From a17a53b490bd5127a7ec67063a31b186e6956805 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Mon, 7 Mar 2016 23:29:21 +0100
Subject: session support

---
 tests/session/PHPSESSID_max_id_length_ok.phpt      | 16 ++++++
 tests/session/PHPSESSID_max_id_length_toolong.phpt | 16 ++++++
 tests/session/crypt.checkraddr_4.phpt              | 29 ++++++++++
 tests/session/crypt.checkraddr_4_incorrect.phpt    | 27 ++++++++++
 tests/session/crypt.docroot.phpt                   | 25 +++++++++
 tests/session/crypt.key_default.phpt               | 21 ++++++++
 tests/session/crypt.key_empty.phpt                 | 21 ++++++++
 tests/session/crypt.key_empty_remote_addr.phpt     | 25 +++++++++
 tests/session/crypt.no_encryption.phpt             | 15 ++++++
 tests/session/crypt.raddr_1.phpt                   | 25 +++++++++
 tests/session/crypt.raddr_2.phpt                   | 25 +++++++++
 tests/session/crypt.raddr_3.phpt                   | 25 +++++++++
 tests/session/crypt.raddr_4.phpt                   | 25 +++++++++
 tests/session/crypt.ua.phpt                        | 25 +++++++++
 tests/session/max_id_length_ok.phpt                | 16 ++++++
 tests/session/max_id_length_toolong.phpt           | 15 ++++++
 tests/session/session_recursive_crash.phpt         | 25 +++++++++
 tests/session/session_recursive_crash2.phpt        | 61 ++++++++++++++++++++++
 tests/session/sessionhandler.inc                   | 43 +++++++++++++++
 19 files changed, 480 insertions(+)
 create mode 100644 tests/session/PHPSESSID_max_id_length_ok.phpt
 create mode 100644 tests/session/PHPSESSID_max_id_length_toolong.phpt
 create mode 100644 tests/session/crypt.checkraddr_4.phpt
 create mode 100644 tests/session/crypt.checkraddr_4_incorrect.phpt
 create mode 100644 tests/session/crypt.docroot.phpt
 create mode 100644 tests/session/crypt.key_default.phpt
 create mode 100644 tests/session/crypt.key_empty.phpt
 create mode 100644 tests/session/crypt.key_empty_remote_addr.phpt
 create mode 100644 tests/session/crypt.no_encryption.phpt
 create mode 100644 tests/session/crypt.raddr_1.phpt
 create mode 100644 tests/session/crypt.raddr_2.phpt
 create mode 100644 tests/session/crypt.raddr_3.phpt
 create mode 100644 tests/session/crypt.raddr_4.phpt
 create mode 100644 tests/session/crypt.ua.phpt
 create mode 100644 tests/session/max_id_length_ok.phpt
 create mode 100644 tests/session/max_id_length_toolong.phpt
 create mode 100644 tests/session/session_recursive_crash.phpt
 create mode 100644 tests/session/session_recursive_crash2.phpt
 create mode 100644 tests/session/sessionhandler.inc

(limited to 'tests')

diff --git a/tests/session/PHPSESSID_max_id_length_ok.phpt b/tests/session/PHPSESSID_max_id_length_ok.phpt
new file mode 100644
index 0000000..2673d08
--- /dev/null
+++ b/tests/session/PHPSESSID_max_id_length_ok.phpt
@@ -0,0 +1,16 @@
+--TEST--
+PHPSESSID session id not too long
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.max_id_length=32
+session.hash_bits_per_character=4
+--COOKIE--
+PHPSESSID=12345678901234567890123456789012;
+--FILE--
+<?php
+session_start();
+echo session_id();
+?>
+--EXPECTF--
+12345678901234567890123456789012
\ No newline at end of file
diff --git a/tests/session/PHPSESSID_max_id_length_toolong.phpt b/tests/session/PHPSESSID_max_id_length_toolong.phpt
new file mode 100644
index 0000000..6bd71fb
--- /dev/null
+++ b/tests/session/PHPSESSID_max_id_length_toolong.phpt
@@ -0,0 +1,16 @@
+--TEST--
+PHPSESSID session id too long
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.max_id_length=32
+session.hash_bits_per_character=4
+--COOKIE--
+PHPSESSID=123456789012345678901234567890123;
+--FILE--
+<?php
+session_start();
+echo strlen(session_id());
+?>
+--EXPECTF--
+32
\ No newline at end of file
diff --git a/tests/session/crypt.checkraddr_4.phpt b/tests/session/crypt.checkraddr_4.phpt
new file mode 100644
index 0000000..42ac96a
--- /dev/null
+++ b/tests/session/crypt.checkraddr_4.phpt
@@ -0,0 +1,29 @@
+--TEST--
+session encryption with checkraddr=4
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+PHPSESSID=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=4
+--FILE--
+<?php
+include "sessionhandler.inc";
+
+session_test_start(new RemoteAddrSessionHandler());
+var_dump($_SESSION);
+
+?>
+--EXPECTF--
+array(1) {
+  ["a"]=>
+  string(1) "b"
+}
diff --git a/tests/session/crypt.checkraddr_4_incorrect.phpt b/tests/session/crypt.checkraddr_4_incorrect.phpt
new file mode 100644
index 0000000..cc468b8
--- /dev/null
+++ b/tests/session/crypt.checkraddr_4_incorrect.phpt
@@ -0,0 +1,27 @@
+--TEST--
+session encryption with checkraddr=4 and incorrect REMOTE_ADDR
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.2
+PHPSESSID=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=4
+--FILE--
+<?php
+include "sessionhandler.inc";
+
+session_test_start(new RemoteAddrSessionHandler());
+var_dump($_SESSION);
+
+?>
+--EXPECTF--
+array(0) {
+}
diff --git a/tests/session/crypt.docroot.phpt b/tests/session/crypt.docroot.phpt
new file mode 100644
index 0000000..d5b6fc6
--- /dev/null
+++ b/tests/session/crypt.docroot.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption using docroot
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+DOCUMENT_ROOT=/var/www
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=On
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: NKChb1rdctXd-Acz0uzOYVnJT_J2mxYRVUgSh0w5mlk.
diff --git a/tests/session/crypt.key_default.phpt b/tests/session/crypt.key_default.phpt
new file mode 100644
index 0000000..8e4f12a
--- /dev/null
+++ b/tests/session/crypt.key_default.phpt
@@ -0,0 +1,21 @@
+--TEST--
+session with encryption default key
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: RIuy2LSSd3_s3hhDCnN89bNWyCnhvNAO0YUq7OQKuJc.
diff --git a/tests/session/crypt.key_empty.phpt b/tests/session/crypt.key_empty.phpt
new file mode 100644
index 0000000..3e5da11
--- /dev/null
+++ b/tests/session/crypt.key_empty.phpt
@@ -0,0 +1,21 @@
+--TEST--
+session with encryption key empty
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: RIuy2LSSd3_s3hhDCnN89bNWyCnhvNAO0YUq7OQKuJc.
diff --git a/tests/session/crypt.key_empty_remote_addr.phpt b/tests/session/crypt.key_empty_remote_addr.phpt
new file mode 100644
index 0000000..cf1292a
--- /dev/null
+++ b/tests/session/crypt.key_empty_remote_addr.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption key empty and REMOTE_ADDR set
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: j1YTvIOAUqxZMjuJ_ZnHPHWY5XEayycsr7O94aMzmBQ.
diff --git a/tests/session/crypt.no_encryption.phpt b/tests/session/crypt.no_encryption.phpt
new file mode 100644
index 0000000..6b6bc97
--- /dev/null
+++ b/tests/session/crypt.no_encryption.phpt
@@ -0,0 +1,15 @@
+--TEST--
+session without encryption
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.encrypt=Off
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+?>
+--EXPECTF--
+SESSION: a|s:1:"b";
\ No newline at end of file
diff --git a/tests/session/crypt.raddr_1.phpt b/tests/session/crypt.raddr_1.phpt
new file mode 100644
index 0000000..2070d03
--- /dev/null
+++ b/tests/session/crypt.raddr_1.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption using REMOTE_ADDR (cryptraddr=1)
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=1
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: wkiQGgZgWnBFDyCs_4QYD_oaw_m35l_5I35XRg0wX_g.
diff --git a/tests/session/crypt.raddr_2.phpt b/tests/session/crypt.raddr_2.phpt
new file mode 100644
index 0000000..b8c21bc
--- /dev/null
+++ b/tests/session/crypt.raddr_2.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption using REMOTE_ADDR (cryptraddr=2)
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=2
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: WDyvE0R4mUqvOG6e5VzhfgWMjfCWSFC5bNNI_3dIT3w.
diff --git a/tests/session/crypt.raddr_3.phpt b/tests/session/crypt.raddr_3.phpt
new file mode 100644
index 0000000..afe2729
--- /dev/null
+++ b/tests/session/crypt.raddr_3.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption using REMOTE_ADDR (cryptraddr=3)
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=3
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: 6kLKLrgCmlOuEPXPON_K5SWHLuIbHdLsh4MJ0QtTFj8.
diff --git a/tests/session/crypt.raddr_4.phpt b/tests/session/crypt.raddr_4.phpt
new file mode 100644
index 0000000..28b4098
--- /dev/null
+++ b/tests/session/crypt.raddr_4.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption using REMOTE_ADDR (cryptraddr=4)
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=Off
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=4
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: QYSbWh8enETvdtKfao8G6aiXqK7_lhzFmRNYa2lo-UM.
diff --git a/tests/session/crypt.ua.phpt b/tests/session/crypt.ua.phpt
new file mode 100644
index 0000000..4c53273
--- /dev/null
+++ b/tests/session/crypt.ua.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session with encryption using ua
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+HTTP_USER_AGENT=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=On
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+include "sessionhandler.inc";
+session_test_start();
+$_SESSION['a'] = 'b';
+
+
+?>
+--EXPECTF--
+SESSION: 3pVZdIv7vHG-PwO_rLQLUGerd4L_UX60xJoAM-IoVC4.
diff --git a/tests/session/max_id_length_ok.phpt b/tests/session/max_id_length_ok.phpt
new file mode 100644
index 0000000..dbecebd
--- /dev/null
+++ b/tests/session/max_id_length_ok.phpt
@@ -0,0 +1,16 @@
+--TEST--
+session id not too long
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.max_id_length=32
+session.hash_bits_per_character=4
+session.use_strict_mode=0
+--FILE--
+<?php
+session_id('12345678901234567890123456789012');
+session_start();
+echo session_id();
+?>
+--EXPECTF--
+12345678901234567890123456789012
diff --git a/tests/session/max_id_length_toolong.phpt b/tests/session/max_id_length_toolong.phpt
new file mode 100644
index 0000000..a8ec4cc
--- /dev/null
+++ b/tests/session/max_id_length_toolong.phpt
@@ -0,0 +1,15 @@
+--TEST--
+session id too long
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.session.max_id_length=32
+session.hash_bits_per_character=4
+--FILE--
+<?php
+session_id('123456789012345678901234567890123');
+session_start();
+echo strlen(session_id());
+?>
+--EXPECTF--
+32
\ No newline at end of file
diff --git a/tests/session/session_recursive_crash.phpt b/tests/session/session_recursive_crash.phpt
new file mode 100644
index 0000000..62cb9cd
--- /dev/null
+++ b/tests/session/session_recursive_crash.phpt
@@ -0,0 +1,25 @@
+--TEST--
+session SessionHandler() recursive crash
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+HTTP_USER_AGENT=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=On
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+session_set_save_handler(new SessionHandler(), true);
+$_SESSION['a'] = 'b';
+var_dump($_SESSION);
+--EXPECTF--
+array(1) {
+  ["a"]=>
+  string(1) "b"
+}
diff --git a/tests/session/session_recursive_crash2.phpt b/tests/session/session_recursive_crash2.phpt
new file mode 100644
index 0000000..2a32226
--- /dev/null
+++ b/tests/session/session_recursive_crash2.phpt
@@ -0,0 +1,61 @@
+--TEST--
+session user handler recursive crash - issue suhosin#60
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--ENV--
+return <<<END
+HTTP_USER_AGENT=test
+END;
+--INI--
+suhosin.session.encrypt=On
+suhosin.session.cryptkey=D3F4UL7
+suhosin.session.cryptua=On
+suhosin.session.cryptdocroot=Off
+suhosin.session.cryptraddr=0
+suhosin.session.checkraddr=0
+--FILE--
+<?php
+$foo = "";
+
+class MySessionHandlerA implements SessionHandlerInterface
+{
+	public function close() {return TRUE;}
+	public function destroy($session_id) {return TRUE;}
+	public function gc($maxlifetime) {return TRUE;}
+	public function open($save_path, $name) { global $foo; $foo .= "A\n"; return TRUE;}
+	public function read($session_id ) {return TRUE;}
+	public function write($session_id, $session_data) {return TRUE;}
+}
+
+session_set_save_handler(new MySessionHandlerA(), true);
+session_start();
+session_destroy();
+
+//
+
+class MySessionHandlerB extends MySessionHandlerA
+{
+	public function open($save_path, $name) { global $foo; $foo .= "B\n"; return TRUE;}
+}
+
+session_set_save_handler(new MySessionHandlerB(), true);
+session_start();
+session_destroy();
+
+//
+
+class MySessionHandlerC extends MySessionHandlerA
+{
+	public function open($save_path, $name) { global $foo; $foo .= "C\n"; return TRUE;}
+}
+
+session_set_save_handler(new MySessionHandlerC(), true);
+session_start();
+session_destroy();
+
+
+echo $foo;
+--EXPECTF--
+A
+B
+C
diff --git a/tests/session/sessionhandler.inc b/tests/session/sessionhandler.inc
new file mode 100644
index 0000000..b8bc7bd
--- /dev/null
+++ b/tests/session/sessionhandler.inc
@@ -0,0 +1,43 @@
+<?php
+
+
+class GenericSessionHandler implements SessionHandlerInterface
+{
+	function open($savePath, $sessionName) { return true; }
+
+	function close() { return true; }
+
+	function read($id) { return (string)""; }
+
+	function write($id, $data) { return true; }
+
+	function destroy($id) { return true; }
+
+	function gc($maxlifetime) { return true; }
+
+}
+class WriteSessionHandler extends GenericSessionHandler
+{
+	function write($id, $data)
+	{
+		echo "SESSION: $data\n";
+		return true;
+	}
+}
+class RemoteAddrSessionHandler extends GenericSessionHandler
+{
+	## key empty and REMOTE_ADDR set to 127.0.0.1
+	function read($id) { return (string)"j1YTvIOAUqxZMjuJ_ZnHPHWY5XEayycsr7O94aMzmBQ."; }
+}
+
+
+function session_test_start($handler=null) {
+	if (!$handler) {
+		$handler = new WriteSessionHandler();
+	}
+	session_set_save_handler($handler, true);
+	session_start();
+	return $handler;
+}
+
+?>
-- 
cgit v1.3