|
Hi Luk, On Friday 05 September 2008, Luk Claes wrote: > 0.9.24 is in unstable and testing and below diffstat doesn't look > promissing. Though please point me to an actual diff to have a look if > it's worth it. since the dfsg issue seems to be solved, you can find the diff attached. Thanks and with kind regards, Jan. -- Never write mail to <waja@spamfalle.info>, you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------ |
diff -Nur php-suhosin-0.9.24/Changelog php-suhosin-0.9.27/Changelog
--- php-suhosin-0.9.24/Changelog 2008-05-10 18:03:53.000000000 +0200
+++ php-suhosin-0.9.27/Changelog 2008-08-23 11:15:02.000000000 +0200
@@ -1,3 +1,23 @@
+2008-08-23 - 0.9.27
+
+ - Fixed typo in replacement rand() / mt_rand() that was hidden by LAZY symbol loading
+
+2008-08-22 - 0.9.26
+
+ - Fixed problem with suhosin.perdir
+ Thanks to Hosteurope for tracking this down
+ - Fixed problems with ext/uploadprogress
+ Reported by: Christian Stocker
+ - Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
+ - Modified rand()/srand() to use the Mersenne Twister algorithm with separate state
+ - Added better internal seeding of rand() and mt_rand()
+
+2008-08-06 - 0.9.25
+
+ - Fixed PHP 4 compilation problem introduced in 0.9.24
+ - Fixed PHP 5.3 compilation problem
+ - Changed PHP default POST handler to PHP's current handler
+
2008-05-10 - 0.9.24
- Added support for method-calls to function handling
diff -Nur php-suhosin-0.9.24/debian/changelog php-suhosin-0.9.27/debian/changelog
--- php-suhosin-0.9.24/debian/changelog 2008-10-01 12:13:51.000000000 +0200
+++ php-suhosin-0.9.27/debian/changelog 2008-10-01 11:54:42.000000000 +0200
@@ -1,3 +1,10 @@
+php-suhosin (0.9.27-1) unstable; urgency=low
+
+ * new upstream release (closes: #497871)
+ * declare license situation of execute.c in copyright file
+
+ -- Jan Wagner <waja@cyconet.org> Wed, 18 Jun 2008 15:16:33 +0200
+
php-suhosin (0.9.24-1) unstable; urgency=low
* new upstream release
@@ -33,7 +40,7 @@
[ Alexander Wirt ]
* Bump standards version
* Don't ignore errors from make clean
- * Update copyright file
+ * Update copyright file
-- Alexander Wirt <formorer@debian.org> Thu, 06 Dec 2007 10:53:43 +0100
@@ -65,7 +72,7 @@
php-suhosin (0.9.12-1) unstable; urgency=low
* new upstream
- * fixed address of "Free Software Foundation, Inc." in changelog
+ * fixed address of "Free Software Foundation, Inc." in changelog
-- Jan Wagner <waja@cyconet.org> Sun, 17 Nov 2006 15:41:36 +0100
@@ -75,7 +82,7 @@
* drop debian/po
[ Alexander Wirt ]
- * Update debian/copyright
+ * Update debian/copyright
-- Alexander Wirt <formorer@debian.org> Sun, 12 Nov 2006 20:09:02 +0100
diff -Nur php-suhosin-0.9.24/debian/copyright php-suhosin-0.9.27/debian/copyright
--- php-suhosin-0.9.24/debian/copyright 2008-10-01 12:13:51.000000000 +0200
+++ php-suhosin-0.9.27/debian/copyright 2008-10-01 11:52:55.000000000 +0200
@@ -51,6 +51,25 @@
Copyright (C) 1991 Jochen Obalek <jochen.obalek@bigfoot.de>
License: PHP license 3.01
+ File execute.c
+ Copyright (c) 2006-2007 The Hardened-PHP Project
+ Copyright (c) 2007 SektionEins GmbH
+ Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
+ Copyright (C) 2000 - 2003, Richard J. Wagner
+ License: PHP license 3.01
+
+ The file contains the following clause were the code is taken out of
+ ext/standard/rand.c from PHP Source with a statement that isn't
+ compatible with the DFSG:
+ "The code as Shawn received it included the following notice:
+
+ Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura. When
+ you use this, send an e-mail to <matumoto@math.keio.ac.jp> with
+ an appropriate reference to your work."
+
+ However, this requirement has been rescinded by the copyright holder in
+ message <48E334A2.6050301@math.sci.hiroshima-u.ac.jp> to bug #498621.
+
File rfc1867.c
Copyright (c) 1997-2006 The PHP Group
Rasmus Lerdorf <rasmus@php.net>
diff -Nur php-suhosin-0.9.24/execute.c php-suhosin-0.9.27/execute.c
--- php-suhosin-0.9.24/execute.c 2008-05-10 18:01:22.000000000 +0200
+++ php-suhosin-0.9.27/execute.c 2008-08-23 10:53:32.000000000 +0200
@@ -28,11 +28,14 @@
#include "zend_hash.h"
#include "zend_extensions.h"
#include "ext/standard/info.h"
+#include "ext/standard/php_rand.h"
#include "php_suhosin.h"
#include "zend_compile.h"
#include "zend_llist.h"
#include "SAPI.h"
+#include "sha256.h"
+
static void (*old_execute)(zend_op_array *op_array TSRMLS_DC);
static void suhosin_execute(zend_op_array *op_array TSRMLS_DC);
@@ -764,7 +767,11 @@
int ih_querycheck(IH_HANDLER_PARAMS)
{
+#ifdef PHP_ATLEAST_5_3
+ void **p = zend_vm_stack_top(TSRMLS_C) - 1;
+#else
void **p = EG(argument_stack).top_element-2;
+#endif
unsigned long arg_count;
zval **arg;
char *query, *s, *e;
@@ -920,7 +927,11 @@
int ih_fixusername(IH_HANDLER_PARAMS)
{
+#ifdef PHP_ATLEAST_5_3
+ void **p = zend_vm_stack_top(TSRMLS_C) - 1;
+#else
void **p = EG(argument_stack).top_element-2;
+#endif
unsigned long arg_count;
zval **arg;char *prefix, *postfix, *user;
zval *backup, *my_user;
@@ -1089,6 +1100,368 @@
return (1);
}
+/* MT RAND FUNCTIONS */
+
+/*
+ The following php_mt_...() functions are based on a C++ class MTRand by
+ Richard J. Wagner. For more information see the web page at
+ http://www-personal.engin.umich.edu/~wagnerr/MersenneTwister.html
+
+ Mersenne Twister random number generator -- a C++ class MTRand
+ Based on code by Makoto Matsumoto, Takuji Nishimura, and Shawn Cokus
+ Richard J. Wagner v1.0 15 May 2003 rjwagner@writeme.com
+
+ The Mersenne Twister is an algorithm for generating random numbers. It
+ was designed with consideration of the flaws in various other generators.
+ The period, 2^19937-1, and the order of equidistribution, 623 dimensions,
+ are far greater. The generator is also fast; it avoids multiplication and
+ division, and it benefits from caches and pipelines. For more information
+ see the inventors' web page at http://www.math.keio.ac.jp/~matumoto/emt.html
+
+ Reference
+ M. Matsumoto and T. Nishimura, "Mersenne Twister: A 623-Dimensionally
+ Equidistributed Uniform Pseudo-Random Number Generator", ACM Transactions on
+ Modeling and Computer Simulation, Vol. 8, No. 1, January 1998, pp 3-30.
+
+ Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
+ Copyright (C) 2000 - 2003, Richard J. Wagner
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. The names of its contributors may not be used to endorse or promote
+ products derived from this software without specific prior written
+ permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ The original code included the following notice:
+
+ When you use this, send an email to: matumoto@math.keio.ac.jp
+ with an appropriate reference to your work.
+
+ It would be nice to CC: rjwagner@writeme.com and Cokus@math.washington.edu
+ when you write.
+*/
+
+#define N 624 /* length of state vector */
+#define M (397) /* a period parameter */
+#define hiBit(u) ((u) & 0x80000000U) /* mask all but highest bit of u */
+#define loBit(u) ((u) & 0x00000001U) /* mask all but lowest bit of u */
+#define loBits(u) ((u) & 0x7FFFFFFFU) /* mask the highest bit of u */
+#define mixBits(u, v) (hiBit(u)|loBits(v)) /* move hi bit of u to hi bit of v */
+
+#define twist(m,u,v) (m ^ (mixBits(u,v)>>1) ^ ((php_uint32)(-(php_int32)(loBit(u))) & 0x9908b0dfU))
+
+/* {{{ php_mt_initialize
+ */
+static inline void suhosin_mt_initialize(php_uint32 seed, php_uint32 *state)
+{
+ /* Initialize generator state with seed
+ See Knuth TAOCP Vol 2, 3rd Ed, p.106 for multiplier.
+ In previous versions, most significant bits (MSBs) of the seed affect
+ only MSBs of the state array. Modified 9 Jan 2002 by Makoto Matsumoto. */
+
+ register php_uint32 *s = state;
+ register php_uint32 *r = state;
+ register int i = 1;
+
+ *s++ = seed & 0xffffffffU;
+ for( ; i < N; ++i ) {
+ *s++ = ( 1812433253U * ( *r ^ (*r >> 30) ) + i ) & 0xffffffffU;
+ r++;
+ }
+}
+/* }}} */
+
+static inline void suhosin_mt_init_by_array(php_uint32 *key, int keylen, php_uint32 *state)
+{
+ int i, j, k;
+ suhosin_mt_initialize(19650218U, state);
+ i = 1; j = 0;
+ k = (N > keylen ? N : keylen);
+ for (; k; k--) {
+ state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1664525U)) + key[j] + j;
+ i++; j = (j+1) % keylen;
+ if (i >= N) { state[0] = state[N-1]; i=1; }
+ }
+ for (k=N-1; k; k--) {
+ state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1566083941U)) - i;
+ i++;
+ if (i >= N) { state[0] = state[N-1]; i=1; }
+ }
+ state[0] = 0x80000000U;
+}
+/* }}} */
+
+
+/* {{{ suhosin_mt_reload
+ */
+static inline void suhosin_mt_reload(php_uint32 *state, php_uint32 **next, int *left)
+{
+ /* Generate N new values in state
+ Made clearer and faster by Matthew Bellew (matthew.bellew@home.com) */
+
+ register php_uint32 *p = state;
+ register int i;
+
+ for (i = N - M; i--; ++p)
+ *p = twist(p[M], p[0], p[1]);
+ for (i = M; --i; ++p)
+ *p = twist(p[M-N], p[0], p[1]);
+ *p = twist(p[M-N], p[0], state[0]);
+ *left = N;
+ *next = state;
+}
+/* }}} */
+
+/* {{{ suhosin_mt_srand
+ */
+static void suhosin_mt_srand(php_uint32 seed TSRMLS_DC)
+{
+ /* Seed the generator with a simple uint32 */
+ suhosin_mt_initialize(seed, SUHOSIN_G(mt_state));
+ suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left));
+
+ /* Seed only once */
+ SUHOSIN_G(mt_is_seeded) = 1;
+}
+/* }}} */
+
+/* {{{ suhosin_mt_rand
+ */
+static php_uint32 suhosin_mt_rand(TSRMLS_D)
+{
+ /* Pull a 32-bit integer from the generator state
+ Every other access function simply transforms the numbers extracted here */
+
+ register php_uint32 s1;
+
+ if (SUHOSIN_G(mt_left) == 0) {
+ suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left));
+ }
+ --SUHOSIN_G(mt_left);
+
+ s1 = *SUHOSIN_G(mt_next)++;
+ s1 ^= (s1 >> 11);
+ s1 ^= (s1 << 7) & 0x9d2c5680U;
+ s1 ^= (s1 << 15) & 0xefc60000U;
+ return ( s1 ^ (s1 >> 18) );
+}
+/* }}} */
+
+/* {{{ suhosin_gen_entropy
+ */
+static void suhosin_gen_entropy(php_uint32 *seedbuf TSRMLS_DC)
+{
+ /* On a modern OS code, stack and heap base are randomized */
+ unsigned long code_value = (unsigned long)suhosin_gen_entropy;
+ unsigned long stack_value = (unsigned long)&code_value;
+ unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state);
+ suhosin_SHA256_CTX context;
+
+ code_value ^= code_value >> 32;
+ stack_value ^= stack_value >> 32;
+ heap_value ^= heap_value >> 32;
+
+ seedbuf[0] = code_value;
+ seedbuf[1] = stack_value;
+ seedbuf[2] = heap_value;
+ seedbuf[3] = time(0);
+#ifdef PHP_WIN32
+ seedbuf[4] = GetCurrentProcessId();
+#else
+ seedbuf[4] = getpid();
+#endif
+ seedbuf[5] = (php_uint32) 0x7fffffff * php_combined_lcg(TSRMLS_C);
+
+ suhosin_SHA256Init(&context);
+ suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 6);
+ suhosin_SHA256Final(seedbuf, &context);
+}
+/* }}} */
+
+
+/* {{{ suhosin_srand_auto
+ */
+static void suhosin_srand_auto(TSRMLS_D)
+{
+ php_uint32 seed[8];
+ suhosin_gen_entropy(&seed[0] TSRMLS_CC);
+
+ suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state));
+ suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left));
+
+ /* Seed only once */
+ SUHOSIN_G(r_is_seeded) = 1;
+}
+/* }}} */
+
+/* {{{ suhosin_mt_srand_auto
+ */
+static void suhosin_mt_srand_auto(TSRMLS_D)
+{
+ php_uint32 seed[8];
+ suhosin_gen_entropy(&seed[0] TSRMLS_CC);
+
+ suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state));
+ suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left));
+
+ /* Seed only once */
+ SUHOSIN_G(mt_is_seeded) = 1;
+}
+/* }}} */
+
+
+/* {{{ suhosin_srand
+ */
+static void suhosin_srand(php_uint32 seed TSRMLS_DC)
+{
+ /* Seed the generator with a simple uint32 */
+ suhosin_mt_initialize(seed+0x12345, SUHOSIN_G(r_state));
+ suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left));
+
+ /* Seed only once */
+ SUHOSIN_G(r_is_seeded) = 1;
+}
+/* }}} */
+
+/* {{{ suhosin_mt_rand
+ */
+static php_uint32 suhosin_rand(TSRMLS_D)
+{
+ /* Pull a 32-bit integer from the generator state
+ Every other access function simply transforms the numbers extracted here */
+
+ register php_uint32 s1;
+
+ if (SUHOSIN_G(r_left) == 0) {
+ suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left));
+ }
+ --SUHOSIN_G(r_left);
+
+ s1 = *SUHOSIN_G(r_next)++;
+ s1 ^= (s1 >> 11);
+ s1 ^= (s1 << 7) & 0x9d2c5680U;
+ s1 ^= (s1 << 15) & 0xefc60000U;
+ return ( s1 ^ (s1 >> 18) );
+}
+/* }}} */
+
+static int ih_srand(IH_HANDLER_PARAMS)
+{
+ int argc = ZEND_NUM_ARGS();
+ long seed;
+
+ if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(srand_ignore)) {
+ RETVAL_FALSE;
+ return (1);
+ }
+
+ if (argc == 0) {
+ suhosin_srand_auto(TSRMLS_C);
+ } else {
+ suhosin_srand(seed TSRMLS_CC);
+ }
+ RETVAL_TRUE;
+ return (1);
+}
+
+static int ih_mt_srand(IH_HANDLER_PARAMS)
+{
+ int argc = ZEND_NUM_ARGS();
+ long seed;
+
+ if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(mt_srand_ignore)) {
+ RETVAL_FALSE;
+ return (1);
+ }
+
+ if (argc == 0) {
+ suhosin_mt_srand_auto(TSRMLS_C);
+ } else {
+ suhosin_mt_srand(seed TSRMLS_CC);
+ }
+ RETVAL_TRUE;
+ return (1);
+}
+
+static int ih_mt_rand(IH_HANDLER_PARAMS)
+{
+ int argc = ZEND_NUM_ARGS();
+ long min;
+ long max;
+ long number;
+
+ if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
+ return (1);
+ }
+
+ if (!SUHOSIN_G(mt_is_seeded)) {
+ suhosin_mt_srand_auto(TSRMLS_C);
+ }
+
+ number = (long) (suhosin_mt_rand(TSRMLS_C) >> 1);
+ if (argc == 2) {
+ RAND_RANGE(number, min, max, PHP_MT_RAND_MAX);
+ }
+
+ RETURN_LONG(number);
+}
+
+static int ih_rand(IH_HANDLER_PARAMS)
+{
+ int argc = ZEND_NUM_ARGS();
+ long min;
+ long max;
+ long number;
+
+ if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
+ return (1);
+ }
+
+ if (!SUHOSIN_G(r_is_seeded)) {
+ suhosin_srand_auto(TSRMLS_C);
+ }
+
+ number = (long) (suhosin_rand(TSRMLS_C) >> 1);
+ if (argc == 2) {
+ RAND_RANGE(number, min, max, PHP_MT_RAND_MAX);
+ }
+
+ RETURN_LONG(number);
+}
+
+static int ih_getrandmax(IH_HANDLER_PARAMS)
+{
+ int argc = ZEND_NUM_ARGS();
+
+ if (argc != 0) {
+ ZEND_WRONG_PARAM_COUNT();
+ }
+
+ RETVAL_LONG(PHP_MT_RAND_MAX);
+ return (1);
+}
internal_function_handler ihandlers[] = {
{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },
@@ -1096,6 +1469,13 @@
{ "symlink", ih_symlink, NULL, NULL, NULL },
{ "phpinfo", ih_phpinfo, NULL, NULL, NULL },
+ { "srand", ih_srand, NULL, NULL, NULL },
+ { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
+ { "rand", ih_rand, NULL, NULL, NULL },
+ { "mt_rand", ih_mt_rand, NULL, NULL, NULL },
+ { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
+ { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
+
{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
@@ -1150,11 +1530,13 @@
char *lcname;
int function_name_strlen, free_lcname = 0;
zval *return_value;
- zend_class_entry *ce;
+ zend_class_entry *ce = NULL;
int ht;
internal_function_handler *ih;
-
+
+#ifdef ZEND_ENGINE_2
ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope;
+#endif
lcname = ((zend_internal_function *) execute_data_ptr->function_state.function)->function_name;
function_name_strlen = strlen(lcname);
diff -Nur php-suhosin-0.9.24/php_suhosin.h php-suhosin-0.9.27/php_suhosin.h
--- php-suhosin-0.9.24/php_suhosin.h 2008-05-10 17:15:01.000000000 +0200
+++ php-suhosin-0.9.27/php_suhosin.h 2008-08-23 11:15:04.000000000 +0200
@@ -22,7 +22,7 @@
#ifndef PHP_SUHOSIN_H
#define PHP_SUHOSIN_H
-#define SUHOSIN_EXT_VERSION "0.9.24"
+#define SUHOSIN_EXT_VERSION "0.9.27"
/*#define SUHOSIN_DEBUG*/
#define SUHOSIN_LOG "/tmp/suhosin_log.txt"
@@ -64,6 +64,8 @@
PHP_RSHUTDOWN_FUNCTION(suhosin);
PHP_MINFO_FUNCTION(suhosin);
+#include "ext/standard/basic_functions.h"
+
ZEND_BEGIN_MODULE_GLOBALS(suhosin)
zend_uint in_code_type;
long execution_depth;
@@ -222,6 +224,18 @@
zend_bool disable_display_errors;
+ php_uint32 r_state[625];
+ php_uint32 *r_next;
+ int r_left;
+ zend_bool srand_ignore;
+ zend_bool mt_srand_ignore;
+ php_uint32 mt_state[625];
+ php_uint32 *mt_next;
+ int mt_left;
+
+ zend_bool r_is_seeded;
+ zend_bool mt_is_seeded;
+
/* PERDIR Handling */
char *perdir;
zend_bool log_perdir;
@@ -385,6 +399,10 @@
return pz->is_ref = isref;
}
+#else
+
+#define PHP_ATLEAST_5_3 true
+
#endif
diff -Nur php-suhosin-0.9.24/post_handler.c php-suhosin-0.9.27/post_handler.c
--- php-suhosin-0.9.24/post_handler.c 2007-11-28 02:15:35.000000000 +0100
+++ php-suhosin-0.9.27/post_handler.c 2008-08-06 12:56:28.000000000 +0200
@@ -38,40 +38,45 @@
SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler)
{
- char *var, *val;
- char *strtok_buf = NULL;
- zval *array_ptr = (zval *) arg;
-
- if (SG(request_info).post_data == NULL) {
- return;
- }
-
- var = php_strtok_r(SG(request_info).post_data, "&", &strtok_buf);
-
- while (var) {
- val = strchr(var, '=');
- if (val) { /* have a value */
- unsigned int val_len, new_val_len;
-
- *val++ = '\0';
- php_url_decode(var, strlen(var));
- val_len = php_url_decode(val, strlen(val));
- val = estrndup(val, val_len);
- if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+ char *var, *val, *e, *s, *p;
+ zval *array_ptr = (zval *) arg;
+
+ if (SG(request_info).post_data==NULL) {
+ return;
+ }
+
+ s = SG(request_info).post_data;
+ e = s + SG(request_info).post_data_length;
+
+ while (s < e && (p = memchr(s, '&', (e - s)))) {
+last_value:
+ if ((val = memchr(s, '=', (p - s)))) { /* have a value */
+ unsigned int val_len, new_val_len;
+ var = s;
+
+ php_url_decode(var, (val - s));
+ val++;
+ val_len = php_url_decode(val, (p - val));
+ val = estrndup(val, val_len);
+ if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
#ifdef ZEND_ENGINE_2
- if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) {
+ if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) {
#endif
- php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+ php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
#ifdef ZEND_ENGINE_2
- }
+ }
#endif
- } else {
- SUHOSIN_G(abort_request)=1;
- }
- efree(val);
- }
- var = php_strtok_r(NULL, "&", &strtok_buf);
- }
+ } else {
+ SUHOSIN_G(abort_request)=1;
+ }
+ efree(val);
+ }
+ s = p + 1;
+ }
+ if (s < e) {
+ p = e;
+ goto last_value;
+ }
}
/* {{{ php_post_entries[]
diff -Nur php-suhosin-0.9.24/rfc1867.c php-suhosin-0.9.27/rfc1867.c
--- php-suhosin-0.9.24/rfc1867.c 2007-11-28 02:15:35.000000000 +0100
+++ php-suhosin-0.9.27/rfc1867.c 2008-08-21 18:16:41.000000000 +0200
@@ -742,7 +742,7 @@
XXX: this is horrible memory-usage-wise, but we only expect
to do this on small pieces of form data.
*/
-static char *multipart_buffer_read_body(multipart_buffer *self TSRMLS_DC)
+static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int *len TSRMLS_DC)
{
char buf[FILLUNIT], *out=NULL;
int total_bytes=0, read_bytes=0;
@@ -754,6 +754,7 @@
}
if (out) out[total_bytes] = '\0';
+ *len = total_bytes;
return out;
}
@@ -904,7 +905,8 @@
/* Normal form variable, safe to read all data into memory */
if (!filename && param) {
- char *value = multipart_buffer_read_body(mbuff TSRMLS_CC);
+ unsigned int value_len;
+ char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC);
unsigned int new_val_len; /* Dummy variable */
if (!value) {
@@ -948,7 +950,16 @@
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
#endif
#ifdef ZEND_ENGINE_2
- }
+ } else {
+ multipart_event_formdata event_formdata;
+
+ event_formdata.post_bytes_processed = SG(read_post_bytes);
+ event_formdata.name = param;
+ event_formdata.value = &value;
+ event_formdata.length = value_len;
+ event_formdata.newlength = NULL;
+ suhosin_rfc1867_filter(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
+ }
#endif
if (!strcasecmp(param, "MAX_FILE_SIZE")) {
max_file_size = atol(value);
diff -Nur php-suhosin-0.9.24/suhosin.c php-suhosin-0.9.27/suhosin.c
--- php-suhosin-0.9.24/suhosin.c 2008-05-10 17:59:43.000000000 +0200
+++ php-suhosin-0.9.27/suhosin.c 2008-08-22 16:34:00.000000000 +0200
@@ -847,10 +847,10 @@
ZEND_INI_ENTRY("suhosin.log.file", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_file)
STD_ZEND_INI_ENTRY("suhosin.log.file.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogString, log_filename, zend_suhosin_globals, suhosin_globals)
STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals)
- ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)
ZEND_INI_END()
PHP_INI_BEGIN()
+ ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)
STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal, zend_suhosin_globals, suhosin_globals)
ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist)
ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist)
@@ -952,6 +952,9 @@
STD_ZEND_INI_BOOLEAN("suhosin.server.encode", "1", ZEND_INI_SYSTEM, OnUpdateBool, server_encode,zend_suhosin_globals, suhosin_globals)
STD_ZEND_INI_BOOLEAN("suhosin.server.strip", "1", ZEND_INI_SYSTEM, OnUpdateBool, server_strip,zend_suhosin_globals, suhosin_globals)
+ STD_ZEND_INI_BOOLEAN("suhosin.srand.ignore", "1", ZEND_INI_SYSTEM|ZEND_INI_PERDIR, OnUpdateMiscBool, srand_ignore,zend_suhosin_globals, suhosin_globals)
+ STD_ZEND_INI_BOOLEAN("suhosin.mt_srand.ignore", "1", ZEND_INI_SYSTEM|ZEND_INI_PERDIR, OnUpdateMiscBool, mt_srand_ignore,zend_suhosin_globals, suhosin_globals)
+
PHP_INI_END()
/* }}} */
@@ -1200,10 +1203,10 @@
PUTS(!sapi_module.phpinfo_as_text?"<br /><br />":"\n\n");
if (sapi_module.phpinfo_as_text) {
PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n");
- PUTS("Copyright (c) 2007 SektionEins GmbH\n");
+ PUTS("Copyright (c) 2007-2008 SektionEins GmbH\n");
} else {
PUTS("Copyright (c) 2006-2007 <a href=\"http://www.hardened-php.net/\";>Hardened-PHP Project</a><br />\n");
- PUTS("Copyright (c) 2007 <a href=\"http://www.sektioneins.de/\";>SektionEins GmbH</a>\n");
+ PUTS("Copyright (c) 2007-2008 <a href=\"http://www.sektioneins.de/\";>SektionEins GmbH</a>\n");
}
php_info_print_box_end();
Attachment:
signature.asc
Description: This is a digitally signed message part.