From 3e77c15105551dee21edac0ab090ffaf10c4ff4d Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 3 Mar 2016 15:36:40 +0100 Subject: memory limit --- execute.c | 4 +-- memory_limit.c | 1 + suhosin7.c | 6 ++-- tests/executor/memory_limit.phpt | 29 ++++++++++++++++ tests/executor/memory_limit_64bit.phpt | 43 ++++++++++++++++++++++++ tests/executor/memory_limit_64bit_10G.phpt | 36 ++++++++++++++++++++ tests/executor/memory_limit_negative.phpt | 18 ++++++++++ tests/executor/memory_limit_other_hardlimit.phpt | 28 +++++++++++++++ 8 files changed, 159 insertions(+), 6 deletions(-) create mode 100644 tests/executor/memory_limit.phpt create mode 100644 tests/executor/memory_limit_64bit.phpt create mode 100644 tests/executor/memory_limit_64bit_10G.phpt create mode 100644 tests/executor/memory_limit_negative.phpt create mode 100644 tests/executor/memory_limit_other_hardlimit.phpt diff --git a/execute.c b/execute.c index 353f691..ea9b21a 100644 --- a/execute.c +++ b/execute.c @@ -151,7 +151,7 @@ static int suhosin_check_filename(char *s, int slen) SDEBUG("fn=%s", s); /* disallow uploaded files */ if (SG(rfc1867_uploaded_files)) { - if (zend_hash_str_exists(SG(rfc1867_uploaded_files), s, slen)) { // <--- TODO: range check + if (zend_hash_str_exists(SG(rfc1867_uploaded_files), s, slen)) { return SUHOSIN_CODE_TYPE_UPLOADED; } } @@ -777,9 +777,7 @@ ZEND_API static void suhosin_execute_internal(zend_execute_data *execute_data, z } suhosin_internal_function_handler *ih; - // SDEBUG("before %d", zend_hash_exists(&ihandler_table, function_name)); if ((ih = zend_hash_find_ptr(&ihandler_table, function_name))) { - // SDEBUG("AFTER"); void *handler = execute_data->func->internal_function.handler; if (handler != ZEND_FN(display_disabled_function)) { diff --git a/memory_limit.c b/memory_limit.c index 5b8b438..2a7a114 100644 --- a/memory_limit.c +++ b/memory_limit.c @@ -52,6 +52,7 @@ static PHP_INI_MH(suhosin_OnChangeMemoryLimit) if (new_value) { PG(memory_limit) = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value)); if (hard_memory_limit > 0) { + // SDEBUG("%lld > %lld ?", PG(memory_limit), hard_memory_limit); if (PG(memory_limit) > hard_memory_limit) { suhosin_log(S_MISC, "script tried to increase memory_limit to " ZEND_LONG_FMT " bytes which is above the allowed value", PG(memory_limit)); if (!SUHOSIN7_G(simulation)) { diff --git a/suhosin7.c b/suhosin7.c index 7e29f2e..1537130 100644 --- a/suhosin7.c +++ b/suhosin7.c @@ -309,8 +309,8 @@ PHP_INI_BEGIN() // STD_S7_INI_BOOLEAN("suhosin.multiheader", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader) // STD_S7_INI_ENTRY("suhosin.mail.protect", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, mailprotect) - // STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit) - // STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation) + STD_S7_INI_ENTRY("suhosin.memory_limit", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscLong, memory_limit) + STD_S7_INI_BOOLEAN("suhosin.simulation", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, simulation) // STD_S7_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action) // STD_S7_INI_BOOLEAN("suhosin.protectkey", "1", PHP_INI_SYSTEM, OnUpdateBool, protectkey) @@ -517,7 +517,7 @@ PHP_MINIT_FUNCTION(suhosin7) suhosin_hook_header_handler(); suhosin_hook_execute(); - // suhosin_hook_memory_limit(); + suhosin_hook_memory_limit(); // suhosin_hook_sha256(); return SUCCESS; diff --git a/tests/executor/memory_limit.phpt b/tests/executor/memory_limit.phpt new file mode 100644 index 0000000..404ab19 --- /dev/null +++ b/tests/executor/memory_limit.phpt @@ -0,0 +1,29 @@ +--TEST-- +memory_limit test: set suhosin hard_limit to normal limit +--SKIPIF-- + +--INI-- +memory_limit=16M +suhosin.memory_limit=0 +suhosin.log.syslog=0 +suhosin.log.script=0 +suhosin.log.sapi=2 +--FILE-- + +--EXPECTF-- +13M +14M +15M +16M +ALERT - script tried to increase memory_limit to 17825792 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 6) +16M +ALERT - script tried to increase memory_limit to 18874368 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7) +16M + diff --git a/tests/executor/memory_limit_64bit.phpt b/tests/executor/memory_limit_64bit.phpt new file mode 100644 index 0000000..35be80b --- /dev/null +++ b/tests/executor/memory_limit_64bit.phpt @@ -0,0 +1,43 @@ +--TEST-- +memory_limit test: set suhosin hard_limit to normal limit (64 bit) +--SKIPIF-- + +--INI-- +memory_limit=16M +suhosin.memory_limit=0 +suhosin.log.syslog=0 +suhosin.log.script=0 +suhosin.log.sapi=2 +--FILE-- + +--EXPECTF-- +13M +14M +15M +16M +ALERT - script tried to increase memory_limit to 17825792 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 6) +16M +ALERT - script tried to increase memory_limit to 18874368 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7) +16M +ALERT - script tried to increase memory_limit to 2147483648 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 8) +16M +ALERT - script tried to increase memory_limit to 3221225472 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 9) +16M +ALERT - script tried to increase memory_limit to 4294967296 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 10) +16M +ALERT - script tried to increase memory_limit to 5368709120 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 11) +16M + diff --git a/tests/executor/memory_limit_64bit_10G.phpt b/tests/executor/memory_limit_64bit_10G.phpt new file mode 100644 index 0000000..284db50 --- /dev/null +++ b/tests/executor/memory_limit_64bit_10G.phpt @@ -0,0 +1,36 @@ +--TEST-- +memory_limit test: set suhosin hard_limit to normal limit (64 bit) - 10 GB +--SKIPIF-- + +--INI-- +memory_limit=10G +suhosin.memory_limit=0 +suhosin.log.syslog=0 +suhosin.log.script=0 +suhosin.log.sapi=2 +--FILE-- + +--EXPECTF-- +13M +14M +15M +16M +17M +18M +2G +3G +4G +5G diff --git a/tests/executor/memory_limit_negative.phpt b/tests/executor/memory_limit_negative.phpt new file mode 100644 index 0000000..7fad546 --- /dev/null +++ b/tests/executor/memory_limit_negative.phpt @@ -0,0 +1,18 @@ +--TEST-- +memory_limit test: trying to set memory_limit to a negative value +--SKIPIF-- + +--INI-- +memory_limit=16M +suhosin.memory_limit=17M +suhosin.log.syslog=0 +suhosin.log.script=0 +suhosin.log.sapi=2 +--FILE-- + +--EXPECTF-- +ALERT - script tried to disable memory_limit by setting it to a negative value -%d bytes which is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2) +16M + diff --git a/tests/executor/memory_limit_other_hardlimit.phpt b/tests/executor/memory_limit_other_hardlimit.phpt new file mode 100644 index 0000000..cac11dc --- /dev/null +++ b/tests/executor/memory_limit_other_hardlimit.phpt @@ -0,0 +1,28 @@ +--TEST-- +memory_limit test: set suhosin hard_limit to normal limit + 1M +--SKIPIF-- + +--INI-- +memory_limit=16M +suhosin.memory_limit=17M +suhosin.log.syslog=0 +suhosin.log.script=0 +suhosin.log.sapi=2 +--FILE-- + +--EXPECTF-- +13M +14M +15M +16M +17M +ALERT - script tried to increase memory_limit to %d bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 7) +17M + -- cgit v1.3