case PARSE_GET:	41	if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_post_vars) == 0 \|\|
50	case PARSE_COOKIE:	42	SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_post_vars))) {
51	array_init(&array);	43	SUHOSIN7_G(max_post_vars) = SUHOSIN7_G(max_request_variables);
52	switch (arg) {
53	case PARSE_POST:
54	zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
55	ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
56	if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_post_vars) == 0 \|\|
57	SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_post_vars))) {
58	SUHOSIN7_G(max_post_vars) = SUHOSIN7_G(max_request_variables);
59	}
60	break;
61	case PARSE_GET:
62	zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
63	ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
64	if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_get_vars) == 0 \|\|
65	SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_get_vars))) {
66	SUHOSIN7_G(max_get_vars) = SUHOSIN7_G(max_request_variables);
67	}
68	break;
69	case PARSE_COOKIE:
70	zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
71	ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
72	if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_cookie_vars) == 0 \|\|
73	SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_cookie_vars))) {
74	SUHOSIN7_G(max_cookie_vars) = SUHOSIN7_G(max_request_variables);
75	}
76	break;
77	}	44	}
78	break;	45	break;
79	default:
80	ZVAL_COPY_VALUE(&array, destArray);
81	break;
82	}
83
84	if (arg == PARSE_POST) {
85	sapi_handle_post(&array);
86	return;
87	}
88
89	if (arg == PARSE_GET) { /* GET data */
90	c_var = SG(request_info).query_string;
91	if (c_var && *c_var) {
92	res = (char *) estrdup(c_var);
93	free_buffer = 1;
94	} else {
95	free_buffer = 0;
96	}
97	} else if (arg == PARSE_COOKIE) { /* Cookie data */
98	c_var = SG(request_info).cookie_data;
99	if (c_var && *c_var) {
100	// if (SUHOSIN7_G(cookie_encrypt)) {
101	// res = (char *) estrdup(suhosin_cookie_decryptor());
102	// } else {
103	res = (char *) estrdup(c_var);
104	// }
105	free_buffer = 1;
106	} else {
107	free_buffer = 0;
108	}
109	} else if (arg == PARSE_STRING) { /* String data */
110	res = str;
111	free_buffer = 1;
112	}
113
114	if (!res) {
115	return;
116	}
117
118	switch (arg) {
119	case PARSE_GET:	46	case PARSE_GET:
120	case PARSE_STRING:	47	if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_get_vars) == 0 \|\|
121	separator = (char *) estrdup(PG(arg_separator).input);	48	SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_get_vars))) {
		49	SUHOSIN7_G(max_get_vars) = SUHOSIN7_G(max_request_variables);
		50	}
122	break;	51	break;
123	case PARSE_COOKIE:	52	case PARSE_COOKIE:
124	separator = ";\0";	53	if (SUHOSIN7_G(max_request_variables) && (SUHOSIN7_G(max_cookie_vars) == 0 \|\|
125	break;	54	SUHOSIN7_G(max_request_variables) <= SUHOSIN7_G(max_cookie_vars))) {
126	}	55	SUHOSIN7_G(max_cookie_vars) = SUHOSIN7_G(max_request_variables);
127
128	var = php_strtok_r(res, separator, &strtok_buf);
129
130	while (var) {
131	val = strchr(var, '=');
132
133	if (arg == PARSE_COOKIE) {
134	/* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
135	while (isspace(*var)) {
136	var++;
137	}	56	}
138	if (var == val \|\| *var == '\0') {
139	goto next_cookie;
140	}
141	}
142
143	if (++count > PG(max_input_vars)) {
144	php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
145	break;	57	break;
146	}
147	SDEBUG("calling input filter from treat_data");
148
149	if (val) { /* have a value */
150	size_t val_len;
151	size_t new_val_len;
152
153	*val++ = '\0';
154	php_url_decode(var, strlen(var));
155	val_len = php_url_decode(val, strlen(val));
156	val = estrndup(val, val_len);
157	if (suhosin_input_filter(arg, var, &val, val_len, &new_val_len)) {
158	// if (sapi_module.input_filter(arg, var, &val, new_val_len, &new_val_len)) {
159	php_register_variable_safe(var, val, new_val_len, &array);
160	// }
161	} else {
162	SUHOSIN7_G(abort_request) = 1;
163	}
164	efree(val);
165	} else {
166	size_t val_len;
167	size_t new_val_len;
168
169	php_url_decode(var, strlen(var));
170	val_len = 0;
171	val = estrndup("", val_len);
172	if (suhosin_input_filter(arg, var, &val, val_len, &new_val_len)) {
173	// if (sapi_module.input_filter(arg, var, &val, new_val_len, &new_val_len)) {
174	php_register_variable_safe(var, val, new_val_len, &array);
175	// }
176	} else {
177	SUHOSIN7_G(abort_request) = 1;
178	}
179	efree(val);
180	}
181	next_cookie:
182	var = php_strtok_r(NULL, separator, &strtok_buf);
183	}	58	}
184		59
185	if (arg != PARSE_COOKIE) {	60	if (arg == PARSE_COOKIE && SUHOSIN7_G(cookie_encrypt) && SG(request_info).cookie_data) {
186	efree(separator);	61	SG(request_info).cookie_data = suhosin_cookie_decryptor(SG(request_info).cookie_data);
187	}	62	}
188		63
189	if (free_buffer) {	64	if (orig_treat_data) {
190	efree(res);	65	orig_treat_data(arg, str, destArray);
191	}	66	}
192
193	}	67	}
194		68
195
196	void suhosin_hook_treat_data()	69	void suhosin_hook_treat_data()
197	{	70	{
198	// sapi_register_treat_data(suhosin_treat_data);	71	if (orig_treat_data == NULL) {
199		72	orig_treat_data = sapi_module.treat_data;
200	if (old_input_filter == NULL) {
201	old_input_filter = sapi_module.input_filter;
202	}	73	}
203	sapi_module.input_filter = suhosin_input_filter_wrapper;	74	sapi_module.treat_data = suhosin_treat_data;
204	}	75	}
205		76
206		77