File php5-suhosin-php54.patch of Package php5.openSUSE_13.1_Update
diff -x .git -Nur php-suhosin-0.9.33/Changelog suhosin/Changelog
--- ext/suhosin/Changelog 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/Changelog 2012-05-21 21:54:03.076420909 +0200
@@ -1,3 +1,11 @@
+2012-02-12 - 0.9.34
+
+ - Added initial support for PHP 5.4.0
+ - Fix include whitelist and blacklist to support shemes with dots in their names
+ - Fix read after efree() that lets function_exists() malfunction
+ - Fix build with clang compiler
+ - Added a request variable drop statistic log message
+
2012-01-19 - 0.9.33
- Make clear that suhosin is incompatible to mbstring.encoding_translation=On
diff -x .git -Nur php-suhosin-0.9.33/execute.c suhosin/execute.c
--- ext/suhosin/execute.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/execute.c 2012-05-21 21:28:34.848342088 +0200
@@ -152,7 +152,7 @@
t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
if (h == NULL) break;
- while (t > s && (isalnum(t[-1]) || t[-1]=='_')) {
+ while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
t--;
}
@@ -195,7 +195,7 @@
t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) );
if (h == NULL) break;
- while (t > s && (isalnum(t[-1]) || t[-1]=='_')) {
+ while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) {
t--;
}
@@ -364,6 +364,15 @@
zend_uint orig_code_type;
unsigned long *suhosin_flags = NULL;
+ /* log variable dropping statistics */
+ if (SUHOSIN_G(abort_request) && (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0)) {
+ suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)",
+ SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables),
+ SUHOSIN_G(att_get_vars)-SUHOSIN_G(cur_get_vars),
+ SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars),
+ SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars));
+ }
+
if (SUHOSIN_G(abort_request) && !SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) {
char *action = SUHOSIN_G(filter_action);
@@ -1022,50 +1031,6 @@
return (0);
}
-static int suhosin_php_body_write(const char *str, uint str_length TSRMLS_DC)
-{
-#define P_META_ROBOTS "<meta name=\"ROBOTS\" content=\"NOINDEX,NOFOLLOW,NOARCHIVE\" />"
-#define S_META_ROBOTS "<meta name=\"ROBOTS\" content=\"NOINDEX,FOLLOW,NOARCHIVE\" />"
-
- SDEBUG("bw: %s", str);
-
- if ((str_length == sizeof("</head>\n")-1) && (strcmp(str, "</head>\n")==0)) {
- SUHOSIN_G(old_php_body_write)(S_META_ROBOTS, sizeof(S_META_ROBOTS)-1 TSRMLS_CC);
- OG(php_body_write) = SUHOSIN_G(old_php_body_write);
- return SUHOSIN_G(old_php_body_write)(str, str_length TSRMLS_CC);
- } else if ((str_length == sizeof(P_META_ROBOTS)-1) && (strcmp(str, P_META_ROBOTS)==0)) {
- return str_length;
- }
- return SUHOSIN_G(old_php_body_write)(str, str_length TSRMLS_CC);
-}
-
-static int ih_phpinfo(IH_HANDLER_PARAMS)
-{
- int argc = ZEND_NUM_ARGS();
- long flag;
-
- if (zend_parse_parameters(argc TSRMLS_CC, "|l", &flag) == FAILURE) {
- RETVAL_FALSE;
- return (1);
- }
-
- if(!argc) {
- flag = PHP_INFO_ALL;
- }
-
- /* Andale! Andale! Yee-Hah! */
- php_start_ob_buffer(NULL, 4096, 0 TSRMLS_CC);
- if (!sapi_module.phpinfo_as_text) {
- SUHOSIN_G(old_php_body_write) = OG(php_body_write);
- OG(php_body_write) = suhosin_php_body_write;
- }
- php_print_info(flag TSRMLS_CC);
- php_end_ob_buffer(1, 0 TSRMLS_CC);
-
- RETVAL_TRUE;
- return (1);
-}
-
static int ih_function_exists(IH_HANDLER_PARAMS)
{
@@ -1087,11 +1052,11 @@
zend_str_tolower(lcname, func_name_len);
#else
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &lcname, &func_name_len) == FAILURE) {
- return;
+ return (1);
}
/* Ignore leading "\" */
- if (lcname[0] == '\\') {
+ if (func_name_len > 0 && lcname[0] == '\\') {
lcname = &lcname[1];
func_name_len--;
}
@@ -1100,8 +1065,6 @@
retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS);
- efree(lcname);
-
/*
* A bit of a hack, but not a bad one: we see if the handler of the function
* is actually one that displays "function is disabled" message.
@@ -1134,6 +1097,8 @@
}
}
+ efree(lcname);
+
RETVAL_BOOL(retval);
return (1);
}
@@ -1344,7 +1309,7 @@
suhosin_SHA256Init(&context);
suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 8);
- suhosin_SHA256Final(seedbuf, &context);
+ suhosin_SHA256Final((void *)seedbuf, &context);
}
/* }}} */
@@ -1501,7 +1466,7 @@
{
#ifdef PHP_ATLEAST_5_3
if (zend_parse_parameters_none() == FAILURE) {
- return;
+ return(0);
}
#else
int argc = ZEND_NUM_ARGS();
@@ -1518,7 +1483,6 @@
{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },
{ "mail", ih_mail, NULL, NULL, NULL },
{ "symlink", ih_symlink, NULL, NULL, NULL },
- { "phpinfo", ih_phpinfo, NULL, NULL, NULL },
{ "srand", ih_srand, NULL, NULL, NULL },
{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1606,7 +1570,11 @@
}
#ifdef ZEND_ENGINE_2
+# if PHP_VERSION_ID < 50400
return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr;
+# else
+ return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr;
+# endif
#else
return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr;
#endif
diff -x .git -Nur php-suhosin-0.9.33/ex_imp.c suhosin/ex_imp.c
--- ext/suhosin//ex_imp.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/ex_imp.c 2012-05-21 21:28:34.844342088 +0200
@@ -727,14 +727,13 @@
/* {{{ suhosin_ex_imp_functions[]
*/
-function_entry suhosin_ex_imp_functions[] = {
+zend_function_entry suhosin_ex_imp_functions[] = {
PHP_NAMED_FE(extract, PHP_FN(suhosin_extract), suhosin_arginfo_extract)
PHP_NAMED_FE(import_request_variables, PHP_FN(suhosin_import_request_variables), suhosin_arginfo_import_request_variables)
{NULL, NULL, NULL}
};
/* }}} */
-
void suhosin_hook_ex_imp()
{
TSRMLS_FETCH();
diff -x .git -Nur php-suhosin-0.9.33/ifilter.c suhosin/ifilter.c
--- ext/suhosin/ifilter.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/ifilter.c 2012-05-21 21:28:34.848342088 +0200
@@ -146,7 +146,7 @@
if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
Z_TYPE_PP(tzval) == IS_STRING) {
- s = t = Z_STRVAL_PP(tzval);
+ s = t = (unsigned char *)Z_STRVAL_PP(tzval);
for (; *t; t++) {
if (suhosin_is_dangerous_char[*t]) {
*t = '?';
@@ -168,7 +168,7 @@
if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS &&
Z_TYPE_PP(tzval) == IS_STRING) {
- temp = Z_STRVAL_PP(tzval);
+ temp = (unsigned char *)Z_STRVAL_PP(tzval);
t = temp;
for (t = temp; *t; t++) {
@@ -195,7 +195,8 @@
}
*n = 0;
- Z_STRVAL_PP(tzval) = newv;
+ /* XXX: we leak memory here, but only for the duration of the request */
+ Z_STRVAL_PP(tzval) = (char *)newv;
Z_STRLEN_PP(tzval) = n-newv;
}
}
@@ -325,16 +326,22 @@
/* Drop this variable if the limit was reached */
switch (arg) {
case PARSE_GET:
+ SUHOSIN_G(att_get_vars)++;
+ SUHOSIN_G(att_request_variables)++;
if (SUHOSIN_G(no_more_get_variables)) {
return 0;
}
break;
case PARSE_POST:
+ SUHOSIN_G(att_post_vars)++;
+ SUHOSIN_G(att_request_variables)++;
if (SUHOSIN_G(no_more_post_variables)) {
return 0;
}
break;
case PARSE_COOKIE:
+ SUHOSIN_G(att_cookie_vars)++;
+ SUHOSIN_G(att_request_variables)++;
if (SUHOSIN_G(no_more_cookie_variables)) {
return 0;
}
@@ -350,7 +357,7 @@
switch (arg) {
case PARSE_GET:
if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) {
- suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s'", var);
+ suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var);
if (!SUHOSIN_G(simulation)) {
SUHOSIN_G(no_more_get_variables) = 1;
return 0;
@@ -359,7 +366,7 @@
break;
case PARSE_COOKIE:
if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) {
- suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s'", var);
+ suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var);
if (!SUHOSIN_G(simulation)) {
SUHOSIN_G(no_more_cookie_variables) = 1;
return 0;
@@ -368,7 +375,7 @@
break;
case PARSE_POST:
if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) {
- suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s'", var);
+ suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var);
if (!SUHOSIN_G(simulation)) {
SUHOSIN_G(no_more_post_variables) = 1;
return 0;
diff -x .git -Nur php-suhosin-0.9.33/log.c suhosin/log.c
--- ext/suhosin/log.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/log.c 2012-05-21 21:28:34.848342088 +0200
@@ -36,6 +36,12 @@
#include <sys/socket.h>
#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#elif defined(PHP_WIN32)
+#include "win32/time.h"
+#endif
+
#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
#undef AF_UNIX
#endif
@@ -261,7 +267,11 @@
/* SAPI Logging activated? */
SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script), SUHOSIN_G(log_phpscript));
if (((SUHOSIN_G(log_sapi)|S_INTERNAL) & loglevel)!=0) {
+#if PHP_VERSION_ID < 50400
sapi_module.log_message(buf);
+#else
+ sapi_module.log_message(buf TSRMLS_CC);
+#endif
}
/*log_script:*/
@@ -317,7 +327,9 @@
zval *result = NULL;
long orig_execution_depth = SUHOSIN_G(execution_depth);
+#if PHP_VERSION_ID < 50400
zend_bool orig_safe_mode = PG(safe_mode);
+#endif
char *orig_basedir = PG(open_basedir);
char *phpscript = SUHOSIN_G(log_phpscriptname);
@@ -354,14 +366,18 @@
SUHOSIN_G(execution_depth) = 0;
if (SUHOSIN_G(log_phpscript_is_safe)) {
+#if PHP_VERSION_ID < 50400
PG(safe_mode) = 0;
+#endif
PG(open_basedir) = NULL;
}
zend_execute(new_op_array TSRMLS_CC);
SUHOSIN_G(execution_depth) = orig_execution_depth;
+#if PHP_VERSION_ID < 50400
PG(safe_mode) = orig_safe_mode;
+#endif
PG(open_basedir) = orig_basedir;
#ifdef ZEND_ENGINE_2
diff -x .git -Nur php-suhosin-0.9.33/php_suhosin.h suhosin/php_suhosin.h
--- ext/suhosin//php_suhosin.h 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/php_suhosin.h 2012-03-18 16:46:46.946834768 +0100
@@ -22,7 +22,7 @@
#ifndef PHP_SUHOSIN_H
#define PHP_SUHOSIN_H
-#define SUHOSIN_EXT_VERSION "0.9.33"
+#define SUHOSIN_EXT_VERSION "0.9.34-dev"
/*#define SUHOSIN_DEBUG*/
#define SUHOSIN_LOG "/tmp/suhosin_log.txt"
@@ -102,6 +102,7 @@
/* request variables */
long max_request_variables;
long cur_request_variables;
+ long att_request_variables;
long max_varname_length;
long max_totalname_length;
long max_value_length;
@@ -112,6 +113,7 @@
/* cookie variables */
long max_cookie_vars;
long cur_cookie_vars;
+ long att_cookie_vars;
long max_cookie_name_length;
long max_cookie_totalname_length;
long max_cookie_value_length;
@@ -122,6 +124,7 @@
/* get variables */
long max_get_vars;
long cur_get_vars;
+ long att_get_vars;
long max_get_name_length;
long max_get_totalname_length;
long max_get_value_length;
@@ -132,6 +135,7 @@
/* post variables */
long max_post_vars;
long cur_post_vars;
+ long att_post_vars;
long max_post_name_length;
long max_post_totalname_length;
long max_post_value_length;
@@ -308,7 +312,7 @@
char *suhosin_cookie_decryptor(TSRMLS_D);
char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC);
void suhosin_hook_post_handlers(TSRMLS_D);
-void suhosin_unhook_post_handlers();
+void suhosin_unhook_post_handlers(TSRMLS_D);
void suhosin_hook_register_server_variables();
void suhosin_hook_header_handler();
void suhosin_unhook_header_handler();
diff -x .git -Nur php-suhosin-0.9.33/post_handler.c suhosin/post_handler.c
--- ext/suhosin/post_handler.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/post_handler.c 2012-03-18 16:46:46.946834768 +0100
@@ -148,10 +148,10 @@
/* we need to tell suhosin patch that there is a new valid destructor */
/* therefore we have create HashTable that has this destructor */
- zend_hash_init(&tempht, 0, NULL, suhosin_post_handler_modification, 0);
+ zend_hash_init(&tempht, 0, NULL, (dtor_func_t)suhosin_post_handler_modification, 0);
zend_hash_destroy(&tempht);
/* And now we can overwrite the destructor for post entries */
- SG(known_post_content_types).pDestructor = suhosin_post_handler_modification;
+ SG(known_post_content_types).pDestructor = (dtor_func_t)suhosin_post_handler_modification;
/* we have to stop mbstring from replacing our post handler */
if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) {
@@ -162,7 +162,7 @@
ini_entry->on_modify = suhosin_OnUpdate_mbstring_encoding_translation;
}
-void suhosin_unhook_post_handlers()
+void suhosin_unhook_post_handlers(TSRMLS_D)
{
zend_ini_entry *ini_entry;
diff -x .git -Nur php-suhosin-0.9.33/rfc1867.c suhosin/rfc1867.c
--- ext/suhosin/rfc1867.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/rfc1867.c 2012-05-21 21:28:34.848342088 +0200
@@ -244,21 +244,29 @@
static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
{
+#if PHP_VERSION_ID < 50400
int register_globals = PG(register_globals);
PG(register_globals) = 0;
+#endif
safe_php_register_variable(strvar, val, http_post_files, override_protection TSRMLS_CC);
+#if PHP_VERSION_ID < 50400
PG(register_globals) = register_globals;
+#endif
}
static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
{
+#if PHP_VERSION_ID < 50400
int register_globals = PG(register_globals);
PG(register_globals) = 0;
+#endif
safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
+#if PHP_VERSION_ID < 50400
PG(register_globals) = register_globals;
+#endif
}
/*
diff -x .git -Nur php-suhosin-0.9.33/session.c suhosin/session.c
--- ext/suhosin//session.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/session.c 2012-05-21 21:28:34.848342088 +0200
@@ -233,9 +233,94 @@
zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */
} php_ps_globals_53;
+#if PHP_VERSION_ID >= 50400
+typedef struct _php_session_rfc1867_progress_54 {
+
+ size_t sname_len;
+ zval sid;
+ smart_str key;
+
+ long update_step;
+ long next_update;
+ double next_update_time;
+ zend_bool cancel_upload;
+ zend_bool apply_trans_sid;
+ size_t content_length;
+
+ zval *data; /* the array exported to session data */
+ zval *post_bytes_processed; /* data["bytes_processed"] */
+ zval *files; /* data["files"] array */
+ zval *current_file; /* array of currently uploading file */
+ zval *current_file_bytes_processed;
+} php_session_rfc1867_progress_54;
+
+typedef struct _php_ps_globals_54 {
+ char *save_path;
+ char *session_name;
+ char *id;
+ char *extern_referer_chk;
+ char *entropy_file;
+ char *cache_limiter;
+ long entropy_length;
+ long cookie_lifetime;
+ char *cookie_path;
+ char *cookie_domain;
+ zend_bool cookie_secure;
+ zend_bool cookie_httponly;
+ ps_module *mod;
+ ps_module *default_mod;
+ void *mod_data;
+ php_session_status session_status;
+ long gc_probability;
+ long gc_divisor;
+ long gc_maxlifetime;
+ int module_number;
+ long cache_expire;
+ union {
+ zval *names[6];
+ struct {
+ zval *ps_open;
+ zval *ps_close;
+ zval *ps_read;
+ zval *ps_write;
+ zval *ps_destroy;
+ zval *ps_gc;
+ } name;
+ } mod_user_names;
+ int mod_user_implemented;
+ int mod_user_is_open;
+ const struct ps_serializer_struct *serializer;
+ zval *http_session_vars;
+ zend_bool auto_start;
+ zend_bool use_cookies;
+ zend_bool use_only_cookies;
+ zend_bool use_trans_sid; /* contains the INI value of whether to use trans-sid */
+ zend_bool apply_trans_sid; /* whether or not to enable trans-sid for the current request */
+
+ long hash_func;
+#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
+ php_hash_ops *hash_ops;
+#endif
+ long hash_bits_per_character;
+ int send_cookie;
+ int define_sid;
+ zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */
+
+ php_session_rfc1867_progress_54 *rfc1867_progress;
+ zend_bool rfc1867_enabled; /* session.upload_progress.enabled */
+ zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */
+ smart_str rfc1867_prefix; /* session.upload_progress.prefix */
+ smart_str rfc1867_name; /* session.upload_progress.name */
+ long rfc1867_freq; /* session.upload_progress.freq */
+ double rfc1867_min_freq; /* session.upload_progress.min_freq */
+} php_ps_globals_54;
+#endif
+
#ifdef ZTS
static ts_rsrc_id session_globals_id = 0;
-# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
+# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4)
+# define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_54 *, v)
+# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
# define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_53 *, v)
# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2)
# define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_52 *, v)
@@ -247,7 +332,9 @@
UNSUPPORTED PHP VERSION
# endif
#else
-# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
+# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4)
+static php_ps_globals_54 *session_globals = NULL;
+# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3)
static php_ps_globals_53 *session_globals = NULL;
# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2)
static php_ps_globals_52 *session_globals = NULL;
@@ -294,6 +381,7 @@
if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var);
+#if PHP_VERSION_ID < 50400
/* If register_globals is enabled, and
* if there is an entry for the slot in $_SESSION, and
* if that entry is still set to NULL, and
@@ -307,6 +395,7 @@
*state_var = tmp;
}
}
+#endif
}
return ret;
}
@@ -426,7 +515,7 @@
}
/* store ip value */
- suhosin_get_ipv4(crypted+4 TSRMLS_CC);
+ suhosin_get_ipv4((char *)crypted+4 TSRMLS_CC);
/* store check value */
crypted[8] = check & 0xff;
@@ -544,7 +633,7 @@
if (check_ra > 4) {
check_ra = 4;
}
- suhosin_get_ipv4(&buf TSRMLS_CC);
+ suhosin_get_ipv4(&buf[0] TSRMLS_CC);
if (memcmp(buf, decrypted+4, check_ra) != 0) {
goto error_out;
}
diff -x .git -Nur php-suhosin-0.9.33/sha256.c suhosin/sha256.c
--- ext/suhosin/sha256.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/sha256.c 2012-05-21 21:28:34.848342088 +0200
@@ -86,9 +86,11 @@
return;
}
+#if PHP_VERSION_ID < 50400
if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
+#endif
if (php_check_open_basedir(arg TSRMLS_CC)) {
RETURN_FALSE;
@@ -392,7 +394,7 @@
/* {{{ suhosin_sha256_functions[]
*/
-static function_entry suhosin_sha256_functions[] = {
+static zend_function_entry suhosin_sha256_functions[] = {
PHP_NAMED_FE(sha256, PHP_FN(suhosin_sha256), NULL)
PHP_NAMED_FE(sha256_file, PHP_FN(suhosin_sha256_file), NULL)
{NULL, NULL, NULL}
diff -x .git -Nur php-suhosin-0.9.33/suhosin.c suhosin/suhosin.c
--- ext/suhosin/suhosin.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/suhosin.c 2012-05-21 21:28:34.848342088 +0200
@@ -189,9 +189,12 @@
static void suhosin_shutdown(zend_extension *extension)
{
+ TSRMLS_FETCH();
+
suhosin_unhook_execute();
suhosin_unhook_header_handler();
- suhosin_unhook_post_handlers();
+ suhosin_unhook_post_handlers(TSRMLS_C);
+ /* suhosin_unhook_session(); - enabling this causes compability problems */
if (ze != NULL) {
ze->startup = orig_module_startup;
@@ -646,12 +649,16 @@
array_init(gpc_element);
zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
} else {
+#if PHP_VERSION_ID < 50400
if (PG(magic_quotes_gpc) && (index != var)) {
/* no need to addslashes() the index if it's the main variable name */
escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
} else {
+#endif
escaped_index = index;
+#if PHP_VERSION_ID < 50400
}
+#endif
if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
MAKE_STD_ZVAL(gpc_element);
@@ -683,11 +690,15 @@
if (!index) {
zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
} else {
+#if PHP_VERSION_ID < 50400
if (PG(magic_quotes_gpc)) {
escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
} else {
+#endif
escaped_index = index;
+#if PHP_VERSION_ID < 50400
}
+#endif
/*
* According to rfc2965, more specific paths are listed above the less specific ones.
* If we encounter a duplicate cookie name, we should skip it, since it is not possible
@@ -714,11 +725,15 @@
/* Prepare value */
Z_STRLEN(new_entry) = str_len;
+#if PHP_VERSION_ID < 50400
if (PG(magic_quotes_gpc)) {
Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC);
} else {
+#endif
Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
+#if PHP_VERSION_ID < 50400
}
+#endif
Z_TYPE(new_entry) = IS_STRING;
suhosin_register_cookie_variable(var, &new_entry, track_vars_array TSRMLS_CC);
@@ -1153,6 +1168,10 @@
SUHOSIN_G(cur_cookie_vars) = 0;
SUHOSIN_G(cur_get_vars) = 0;
SUHOSIN_G(cur_post_vars) = 0;
+ SUHOSIN_G(att_request_variables) = 0;
+ SUHOSIN_G(att_cookie_vars) = 0;
+ SUHOSIN_G(att_get_vars) = 0;
+ SUHOSIN_G(att_post_vars) = 0;
SUHOSIN_G(num_uploads) = 0;
SUHOSIN_G(no_more_variables) = 0;
diff -x .git -Nur php-suhosin-0.9.33/tests/executor/negative_memory_limit.phpt suhosin/tests/executor/negative_memory_limit.phpt
--- ext/suhosin/tests/executor/negative_memory_limit.phpt 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/tests/executor/negative_memory_limit.phpt 2012-05-21 21:28:34.848342088 +0200
@@ -13,6 +13,6 @@
ini_set("memory_limit", "-200000"); echo ini_get("memory_limit"), "\n";
?>
--EXPECTF--
-ALERT - script tried to increase memory_limit to %d bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 2)
+ALERT - script tried to disable memory_limit by setting it to a negative value -%d bytes which is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2)
16M
diff -x .git -Nur php-suhosin-0.9.33/treat_data.c suhosin/treat_data.c
--- ext/suhosin/treat_data.c 2012-01-19 16:49:18.000000000 +0100
+++ ext/suhosin/treat_data.c 2012-05-21 21:28:34.848342088 +0200
@@ -194,7 +194,13 @@
void suhosin_hook_treat_data()
{
+#if PHP_VERSION_ID < 50400
sapi_register_treat_data(suhosin_treat_data);
+#else
+ TSRMLS_FETCH();
+
+ sapi_register_treat_data(suhosin_treat_data TSRMLS_CC);
+#endif
#ifdef ZEND_ENGINE_2
if (old_input_filter == NULL) {
old_input_filter = sapi_module.input_filter;
