Hi Luk, On Friday 05 September 2008, Luk Claes wrote: > 0.9.24 is in unstable and testing and below diffstat doesn't look > promissing. Though please point me to an actual diff to have a look if > it's worth it.
since the dfsg issue seems to be solved, you can find the diff attached. Thanks and with kind regards, Jan. -- Never write mail to <[EMAIL PROTECTED]>, you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------
diff -Nur php-suhosin-0.9.24/Changelog php-suhosin-0.9.27/Changelog --- php-suhosin-0.9.24/Changelog 2008-05-10 18:03:53.000000000 +0200 +++ php-suhosin-0.9.27/Changelog 2008-08-23 11:15:02.000000000 +0200 @@ -1,3 +1,23 @@ +2008-08-23 - 0.9.27 + + - Fixed typo in replacement rand() / mt_rand() that was hidden by LAZY symbol loading + +2008-08-22 - 0.9.26 + + - Fixed problem with suhosin.perdir + Thanks to Hosteurope for tracking this down + - Fixed problems with ext/uploadprogress + Reported by: Christian Stocker + - Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on) + - Modified rand()/srand() to use the Mersenne Twister algorithm with separate state + - Added better internal seeding of rand() and mt_rand() + +2008-08-06 - 0.9.25 + + - Fixed PHP 4 compilation problem introduced in 0.9.24 + - Fixed PHP 5.3 compilation problem + - Changed PHP default POST handler to PHP's current handler + 2008-05-10 - 0.9.24 - Added support for method-calls to function handling diff -Nur php-suhosin-0.9.24/debian/changelog php-suhosin-0.9.27/debian/changelog --- php-suhosin-0.9.24/debian/changelog 2008-10-01 12:13:51.000000000 +0200 +++ php-suhosin-0.9.27/debian/changelog 2008-10-01 11:54:42.000000000 +0200 @@ -1,3 +1,10 @@ +php-suhosin (0.9.27-1) unstable; urgency=low + + * new upstream release (closes: #497871) + * declare license situation of execute.c in copyright file + + -- Jan Wagner <[EMAIL PROTECTED]> Wed, 18 Jun 2008 15:16:33 +0200 + php-suhosin (0.9.24-1) unstable; urgency=low * new upstream release @@ -33,7 +40,7 @@ [ Alexander Wirt ] * Bump standards version * Don't ignore errors from make clean - * Update copyright file + * Update copyright file -- Alexander Wirt <[EMAIL PROTECTED]> Thu, 06 Dec 2007 10:53:43 +0100 @@ -65,7 +72,7 @@ php-suhosin (0.9.12-1) unstable; urgency=low * new upstream - * fixed address of "Free Software Foundation, Inc." in changelog + * fixed address of "Free Software Foundation, Inc." in changelog -- Jan Wagner <[EMAIL PROTECTED]> Sun, 17 Nov 2006 15:41:36 +0100 @@ -75,7 +82,7 @@ * drop debian/po [ Alexander Wirt ] - * Update debian/copyright + * Update debian/copyright -- Alexander Wirt <[EMAIL PROTECTED]> Sun, 12 Nov 2006 20:09:02 +0100 diff -Nur php-suhosin-0.9.24/debian/copyright php-suhosin-0.9.27/debian/copyright --- php-suhosin-0.9.24/debian/copyright 2008-10-01 12:13:51.000000000 +0200 +++ php-suhosin-0.9.27/debian/copyright 2008-10-01 11:52:55.000000000 +0200 @@ -51,6 +51,25 @@ Copyright (C) 1991 Jochen Obalek <[EMAIL PROTECTED]> License: PHP license 3.01 + File execute.c + Copyright (c) 2006-2007 The Hardened-PHP Project + Copyright (c) 2007 SektionEins GmbH + Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura, + Copyright (C) 2000 - 2003, Richard J. Wagner + License: PHP license 3.01 + + The file contains the following clause were the code is taken out of + ext/standard/rand.c from PHP Source with a statement that isn't + compatible with the DFSG: + "The code as Shawn received it included the following notice: + + Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura. When + you use this, send an e-mail to <[EMAIL PROTECTED]> with + an appropriate reference to your work." + + However, this requirement has been rescinded by the copyright holder in + message <[EMAIL PROTECTED]> to bug #498621. + File rfc1867.c Copyright (c) 1997-2006 The PHP Group Rasmus Lerdorf <[EMAIL PROTECTED]> diff -Nur php-suhosin-0.9.24/execute.c php-suhosin-0.9.27/execute.c --- php-suhosin-0.9.24/execute.c 2008-05-10 18:01:22.000000000 +0200 +++ php-suhosin-0.9.27/execute.c 2008-08-23 10:53:32.000000000 +0200 @@ -28,11 +28,14 @@ #include "zend_hash.h" #include "zend_extensions.h" #include "ext/standard/info.h" +#include "ext/standard/php_rand.h" #include "php_suhosin.h" #include "zend_compile.h" #include "zend_llist.h" #include "SAPI.h" +#include "sha256.h" + static void (*old_execute)(zend_op_array *op_array TSRMLS_DC); static void suhosin_execute(zend_op_array *op_array TSRMLS_DC); @@ -764,7 +767,11 @@ int ih_querycheck(IH_HANDLER_PARAMS) { +#ifdef PHP_ATLEAST_5_3 + void **p = zend_vm_stack_top(TSRMLS_C) - 1; +#else void **p = EG(argument_stack).top_element-2; +#endif unsigned long arg_count; zval **arg; char *query, *s, *e; @@ -920,7 +927,11 @@ int ih_fixusername(IH_HANDLER_PARAMS) { +#ifdef PHP_ATLEAST_5_3 + void **p = zend_vm_stack_top(TSRMLS_C) - 1; +#else void **p = EG(argument_stack).top_element-2; +#endif unsigned long arg_count; zval **arg;char *prefix, *postfix, *user; zval *backup, *my_user; @@ -1089,6 +1100,368 @@ return (1); } +/* MT RAND FUNCTIONS */ + +/* + The following php_mt_...() functions are based on a C++ class MTRand by + Richard J. Wagner. For more information see the web page at + http://www-personal.engin.umich.edu/~wagnerr/MersenneTwister.html + + Mersenne Twister random number generator -- a C++ class MTRand + Based on code by Makoto Matsumoto, Takuji Nishimura, and Shawn Cokus + Richard J. Wagner v1.0 15 May 2003 [EMAIL PROTECTED] + + The Mersenne Twister is an algorithm for generating random numbers. It + was designed with consideration of the flaws in various other generators. + The period, 2^19937-1, and the order of equidistribution, 623 dimensions, + are far greater. The generator is also fast; it avoids multiplication and + division, and it benefits from caches and pipelines. For more information + see the inventors' web page at http://www.math.keio.ac.jp/~matumoto/emt.html + + Reference + M. Matsumoto and T. Nishimura, "Mersenne Twister: A 623-Dimensionally + Equidistributed Uniform Pseudo-Random Number Generator", ACM Transactions on + Modeling and Computer Simulation, Vol. 8, No. 1, January 1998, pp 3-30. + + Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura, + Copyright (C) 2000 - 2003, Richard J. Wagner + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. The names of its contributors may not be used to endorse or promote + products derived from this software without specific prior written + permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + The original code included the following notice: + + When you use this, send an email to: [EMAIL PROTECTED] + with an appropriate reference to your work. + + It would be nice to CC: [EMAIL PROTECTED] and [EMAIL PROTECTED] + when you write. +*/ + +#define N 624 /* length of state vector */ +#define M (397) /* a period parameter */ +#define hiBit(u) ((u) & 0x80000000U) /* mask all but highest bit of u */ +#define loBit(u) ((u) & 0x00000001U) /* mask all but lowest bit of u */ +#define loBits(u) ((u) & 0x7FFFFFFFU) /* mask the highest bit of u */ +#define mixBits(u, v) (hiBit(u)|loBits(v)) /* move hi bit of u to hi bit of v */ + +#define twist(m,u,v) (m ^ (mixBits(u,v)>>1) ^ ((php_uint32)(-(php_int32)(loBit(u))) & 0x9908b0dfU)) + +/* {{{ php_mt_initialize + */ +static inline void suhosin_mt_initialize(php_uint32 seed, php_uint32 *state) +{ + /* Initialize generator state with seed + See Knuth TAOCP Vol 2, 3rd Ed, p.106 for multiplier. + In previous versions, most significant bits (MSBs) of the seed affect + only MSBs of the state array. Modified 9 Jan 2002 by Makoto Matsumoto. */ + + register php_uint32 *s = state; + register php_uint32 *r = state; + register int i = 1; + + *s++ = seed & 0xffffffffU; + for( ; i < N; ++i ) { + *s++ = ( 1812433253U * ( *r ^ (*r >> 30) ) + i ) & 0xffffffffU; + r++; + } +} +/* }}} */ + +static inline void suhosin_mt_init_by_array(php_uint32 *key, int keylen, php_uint32 *state) +{ + int i, j, k; + suhosin_mt_initialize(19650218U, state); + i = 1; j = 0; + k = (N > keylen ? N : keylen); + for (; k; k--) { + state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1664525U)) + key[j] + j; + i++; j = (j+1) % keylen; + if (i >= N) { state[0] = state[N-1]; i=1; } + } + for (k=N-1; k; k--) { + state[i] = (state[i] ^ ((state[i-1] ^ (state[i-1] >> 30)) * 1566083941U)) - i; + i++; + if (i >= N) { state[0] = state[N-1]; i=1; } + } + state[0] = 0x80000000U; +} +/* }}} */ + + +/* {{{ suhosin_mt_reload + */ +static inline void suhosin_mt_reload(php_uint32 *state, php_uint32 **next, int *left) +{ + /* Generate N new values in state + Made clearer and faster by Matthew Bellew ([EMAIL PROTECTED]) */ + + register php_uint32 *p = state; + register int i; + + for (i = N - M; i--; ++p) + *p = twist(p[M], p[0], p[1]); + for (i = M; --i; ++p) + *p = twist(p[M-N], p[0], p[1]); + *p = twist(p[M-N], p[0], state[0]); + *left = N; + *next = state; +} +/* }}} */ + +/* {{{ suhosin_mt_srand + */ +static void suhosin_mt_srand(php_uint32 seed TSRMLS_DC) +{ + /* Seed the generator with a simple uint32 */ + suhosin_mt_initialize(seed, SUHOSIN_G(mt_state)); + suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left)); + + /* Seed only once */ + SUHOSIN_G(mt_is_seeded) = 1; +} +/* }}} */ + +/* {{{ suhosin_mt_rand + */ +static php_uint32 suhosin_mt_rand(TSRMLS_D) +{ + /* Pull a 32-bit integer from the generator state + Every other access function simply transforms the numbers extracted here */ + + register php_uint32 s1; + + if (SUHOSIN_G(mt_left) == 0) { + suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left)); + } + --SUHOSIN_G(mt_left); + + s1 = *SUHOSIN_G(mt_next)++; + s1 ^= (s1 >> 11); + s1 ^= (s1 << 7) & 0x9d2c5680U; + s1 ^= (s1 << 15) & 0xefc60000U; + return ( s1 ^ (s1 >> 18) ); +} +/* }}} */ + +/* {{{ suhosin_gen_entropy + */ +static void suhosin_gen_entropy(php_uint32 *seedbuf TSRMLS_DC) +{ + /* On a modern OS code, stack and heap base are randomized */ + unsigned long code_value = (unsigned long)suhosin_gen_entropy; + unsigned long stack_value = (unsigned long)&code_value; + unsigned long heap_value = (unsigned long)SUHOSIN_G(r_state); + suhosin_SHA256_CTX context; + + code_value ^= code_value >> 32; + stack_value ^= stack_value >> 32; + heap_value ^= heap_value >> 32; + + seedbuf[0] = code_value; + seedbuf[1] = stack_value; + seedbuf[2] = heap_value; + seedbuf[3] = time(0); +#ifdef PHP_WIN32 + seedbuf[4] = GetCurrentProcessId(); +#else + seedbuf[4] = getpid(); +#endif + seedbuf[5] = (php_uint32) 0x7fffffff * php_combined_lcg(TSRMLS_C); + + suhosin_SHA256Init(&context); + suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 6); + suhosin_SHA256Final(seedbuf, &context); +} +/* }}} */ + + +/* {{{ suhosin_srand_auto + */ +static void suhosin_srand_auto(TSRMLS_D) +{ + php_uint32 seed[8]; + suhosin_gen_entropy(&seed[0] TSRMLS_CC); + + suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(r_state)); + suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left)); + + /* Seed only once */ + SUHOSIN_G(r_is_seeded) = 1; +} +/* }}} */ + +/* {{{ suhosin_mt_srand_auto + */ +static void suhosin_mt_srand_auto(TSRMLS_D) +{ + php_uint32 seed[8]; + suhosin_gen_entropy(&seed[0] TSRMLS_CC); + + suhosin_mt_init_by_array(seed, 8, SUHOSIN_G(mt_state)); + suhosin_mt_reload(SUHOSIN_G(mt_state), &SUHOSIN_G(mt_next), &SUHOSIN_G(mt_left)); + + /* Seed only once */ + SUHOSIN_G(mt_is_seeded) = 1; +} +/* }}} */ + + +/* {{{ suhosin_srand + */ +static void suhosin_srand(php_uint32 seed TSRMLS_DC) +{ + /* Seed the generator with a simple uint32 */ + suhosin_mt_initialize(seed+0x12345, SUHOSIN_G(r_state)); + suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left)); + + /* Seed only once */ + SUHOSIN_G(r_is_seeded) = 1; +} +/* }}} */ + +/* {{{ suhosin_mt_rand + */ +static php_uint32 suhosin_rand(TSRMLS_D) +{ + /* Pull a 32-bit integer from the generator state + Every other access function simply transforms the numbers extracted here */ + + register php_uint32 s1; + + if (SUHOSIN_G(r_left) == 0) { + suhosin_mt_reload(SUHOSIN_G(r_state), &SUHOSIN_G(r_next), &SUHOSIN_G(r_left)); + } + --SUHOSIN_G(r_left); + + s1 = *SUHOSIN_G(r_next)++; + s1 ^= (s1 >> 11); + s1 ^= (s1 << 7) & 0x9d2c5680U; + s1 ^= (s1 << 15) & 0xefc60000U; + return ( s1 ^ (s1 >> 18) ); +} +/* }}} */ + +static int ih_srand(IH_HANDLER_PARAMS) +{ + int argc = ZEND_NUM_ARGS(); + long seed; + + if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(srand_ignore)) { + RETVAL_FALSE; + return (1); + } + + if (argc == 0) { + suhosin_srand_auto(TSRMLS_C); + } else { + suhosin_srand(seed TSRMLS_CC); + } + RETVAL_TRUE; + return (1); +} + +static int ih_mt_srand(IH_HANDLER_PARAMS) +{ + int argc = ZEND_NUM_ARGS(); + long seed; + + if (zend_parse_parameters(argc TSRMLS_CC, "|l", &seed) == FAILURE || SUHOSIN_G(mt_srand_ignore)) { + RETVAL_FALSE; + return (1); + } + + if (argc == 0) { + suhosin_mt_srand_auto(TSRMLS_C); + } else { + suhosin_mt_srand(seed TSRMLS_CC); + } + RETVAL_TRUE; + return (1); +} + +static int ih_mt_rand(IH_HANDLER_PARAMS) +{ + int argc = ZEND_NUM_ARGS(); + long min; + long max; + long number; + + if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { + return (1); + } + + if (!SUHOSIN_G(mt_is_seeded)) { + suhosin_mt_srand_auto(TSRMLS_C); + } + + number = (long) (suhosin_mt_rand(TSRMLS_C) >> 1); + if (argc == 2) { + RAND_RANGE(number, min, max, PHP_MT_RAND_MAX); + } + + RETURN_LONG(number); +} + +static int ih_rand(IH_HANDLER_PARAMS) +{ + int argc = ZEND_NUM_ARGS(); + long min; + long max; + long number; + + if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) { + return (1); + } + + if (!SUHOSIN_G(r_is_seeded)) { + suhosin_srand_auto(TSRMLS_C); + } + + number = (long) (suhosin_rand(TSRMLS_C) >> 1); + if (argc == 2) { + RAND_RANGE(number, min, max, PHP_MT_RAND_MAX); + } + + RETURN_LONG(number); +} + +static int ih_getrandmax(IH_HANDLER_PARAMS) +{ + int argc = ZEND_NUM_ARGS(); + + if (argc != 0) { + ZEND_WRONG_PARAM_COUNT(); + } + + RETVAL_LONG(PHP_MT_RAND_MAX); + return (1); +} internal_function_handler ihandlers[] = { { "preg_replace", ih_preg_replace, NULL, NULL, NULL }, @@ -1096,6 +1469,13 @@ { "symlink", ih_symlink, NULL, NULL, NULL }, { "phpinfo", ih_phpinfo, NULL, NULL, NULL }, + { "srand", ih_srand, NULL, NULL, NULL }, + { "mt_srand", ih_mt_srand, NULL, NULL, NULL }, + { "rand", ih_rand, NULL, NULL, NULL }, + { "mt_rand", ih_mt_rand, NULL, NULL, NULL }, + { "getrandmax", ih_getrandmax, NULL, NULL, NULL }, + { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL }, + { "ocilogon", ih_fixusername, (void *)1, NULL, NULL }, { "ociplogon", ih_fixusername, (void *)1, NULL, NULL }, { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL }, @@ -1150,11 +1530,13 @@ char *lcname; int function_name_strlen, free_lcname = 0; zval *return_value; - zend_class_entry *ce; + zend_class_entry *ce = NULL; int ht; internal_function_handler *ih; - + +#ifdef ZEND_ENGINE_2 ce = ((zend_internal_function *) execute_data_ptr->function_state.function)->scope; +#endif lcname = ((zend_internal_function *) execute_data_ptr->function_state.function)->function_name; function_name_strlen = strlen(lcname); diff -Nur php-suhosin-0.9.24/php_suhosin.h php-suhosin-0.9.27/php_suhosin.h --- php-suhosin-0.9.24/php_suhosin.h 2008-05-10 17:15:01.000000000 +0200 +++ php-suhosin-0.9.27/php_suhosin.h 2008-08-23 11:15:04.000000000 +0200 @@ -22,7 +22,7 @@ #ifndef PHP_SUHOSIN_H #define PHP_SUHOSIN_H -#define SUHOSIN_EXT_VERSION "0.9.24" +#define SUHOSIN_EXT_VERSION "0.9.27" /*#define SUHOSIN_DEBUG*/ #define SUHOSIN_LOG "/tmp/suhosin_log.txt" @@ -64,6 +64,8 @@ PHP_RSHUTDOWN_FUNCTION(suhosin); PHP_MINFO_FUNCTION(suhosin); +#include "ext/standard/basic_functions.h" + ZEND_BEGIN_MODULE_GLOBALS(suhosin) zend_uint in_code_type; long execution_depth; @@ -222,6 +224,18 @@ zend_bool disable_display_errors; + php_uint32 r_state[625]; + php_uint32 *r_next; + int r_left; + zend_bool srand_ignore; + zend_bool mt_srand_ignore; + php_uint32 mt_state[625]; + php_uint32 *mt_next; + int mt_left; + + zend_bool r_is_seeded; + zend_bool mt_is_seeded; + /* PERDIR Handling */ char *perdir; zend_bool log_perdir; @@ -385,6 +399,10 @@ return pz->is_ref = isref; } +#else + +#define PHP_ATLEAST_5_3 true + #endif diff -Nur php-suhosin-0.9.24/post_handler.c php-suhosin-0.9.27/post_handler.c --- php-suhosin-0.9.24/post_handler.c 2007-11-28 02:15:35.000000000 +0100 +++ php-suhosin-0.9.27/post_handler.c 2008-08-06 12:56:28.000000000 +0200 @@ -38,40 +38,45 @@ SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler) { - char *var, *val; - char *strtok_buf = NULL; - zval *array_ptr = (zval *) arg; - - if (SG(request_info).post_data == NULL) { - return; - } - - var = php_strtok_r(SG(request_info).post_data, "&", &strtok_buf); - - while (var) { - val = strchr(var, '='); - if (val) { /* have a value */ - unsigned int val_len, new_val_len; - - *val++ = '\0'; - php_url_decode(var, strlen(var)); - val_len = php_url_decode(val, strlen(val)); - val = estrndup(val, val_len); - if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { + char *var, *val, *e, *s, *p; + zval *array_ptr = (zval *) arg; + + if (SG(request_info).post_data==NULL) { + return; + } + + s = SG(request_info).post_data; + e = s + SG(request_info).post_data_length; + + while (s < e && (p = memchr(s, '&', (e - s)))) { +last_value: + if ((val = memchr(s, '=', (p - s)))) { /* have a value */ + unsigned int val_len, new_val_len; + var = s; + + php_url_decode(var, (val - s)); + val++; + val_len = php_url_decode(val, (p - val)); + val = estrndup(val, val_len); + if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { #ifdef ZEND_ENGINE_2 - if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) { + if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) { #endif - php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); + php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); #ifdef ZEND_ENGINE_2 - } + } #endif - } else { - SUHOSIN_G(abort_request)=1; - } - efree(val); - } - var = php_strtok_r(NULL, "&", &strtok_buf); - } + } else { + SUHOSIN_G(abort_request)=1; + } + efree(val); + } + s = p + 1; + } + if (s < e) { + p = e; + goto last_value; + } } /* {{{ php_post_entries[] diff -Nur php-suhosin-0.9.24/rfc1867.c php-suhosin-0.9.27/rfc1867.c --- php-suhosin-0.9.24/rfc1867.c 2007-11-28 02:15:35.000000000 +0100 +++ php-suhosin-0.9.27/rfc1867.c 2008-08-21 18:16:41.000000000 +0200 @@ -742,7 +742,7 @@ XXX: this is horrible memory-usage-wise, but we only expect to do this on small pieces of form data. */ -static char *multipart_buffer_read_body(multipart_buffer *self TSRMLS_DC) +static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int *len TSRMLS_DC) { char buf[FILLUNIT], *out=NULL; int total_bytes=0, read_bytes=0; @@ -754,6 +754,7 @@ } if (out) out[total_bytes] = '\0'; + *len = total_bytes; return out; } @@ -904,7 +905,8 @@ /* Normal form variable, safe to read all data into memory */ if (!filename && param) { - char *value = multipart_buffer_read_body(mbuff TSRMLS_CC); + unsigned int value_len; + char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC); unsigned int new_val_len; /* Dummy variable */ if (!value) { @@ -948,7 +950,16 @@ safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); #endif #ifdef ZEND_ENGINE_2 - } + } else { + multipart_event_formdata event_formdata; + + event_formdata.post_bytes_processed = SG(read_post_bytes); + event_formdata.name = param; + event_formdata.value = &value; + event_formdata.length = value_len; + event_formdata.newlength = NULL; + suhosin_rfc1867_filter(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + } #endif if (!strcasecmp(param, "MAX_FILE_SIZE")) { max_file_size = atol(value); diff -Nur php-suhosin-0.9.24/suhosin.c php-suhosin-0.9.27/suhosin.c --- php-suhosin-0.9.24/suhosin.c 2008-05-10 17:59:43.000000000 +0200 +++ php-suhosin-0.9.27/suhosin.c 2008-08-22 16:34:00.000000000 +0200 @@ -847,10 +847,10 @@ ZEND_INI_ENTRY("suhosin.log.file", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_file) STD_ZEND_INI_ENTRY("suhosin.log.file.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogString, log_filename, zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) - ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir) ZEND_INI_END() PHP_INI_BEGIN() + ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir) STD_ZEND_INI_ENTRY("suhosin.executor.include.max_traversal", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, executor_include_max_traversal, zend_suhosin_globals, suhosin_globals) ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist) ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist) @@ -952,6 +952,9 @@ STD_ZEND_INI_BOOLEAN("suhosin.server.encode", "1", ZEND_INI_SYSTEM, OnUpdateBool, server_encode,zend_suhosin_globals, suhosin_globals) STD_ZEND_INI_BOOLEAN("suhosin.server.strip", "1", ZEND_INI_SYSTEM, OnUpdateBool, server_strip,zend_suhosin_globals, suhosin_globals) + STD_ZEND_INI_BOOLEAN("suhosin.srand.ignore", "1", ZEND_INI_SYSTEM|ZEND_INI_PERDIR, OnUpdateMiscBool, srand_ignore,zend_suhosin_globals, suhosin_globals) + STD_ZEND_INI_BOOLEAN("suhosin.mt_srand.ignore", "1", ZEND_INI_SYSTEM|ZEND_INI_PERDIR, OnUpdateMiscBool, mt_srand_ignore,zend_suhosin_globals, suhosin_globals) + PHP_INI_END() /* }}} */ @@ -1200,10 +1203,10 @@ PUTS(!sapi_module.phpinfo_as_text?"<br /><br />":"\n\n"); if (sapi_module.phpinfo_as_text) { PUTS("Copyright (c) 2006-2007 Hardened-PHP Project\n"); - PUTS("Copyright (c) 2007 SektionEins GmbH\n"); + PUTS("Copyright (c) 2007-2008 SektionEins GmbH\n"); } else { PUTS("Copyright (c) 2006-2007 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a><br />\n"); - PUTS("Copyright (c) 2007 <a href=\"http://www.sektioneins.de/\">SektionEins GmbH</a>\n"); + PUTS("Copyright (c) 2007-2008 <a href=\"http://www.sektioneins.de/\">SektionEins GmbH</a>\n"); } php_info_print_box_end();
signature.asc
Description: This is a digitally signed message part.