From a17a53b490bd5127a7ec67063a31b186e6956805 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 7 Mar 2016 23:29:21 +0100 Subject: session support --- config.m4 | 2 +- cookiecrypt.c | 5 +- header.c | 2 +- php_suhosin7.h | 16 ++ session.c | 309 +++++++++++++++++++++ suhosin7.c | 16 +- tests/session/PHPSESSID_max_id_length_ok.phpt | 16 ++ tests/session/PHPSESSID_max_id_length_toolong.phpt | 16 ++ tests/session/crypt.checkraddr_4.phpt | 29 ++ tests/session/crypt.checkraddr_4_incorrect.phpt | 27 ++ tests/session/crypt.docroot.phpt | 25 ++ tests/session/crypt.key_default.phpt | 21 ++ tests/session/crypt.key_empty.phpt | 21 ++ tests/session/crypt.key_empty_remote_addr.phpt | 25 ++ tests/session/crypt.no_encryption.phpt | 15 + tests/session/crypt.raddr_1.phpt | 25 ++ tests/session/crypt.raddr_2.phpt | 25 ++ tests/session/crypt.raddr_3.phpt | 25 ++ tests/session/crypt.raddr_4.phpt | 25 ++ tests/session/crypt.ua.phpt | 25 ++ tests/session/max_id_length_ok.phpt | 16 ++ tests/session/max_id_length_toolong.phpt | 15 + tests/session/session_recursive_crash.phpt | 25 ++ tests/session/session_recursive_crash2.phpt | 61 ++++ tests/session/sessionhandler.inc | 43 +++ 25 files changed, 819 insertions(+), 11 deletions(-) create mode 100644 session.c create mode 100644 tests/session/PHPSESSID_max_id_length_ok.phpt create mode 100644 tests/session/PHPSESSID_max_id_length_toolong.phpt create mode 100644 tests/session/crypt.checkraddr_4.phpt create mode 100644 tests/session/crypt.checkraddr_4_incorrect.phpt create mode 100644 tests/session/crypt.docroot.phpt create mode 100644 tests/session/crypt.key_default.phpt create mode 100644 tests/session/crypt.key_empty.phpt create mode 100644 tests/session/crypt.key_empty_remote_addr.phpt create mode 100644 tests/session/crypt.no_encryption.phpt create mode 100644 tests/session/crypt.raddr_1.phpt create mode 100644 tests/session/crypt.raddr_2.phpt create mode 100644 tests/session/crypt.raddr_3.phpt create mode 100644 tests/session/crypt.raddr_4.phpt create mode 100644 tests/session/crypt.ua.phpt create mode 100644 tests/session/max_id_length_ok.phpt create mode 100644 tests/session/max_id_length_toolong.phpt create mode 100644 tests/session/session_recursive_crash.phpt create mode 100644 tests/session/session_recursive_crash2.phpt create mode 100644 tests/session/sessionhandler.inc diff --git a/config.m4 b/config.m4 index 9cb8969..a6dade9 100644 --- a/config.m4 +++ b/config.m4 @@ -5,7 +5,7 @@ PHP_ARG_ENABLE(suhosin7, whether to enable suhosin support, [ --enable-suhosin7 Enable suhosin support]) if test "$PHP_SUHOSIN7" != "no"; then - PHP_NEW_EXTENSION(suhosin7, suhosin7.c ifilter.c memory_limit.c aes.c treat_data.c log.c execute.c execute_ih.c execute_rnd.c crypt.c cookiecrypt.c header.c, $ext_shared,, [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1]) + PHP_NEW_EXTENSION(suhosin7, suhosin7.c ifilter.c memory_limit.c aes.c treat_data.c log.c execute.c execute_ih.c execute_rnd.c crypt.c cookiecrypt.c header.c session.c, $ext_shared,, [-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1]) PHP_ADD_EXTENSION_DEP(suhosin7, hash) echo "===== WARNING ============================================" echo " Suhosin7 for PHP 7 is in alpha stage at the moment and" diff --git a/cookiecrypt.c b/cookiecrypt.c index 70b0c5a..f4f3638 100644 --- a/cookiecrypt.c +++ b/cookiecrypt.c @@ -106,8 +106,9 @@ char *suhosin_cookie_decryptor(char *raw_cookie) // int j; char cryptkey[33]; - suhosin_generate_key(SUHOSIN7_G(cookie_cryptkey), SUHOSIN7_G(cookie_cryptua), SUHOSIN7_G(cookie_cryptdocroot), SUHOSIN7_G(cookie_cryptraddr), cryptkey); - SDEBUG("cryptkey=%02x.%02x.%02x", cryptkey[0], cryptkey[1], cryptkey[2]); + // suhosin_generate_key(SUHOSIN7_G(cookie_cryptkey), SUHOSIN7_G(cookie_cryptua), SUHOSIN7_G(cookie_cryptdocroot), SUHOSIN7_G(cookie_cryptraddr), cryptkey); + S7_GENERATE_KEY(cookie, cryptkey); + // SDEBUG("cryptkey=%02x.%02x.%02x", cryptkey[0], cryptkey[1], cryptkey[2]); ret = decrypted = emalloc(strlen(raw_cookie)*4+1); raw_cookie = estrdup(raw_cookie); diff --git a/header.c b/header.c index a916746..b7ce010 100644 --- a/header.c +++ b/header.c @@ -75,7 +75,7 @@ static int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_o int nlen, vlen, len, tlen; char cryptkey[33]; - suhosin_generate_key(SUHOSIN7_G(cookie_cryptkey), SUHOSIN7_G(cookie_cryptua), SUHOSIN7_G(cookie_cryptdocroot), SUHOSIN7_G(cookie_cryptraddr), (char *)cryptkey); + S7_GENERATE_KEY(cookie, cryptkey); start = estrndup(sapi_header->header, sapi_header->header_len); rend = end = start + sapi_header->header_len; diff --git a/php_suhosin7.h b/php_suhosin7.h index cbde402..75244fe 100644 --- a/php_suhosin7.h +++ b/php_suhosin7.h @@ -71,6 +71,9 @@ extern zend_module_entry suhosin7_module_entry; // PHP_MINFO_FUNCTION(suhosin); #include "ext/standard/basic_functions.h" +#ifdef HAVE_PHP_SESSION +#include "ext/session/php_session.h" +#endif static inline int suhosin_is_protected_varname(char *var, int var_len) { @@ -219,6 +222,15 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin7) zend_bool no_more_cookie_variables; zend_bool no_more_uploads; + /* session */ +#ifdef HAVE_PHP_SESSION + void *s_module; + void *s_original_mod; + int (*old_s_read)(PS_READ_ARGS); + int (*old_s_write)(PS_WRITE_ARGS); + int (*old_s_destroy)(PS_DESTROY_ARGS); +#endif + /* encryption */ BYTE fi[24],ri[24]; WORD fkey[120]; @@ -377,6 +389,9 @@ void suhosin_hook_header_handler(); void suhosin_unhook_header_handler(); void suhosin_hook_execute(); // void suhosin_hook_sha256(); +#ifdef HAVE_PHP_SESSION +void suhosin_hook_session(); +#endif // ifilter.c void suhosin_normalize_varname(char *varname); @@ -390,6 +405,7 @@ char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int v zend_string *suhosin_encrypt_string(char *str, int len, char *var, int vlen, char *key); zend_string *suhosin_decrypt_string(char *str, int padded_len, char *var, int vlen, char *key, int check_ra); char *suhosin_generate_key(char *key, zend_bool ua, zend_bool dr, long raddr, char *cryptkey); +#define S7_GENERATE_KEY(type, keyvar) suhosin_generate_key(SUHOSIN7_G(type ## _cryptkey), SUHOSIN7_G(type ## _cryptua), SUHOSIN7_G(type ## _cryptdocroot), SUHOSIN7_G(type ## _cryptraddr), (char *)keyvar); // aes.c void suhosin_aes_gentables(); diff --git a/session.c b/session.c new file mode 100644 index 0000000..ad114d4 --- /dev/null +++ b/session.c @@ -0,0 +1,309 @@ +/* + +----------------------------------------------------------------------+ + | Suhosin Version 1 | + +----------------------------------------------------------------------+ + | Copyright (c) 2006-2007 The Hardened-PHP Project | + | Copyright (c) 2007-2016 SektionEins GmbH | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Stefan Esser | + | Ben Fuhrmannek | + +----------------------------------------------------------------------+ +*/ +/* + $Id: session.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ +*/ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "php.h" +#include "SAPI.h" +#include "php_ini.h" +#include "zend_smart_str.h" +#include "ext/standard/php_var.h" +#include + +#include "php_suhosin7.h" + +#include "ext/hash/php_hash.h" + +#ifdef HAVE_PHP_SESSION +#include "ext/session/php_session.h" + +#ifdef ZTS +static ts_rsrc_id session_globals_id = 0; +#define SESSION_G(v) ZEND_TSRMG(session_globals_id, php_ps_globals *, v) +# ifdef COMPILE_DL_SESSION +ZEND_TSRMLS_CACHE_EXTERN(); +# endif +#else +static php_ps_globals *session_globals = NULL; +#define SESSION_G(v) (ps_globals.v) +#endif + +#define COND_DUMB_SH key == NULL || ZSTR_LEN(key) == 0 || ZSTR_VAL(key)[0] == 0 \ + || ZSTR_LEN(key) > SUHOSIN7_G(session_max_id_length) \ + || ((mod_data == NULL || *mod_data == NULL) && !SESSION_G(mod_user_implemented)) + +static void suhosin_send_cookie() +{ + int * session_send_cookie = &SESSION_G(send_cookie); + char * base; + zend_ini_entry *ini_entry; + + /* The following is requires to be 100% compatible to PHP + versions where the hash extension is not available by default */ + if ((ini_entry = zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("session.hash_bits_per_character"))) != NULL) { +#ifndef ZTS + base = (char *) ini_entry->mh_arg2; +#else + base = (char *) ts_resource(*((int *) ini_entry->mh_arg2)); +#endif + session_send_cookie = (int *) (base+(size_t) ini_entry->mh_arg1+sizeof(long)); + } + *session_send_cookie = 1; +} + + + +static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; +static int (*old_SessionRINIT)(INIT_FUNC_ARGS) = NULL; + +static int suhosin_hook_s_read(PS_READ_ARGS) +{ + zend_string *new_key = key; + + /* protect session vars */ +/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { + SESSION_G(http_session_vars)->refcount++; + }*/ + + /* protect dumb session handlers */ + if (COND_DUMB_SH) { +regenerate: + SDEBUG("regenerating key. old key was %s", key ? ZSTR_VAL(key) : ""); + zend_string_release(SESSION_G(id)); + new_key = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data)); + suhosin_send_cookie(); + } else if (ZSTR_LEN(key) > SUHOSIN7_G(session_max_id_length)) { + suhosin_log(S_SESSION, "session id ('%s') exceeds maximum length - regenerating", ZSTR_VAL(key)); + if (!SUHOSIN7_G(simulation)) { + goto regenerate; + } + } + + int r = SUHOSIN7_G(old_s_read)(mod_data, new_key, val, maxlifetime); + + if (r == SUCCESS && SUHOSIN7_G(session_encrypt) && val != NULL && *val != NULL && ZSTR_LEN(*val)) { + char cryptkey[33]; + + // SUHOSIN7_G(do_not_scan) = 1; + S7_GENERATE_KEY(session, cryptkey); + + zend_string *orig_val = *val; + *val = suhosin_decrypt_string(ZSTR_VAL(*val), ZSTR_LEN(*val), "", 0, (char *)cryptkey, SUHOSIN7_G(session_checkraddr)); + // SUHOSIN7_G(do_not_scan) = 0; + if (*val == NULL) { + *val = ZSTR_EMPTY_ALLOC(); + } + zend_string_release(orig_val); + } + + return r; +} + +static int suhosin_hook_s_write(PS_WRITE_ARGS) +{ + /* protect dumb session handlers */ + if (COND_DUMB_SH) { + return FAILURE; + } + + if (ZSTR_LEN(val) > 0 && SUHOSIN7_G(session_encrypt)) { + char cryptkey[33]; + // SUHOSIN7_G(do_not_scan) = 1; + S7_GENERATE_KEY(session, cryptkey); + + zend_string *v = suhosin_encrypt_string(ZSTR_VAL(val), ZSTR_LEN(val), "", 0, cryptkey); + + // SUHOSIN7_G(do_not_scan) = 0; + return SUHOSIN7_G(old_s_write)(mod_data, key, v, maxlifetime); + } + + return SUHOSIN7_G(old_s_write)(mod_data, key, val, maxlifetime); + +// return_write: + /* protect session vars */ +/* if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { + if (SESSION_G(http_session_vars)->refcount==1) { + nullify = 1; + } + zval_ptr_dtor(&SESSION_G(http_session_vars)); + if (nullify) { + suhosin_log(S_SESSION, "possible session variables double free attack stopped"); + SESSION_G(http_session_vars) = NULL; + } + }*/ + + // return r; +} + +static int suhosin_hook_s_destroy(PS_DESTROY_ARGS) +{ + /* protect dumb session handlers */ + if (COND_DUMB_SH) { + return FAILURE; + } + + return SUHOSIN7_G(old_s_destroy)(mod_data, key); +} + +static void suhosin_hook_session_module() +{ + ps_module *old_mod = SESSION_G(mod); + ps_module *mod; + + if (old_mod == NULL || SUHOSIN7_G(s_module) == old_mod) { + return; + } + + if (SUHOSIN7_G(s_module) == NULL) { + SUHOSIN7_G(s_module) = mod = malloc(sizeof(ps_module)); + if (mod == NULL) { + return; + } + } + + SUHOSIN7_G(s_original_mod) = old_mod; + + mod = SUHOSIN7_G(s_module); + memcpy(mod, old_mod, sizeof(ps_module)); + + SUHOSIN7_G(old_s_read) = mod->s_read; + mod->s_read = suhosin_hook_s_read; + SUHOSIN7_G(old_s_write) = mod->s_write; + mod->s_write = suhosin_hook_s_write; + SUHOSIN7_G(old_s_destroy) = mod->s_destroy; + mod->s_destroy = suhosin_hook_s_destroy; + + SESSION_G(mod) = mod; +} + +static PHP_INI_MH(suhosin_OnUpdateSaveHandler) +{ + if (stage == PHP_INI_STAGE_RUNTIME + && SESSION_G(session_status) == php_session_none + && SUHOSIN7_G(s_original_mod) + && zend_string_equals_literal(new_value, "user") == 0 + && strcmp(((ps_module*)SUHOSIN7_G(s_original_mod))->s_name, "user") == 0) { + return SUCCESS; + } + + SESSION_G(mod) = SUHOSIN7_G(s_original_mod); + + int r = old_OnUpdateSaveHandler(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); + + suhosin_hook_session_module(); + + return r; +} + + +static int suhosin_hook_session_RINIT(INIT_FUNC_ARGS) +{ + if (SESSION_G(mod) == NULL) { + zend_ini_entry *ini_entry; + if ((ini_entry = zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("session.save_handler")))) { + if (ini_entry->value) { + suhosin_OnUpdateSaveHandler(NULL, ini_entry->value, NULL, NULL, NULL, 0); + } + } + } + return old_SessionRINIT(INIT_FUNC_ARGS_PASSTHRU); +} + +void suhosin_hook_session() +{ + zend_module_entry *module; + + if ((module = zend_hash_str_find_ptr(&module_registry, ZEND_STRL("session"))) == NULL) { + return; + } + /* retrieve globals from module entry struct if possible */ +#ifdef ZTS + if (session_globals_id == 0) { + session_globals_id = *module->globals_id_ptr; + } +#else + if (session_globals == NULL) { + session_globals = module->globals_ptr; + } +#endif + + if (old_OnUpdateSaveHandler != NULL) { + return; + } + + /* hook request startup function of session module */ + old_SessionRINIT = module->request_startup_func; + module->request_startup_func = suhosin_hook_session_RINIT; + + /* retrieve pointer to session.save_handler ini entry */ + zend_ini_entry *ini_entry; + if ((ini_entry = zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("session.save_handler"))) != NULL) { + /* replace OnUpdateMemoryLimit handler */ + old_OnUpdateSaveHandler = ini_entry->on_modify; + ini_entry->on_modify = suhosin_OnUpdateSaveHandler; + } + SUHOSIN7_G(s_module) = NULL; + + suhosin_hook_session_module(); + +#if HAVE_DEV_URANDOM + /* increase session identifier entropy */ + if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) { + SESSION_G(entropy_length) = 16; + SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1); + } +#endif +} + +// void suhosin_unhook_session() +// { +// if (old_OnUpdateSaveHandler == NULL) { +// return; +// } +// +// /* retrieve pointer to session.save_handler ini entry */ +// zend_ini_entry *ini_entry; +// if ((ini_entry = zend_hash_find(EG(ini_directives), ZEND_STRL("session.save_handler"))) == NULL) { +// return; +// } +// ini_entry->on_modify = old_OnUpdateSaveHandler; +// old_OnUpdateSaveHandler = NULL; +// } + +#else /* HAVE_PHP_SESSION */ + +#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT + +#endif /* HAVE_PHP_SESSION */ + + +/* + * Local variables: + * tab-width: 4 + * c-basic-offset: 4 + * End: + * vim600: sw=4 ts=4 fdm=marker + * vim<600: sw=4 ts=4 + */ diff --git a/suhosin7.c b/suhosin7.c index 7986f2a..6d6655a 100644 --- a/suhosin7.c +++ b/suhosin7.c @@ -377,13 +377,13 @@ PHP_INI_BEGIN() // STD_S7_INI_ENTRY("suhosin.sql.union", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_union) #ifdef HAVE_PHP_SESSION - // STD_S7_INI_BOOLEAN("suhosin.session.encrypt", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_encrypt) + STD_S7_INI_BOOLEAN("suhosin.session.encrypt", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_encrypt) STD_S7_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey) - // STD_S7_INI_BOOLEAN("suhosin.session.cryptua", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_cryptua) - // STD_S7_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot) - // STD_S7_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr) - // STD_S7_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr) - // STD_S7_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length) + STD_S7_INI_BOOLEAN("suhosin.session.cryptua", "0", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_cryptua) + STD_S7_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot) + STD_S7_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr) + STD_S7_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr) + STD_S7_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length) #else /* HAVE_PHP_SESSION */ #warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT. THIS IS A BAD IDEA! #ifndef SUHOSIN_WITHOUT_SESSION @@ -518,9 +518,11 @@ PHP_MINIT_FUNCTION(suhosin7) suhosin_hook_register_server_variables(); suhosin_hook_header_handler(); suhosin_hook_execute(); - suhosin_hook_memory_limit(); // suhosin_hook_sha256(); +#ifdef HAVE_PHP_SESSION + suhosin_hook_session(); +#endif return SUCCESS; } diff --git a/tests/session/PHPSESSID_max_id_length_ok.phpt b/tests/session/PHPSESSID_max_id_length_ok.phpt new file mode 100644 index 0000000..2673d08 --- /dev/null +++ b/tests/session/PHPSESSID_max_id_length_ok.phpt @@ -0,0 +1,16 @@ +--TEST-- +PHPSESSID session id not too long +--SKIPIF-- + +--INI-- +suhosin.session.max_id_length=32 +session.hash_bits_per_character=4 +--COOKIE-- +PHPSESSID=12345678901234567890123456789012; +--FILE-- + +--EXPECTF-- +12345678901234567890123456789012 \ No newline at end of file diff --git a/tests/session/PHPSESSID_max_id_length_toolong.phpt b/tests/session/PHPSESSID_max_id_length_toolong.phpt new file mode 100644 index 0000000..6bd71fb --- /dev/null +++ b/tests/session/PHPSESSID_max_id_length_toolong.phpt @@ -0,0 +1,16 @@ +--TEST-- +PHPSESSID session id too long +--SKIPIF-- + +--INI-- +suhosin.session.max_id_length=32 +session.hash_bits_per_character=4 +--COOKIE-- +PHPSESSID=123456789012345678901234567890123; +--FILE-- + +--EXPECTF-- +32 \ No newline at end of file diff --git a/tests/session/crypt.checkraddr_4.phpt b/tests/session/crypt.checkraddr_4.phpt new file mode 100644 index 0000000..42ac96a --- /dev/null +++ b/tests/session/crypt.checkraddr_4.phpt @@ -0,0 +1,29 @@ +--TEST-- +session encryption with checkraddr=4 +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +array(1) { + ["a"]=> + string(1) "b" +} diff --git a/tests/session/crypt.checkraddr_4_incorrect.phpt b/tests/session/crypt.checkraddr_4_incorrect.phpt new file mode 100644 index 0000000..cc468b8 --- /dev/null +++ b/tests/session/crypt.checkraddr_4_incorrect.phpt @@ -0,0 +1,27 @@ +--TEST-- +session encryption with checkraddr=4 and incorrect REMOTE_ADDR +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +array(0) { +} diff --git a/tests/session/crypt.docroot.phpt b/tests/session/crypt.docroot.phpt new file mode 100644 index 0000000..d5b6fc6 --- /dev/null +++ b/tests/session/crypt.docroot.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption using docroot +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: NKChb1rdctXd-Acz0uzOYVnJT_J2mxYRVUgSh0w5mlk. diff --git a/tests/session/crypt.key_default.phpt b/tests/session/crypt.key_default.phpt new file mode 100644 index 0000000..8e4f12a --- /dev/null +++ b/tests/session/crypt.key_default.phpt @@ -0,0 +1,21 @@ +--TEST-- +session with encryption default key +--SKIPIF-- + +--INI-- +suhosin.session.encrypt=On +suhosin.session.cryptkey=D3F4UL7 +suhosin.session.cryptua=Off +suhosin.session.cryptdocroot=Off +suhosin.session.cryptraddr=0 +suhosin.session.checkraddr=0 +--FILE-- + +--EXPECTF-- +SESSION: RIuy2LSSd3_s3hhDCnN89bNWyCnhvNAO0YUq7OQKuJc. diff --git a/tests/session/crypt.key_empty.phpt b/tests/session/crypt.key_empty.phpt new file mode 100644 index 0000000..3e5da11 --- /dev/null +++ b/tests/session/crypt.key_empty.phpt @@ -0,0 +1,21 @@ +--TEST-- +session with encryption key empty +--SKIPIF-- + +--INI-- +suhosin.session.encrypt=On +suhosin.session.cryptkey= +suhosin.session.cryptua=Off +suhosin.session.cryptdocroot=Off +suhosin.session.cryptraddr=0 +suhosin.session.checkraddr=0 +--FILE-- + +--EXPECTF-- +SESSION: RIuy2LSSd3_s3hhDCnN89bNWyCnhvNAO0YUq7OQKuJc. diff --git a/tests/session/crypt.key_empty_remote_addr.phpt b/tests/session/crypt.key_empty_remote_addr.phpt new file mode 100644 index 0000000..cf1292a --- /dev/null +++ b/tests/session/crypt.key_empty_remote_addr.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption key empty and REMOTE_ADDR set +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: j1YTvIOAUqxZMjuJ_ZnHPHWY5XEayycsr7O94aMzmBQ. diff --git a/tests/session/crypt.no_encryption.phpt b/tests/session/crypt.no_encryption.phpt new file mode 100644 index 0000000..6b6bc97 --- /dev/null +++ b/tests/session/crypt.no_encryption.phpt @@ -0,0 +1,15 @@ +--TEST-- +session without encryption +--SKIPIF-- + +--INI-- +suhosin.session.encrypt=Off +--FILE-- + +--EXPECTF-- +SESSION: a|s:1:"b"; \ No newline at end of file diff --git a/tests/session/crypt.raddr_1.phpt b/tests/session/crypt.raddr_1.phpt new file mode 100644 index 0000000..2070d03 --- /dev/null +++ b/tests/session/crypt.raddr_1.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption using REMOTE_ADDR (cryptraddr=1) +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: wkiQGgZgWnBFDyCs_4QYD_oaw_m35l_5I35XRg0wX_g. diff --git a/tests/session/crypt.raddr_2.phpt b/tests/session/crypt.raddr_2.phpt new file mode 100644 index 0000000..b8c21bc --- /dev/null +++ b/tests/session/crypt.raddr_2.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption using REMOTE_ADDR (cryptraddr=2) +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: WDyvE0R4mUqvOG6e5VzhfgWMjfCWSFC5bNNI_3dIT3w. diff --git a/tests/session/crypt.raddr_3.phpt b/tests/session/crypt.raddr_3.phpt new file mode 100644 index 0000000..afe2729 --- /dev/null +++ b/tests/session/crypt.raddr_3.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption using REMOTE_ADDR (cryptraddr=3) +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: 6kLKLrgCmlOuEPXPON_K5SWHLuIbHdLsh4MJ0QtTFj8. diff --git a/tests/session/crypt.raddr_4.phpt b/tests/session/crypt.raddr_4.phpt new file mode 100644 index 0000000..28b4098 --- /dev/null +++ b/tests/session/crypt.raddr_4.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption using REMOTE_ADDR (cryptraddr=4) +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: QYSbWh8enETvdtKfao8G6aiXqK7_lhzFmRNYa2lo-UM. diff --git a/tests/session/crypt.ua.phpt b/tests/session/crypt.ua.phpt new file mode 100644 index 0000000..4c53273 --- /dev/null +++ b/tests/session/crypt.ua.phpt @@ -0,0 +1,25 @@ +--TEST-- +session with encryption using ua +--SKIPIF-- + +--ENV-- +return << +--EXPECTF-- +SESSION: 3pVZdIv7vHG-PwO_rLQLUGerd4L_UX60xJoAM-IoVC4. diff --git a/tests/session/max_id_length_ok.phpt b/tests/session/max_id_length_ok.phpt new file mode 100644 index 0000000..dbecebd --- /dev/null +++ b/tests/session/max_id_length_ok.phpt @@ -0,0 +1,16 @@ +--TEST-- +session id not too long +--SKIPIF-- + +--INI-- +suhosin.session.max_id_length=32 +session.hash_bits_per_character=4 +session.use_strict_mode=0 +--FILE-- + +--EXPECTF-- +12345678901234567890123456789012 diff --git a/tests/session/max_id_length_toolong.phpt b/tests/session/max_id_length_toolong.phpt new file mode 100644 index 0000000..a8ec4cc --- /dev/null +++ b/tests/session/max_id_length_toolong.phpt @@ -0,0 +1,15 @@ +--TEST-- +session id too long +--SKIPIF-- + +--INI-- +suhosin.session.max_id_length=32 +session.hash_bits_per_character=4 +--FILE-- + +--EXPECTF-- +32 \ No newline at end of file diff --git a/tests/session/session_recursive_crash.phpt b/tests/session/session_recursive_crash.phpt new file mode 100644 index 0000000..62cb9cd --- /dev/null +++ b/tests/session/session_recursive_crash.phpt @@ -0,0 +1,25 @@ +--TEST-- +session SessionHandler() recursive crash +--SKIPIF-- + +--ENV-- +return << + string(1) "b" +} diff --git a/tests/session/session_recursive_crash2.phpt b/tests/session/session_recursive_crash2.phpt new file mode 100644 index 0000000..2a32226 --- /dev/null +++ b/tests/session/session_recursive_crash2.phpt @@ -0,0 +1,61 @@ +--TEST-- +session user handler recursive crash - issue suhosin#60 +--SKIPIF-- + +--ENV-- +return << -- cgit v1.3