static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_bool raw_output_default) /* {{{ */ { char *algo, *data, *digest; int algo_len, data_len; zend_bool raw_output = raw_output_default; const php_hash_ops *ops; void *context; php_stream *stream = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss|b", &algo, &algo_len, &data, &data_len, &raw_output) == FAILURE) { return; } ops = php_hash_fetch_ops(algo, algo_len); if (!ops) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown hashing algorithm: %s", algo); RETURN_FALSE; } if (isfilename) { if (CHECK_NULL_PATH(data, data_len)) { RETURN_FALSE; } stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; } } context = emalloc(ops->context_size); ops->hash_init(context); if (isfilename) { char buf[1024]; int n; while ((n = php_stream_read(stream, buf, sizeof(buf))) > 0) { ops->hash_update(context, (unsigned char *) buf, n); } php_stream_close(stream); } else { ops->hash_update(context, (unsigned char *) data, data_len); } digest = emalloc(ops->digest_size + 1); ops->hash_final((unsigned char *) digest, context); efree(context); if (raw_output) { digest[ops->digest_size] = 0; RETURN_STRINGL(digest, ops->digest_size, 0); } else { char *hex_digest = safe_emalloc(ops->digest_size, 2, 1); php_hash_bin2hex(hex_digest, (unsigned char *) digest, ops->digest_size); hex_digest[2 * ops->digest_size] = 0; efree(digest); RETURN_STRINGL(hex_digest, 2 * ops->digest_size, 0); } }
static void php_hash_do_hash(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_bool raw_output_default) /* {{{ */ { zend_string *digest; char *algo, *data; size_t algo_len, data_len; zend_bool raw_output = raw_output_default; const php_hash_ops *ops; void *context; php_stream *stream = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss|b", &algo, &algo_len, &data, &data_len, &raw_output) == FAILURE) { return; } ops = php_hash_fetch_ops(algo, algo_len); if (!ops) { php_error_docref(NULL, E_WARNING, "Unknown hashing algorithm: %s", algo); RETURN_FALSE; } if (isfilename) { if (CHECK_NULL_PATH(data, data_len)) { php_error_docref(NULL, E_WARNING, "Invalid path"); RETURN_FALSE; } stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, FG(default_context)); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; } } context = emalloc(ops->context_size); ops->hash_init(context); if (isfilename) { char buf[1024]; size_t n; while ((n = php_stream_read(stream, buf, sizeof(buf))) > 0) { ops->hash_update(context, (unsigned char *) buf, n); } php_stream_close(stream); } else { ops->hash_update(context, (unsigned char *) data, data_len); } digest = zend_string_alloc(ops->digest_size, 0); ops->hash_final((unsigned char *) ZSTR_VAL(digest), context); efree(context); if (raw_output) { ZSTR_VAL(digest)[ops->digest_size] = 0; RETURN_NEW_STR(digest); } else { zend_string *hex_digest = zend_string_safe_alloc(ops->digest_size, 2, 0, 0); php_hash_bin2hex(ZSTR_VAL(hex_digest), (unsigned char *) ZSTR_VAL(digest), ops->digest_size); ZSTR_VAL(hex_digest)[2 * ops->digest_size] = 0; zend_string_release(digest); RETURN_NEW_STR(hex_digest); } }
/* {{{ php_resolve_path * Returns the realpath for given filename according to include path */ PHPAPI zend_string *php_resolve_path(const char *filename, int filename_length, const char *path) { char resolved_path[MAXPATHLEN]; char trypath[MAXPATHLEN]; const char *ptr, *end, *p; const char *actual_path; php_stream_wrapper *wrapper; zend_string *exec_filename; if (!filename || CHECK_NULL_PATH(filename, filename_length)) { return NULL; } /* Don't resolve paths which contain protocol (except of file://) */ for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) { wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE); if (wrapper == &php_plain_files_wrapper) { if (tsrm_realpath(actual_path, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } } return NULL; } if ((*filename == '.' && (IS_SLASH(filename[1]) || ((filename[1] == '.') && IS_SLASH(filename[2])))) || IS_ABSOLUTE_PATH(filename, filename_length) || !path || !*path) { if (tsrm_realpath(filename, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } else { return NULL; } } ptr = path; while (ptr && *ptr) { /* Check for stream wrapper */ int is_stream_wrapper = 0; for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) { /* .:// or ..:// is not a stream wrapper */ if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) { p += 3; is_stream_wrapper = 1; } } end = strchr(p, DEFAULT_DIR_SEPARATOR); if (end) { if ((end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) { ptr = end + 1; continue; } memcpy(trypath, ptr, end-ptr); trypath[end-ptr] = '/'; memcpy(trypath+(end-ptr)+1, filename, filename_length+1); ptr = end+1; } else { int len = (int)strlen(ptr); if (len + 1 + filename_length + 1 >= MAXPATHLEN) { break; } memcpy(trypath, ptr, len); trypath[len] = '/'; memcpy(trypath+len+1, filename, filename_length+1); ptr = NULL; } actual_path = trypath; if (is_stream_wrapper) { wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE); if (!wrapper) { continue; } else if (wrapper != &php_plain_files_wrapper) { if (wrapper->wops->url_stat) { php_stream_statbuf ssb; if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) { return zend_string_init(trypath, strlen(trypath), 0); } } continue; } } if (tsrm_realpath(actual_path, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } } /* end provided path */ /* check in calling scripts' current working directory as a fall back case */ if (zend_is_executing() && (exec_filename = zend_get_executed_filename_ex()) != NULL) { const char *exec_fname = exec_filename->val; size_t exec_fname_length = exec_filename->len; while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length])); if (exec_fname_length > 0 && exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) { memcpy(trypath, exec_fname, exec_fname_length + 1); memcpy(trypath+exec_fname_length + 1, filename, filename_length+1); actual_path = trypath; /* Check for stream wrapper */ for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) { wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE); if (!wrapper) { return NULL; } else if (wrapper != &php_plain_files_wrapper) { if (wrapper->wops->url_stat) { php_stream_statbuf ssb; if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) { return zend_string_init(trypath, strlen(trypath), 0); } } return NULL; } } if (tsrm_realpath(actual_path, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } } } return NULL; }
/* {{{ php_resolve_path * Returns the realpath for given filename according to include path */ PHPAPI zend_string *php_resolve_path(const char *filename, int filename_length, const char *path) { char resolved_path[MAXPATHLEN]; char trypath[MAXPATHLEN]; const char *ptr, *end, *p; const char *actual_path; php_stream_wrapper *wrapper; zend_string *exec_filename; if (!filename || CHECK_NULL_PATH(filename, filename_length)) { return NULL; } /* Don't resolve paths which contain protocol (except of file://) */ for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) { wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE); if (wrapper == &php_plain_files_wrapper) { if (tsrm_realpath(actual_path, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } } return NULL; } if ((*filename == '.' && (IS_SLASH(filename[1]) || ((filename[1] == '.') && IS_SLASH(filename[2])))) || IS_ABSOLUTE_PATH(filename, filename_length) || #if PHP_WIN32 /* This should count as an absolute local path as well, however IS_ABSOLUTE_PATH doesn't care about this path form till now. It might be a big thing to extend, thus just a local handling for now. */ filename_length >=2 && IS_SLASH(filename[0]) && !IS_SLASH(filename[1]) || #endif !path || !*path) { if (tsrm_realpath(filename, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } else { return NULL; } } ptr = path; while (ptr && *ptr) { /* Check for stream wrapper */ int is_stream_wrapper = 0; for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) { /* .:// or ..:// is not a stream wrapper */ if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) { p += 3; is_stream_wrapper = 1; } } end = strchr(p, DEFAULT_DIR_SEPARATOR); if (end) { if (filename_length > (MAXPATHLEN - 2) || (end-ptr) > MAXPATHLEN || (end-ptr) + 1 + (size_t)filename_length + 1 >= MAXPATHLEN) { ptr = end + 1; continue; } memcpy(trypath, ptr, end-ptr); trypath[end-ptr] = '/'; memcpy(trypath+(end-ptr)+1, filename, filename_length+1); ptr = end+1; } else { size_t len = strlen(ptr); if (filename_length > (MAXPATHLEN - 2) || len > MAXPATHLEN || len + 1 + (size_t)filename_length + 1 >= MAXPATHLEN) { break; } memcpy(trypath, ptr, len); trypath[len] = '/'; memcpy(trypath+len+1, filename, filename_length+1); ptr = NULL; } actual_path = trypath; if (is_stream_wrapper) { wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE); if (!wrapper) { continue; } else if (wrapper != &php_plain_files_wrapper) { if (wrapper->wops->url_stat) { php_stream_statbuf ssb; if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) { return zend_string_init(trypath, strlen(trypath), 0); } } continue; } } if (tsrm_realpath(actual_path, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } } /* end provided path */ /* check in calling scripts' current working directory as a fall back case */ if (zend_is_executing() && (exec_filename = zend_get_executed_filename_ex()) != NULL) { const char *exec_fname = ZSTR_VAL(exec_filename); size_t exec_fname_length = ZSTR_LEN(exec_filename); while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length])); if (exec_fname_length > 0 && filename_length < (MAXPATHLEN - 2) && exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) { memcpy(trypath, exec_fname, exec_fname_length + 1); memcpy(trypath+exec_fname_length + 1, filename, filename_length+1); actual_path = trypath; /* Check for stream wrapper */ for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) { wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE); if (!wrapper) { return NULL; } else if (wrapper != &php_plain_files_wrapper) { if (wrapper->wops->url_stat) { php_stream_statbuf ssb; if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) { return zend_string_init(trypath, strlen(trypath), 0); } } return NULL; } } if (tsrm_realpath(actual_path, resolved_path)) { return zend_string_init(resolved_path, strlen(resolved_path), 0); } } } return NULL; }
static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mimetype_emu) /* {{{ */ { zend_long options = 0; char *ret_val = NULL, *buffer = NULL; size_t buffer_len; php_fileinfo *finfo = NULL; zval *zfinfo, *zcontext = NULL; zval *what; char mime_directory[] = "directory"; struct magic_set *magic = NULL; FILEINFO_DECLARE_INIT_OBJECT(object) if (mimetype_emu) { /* mime_content_type(..) emulation */ if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &what) == FAILURE) { return; } switch (Z_TYPE_P(what)) { case IS_STRING: buffer = Z_STRVAL_P(what); buffer_len = Z_STRLEN_P(what); mode = FILEINFO_MODE_FILE; break; case IS_RESOURCE: mode = FILEINFO_MODE_STREAM; break; default: php_error_docref(NULL, E_WARNING, "Can only process string or stream arguments"); RETURN_FALSE; } magic = magic_open(MAGIC_MIME_TYPE); if (magic_load(magic, NULL) == -1) { php_error_docref(NULL, E_WARNING, "Failed to load magic database."); goto common; } } else if (object) { if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|lr", &buffer, &buffer_len, &options, &zcontext) == FAILURE) { RETURN_FALSE; } FILEINFO_FROM_OBJECT(finfo, object); magic = finfo->magic; } else { if (zend_parse_parameters(ZEND_NUM_ARGS(), "rs|lr", &zfinfo, &buffer, &buffer_len, &options, &zcontext) == FAILURE) { RETURN_FALSE; } if ((finfo = (php_fileinfo *)zend_fetch_resource(Z_RES_P(zfinfo), "file_info", le_fileinfo)) == NULL) { RETURN_FALSE; } magic = finfo->magic; } /* Set options for the current file/buffer. */ if (options) { FINFO_SET_OPTION(magic, options) } switch (mode) { case FILEINFO_MODE_BUFFER: { ret_val = (char *) magic_buffer(magic, buffer, buffer_len); break; } case FILEINFO_MODE_STREAM: { php_stream *stream; zend_off_t streampos; php_stream_from_zval_no_verify(stream, what); if (!stream) { goto common; } streampos = php_stream_tell(stream); /* remember stream position for restoration */ php_stream_seek(stream, 0, SEEK_SET); ret_val = (char *) magic_stream(magic, stream); php_stream_seek(stream, streampos, SEEK_SET); break; } case FILEINFO_MODE_FILE: { /* determine if the file is a local file or remote URL */ const char *tmp2; php_stream_wrapper *wrap; php_stream_statbuf ssb; if (buffer == NULL || !*buffer) { php_error_docref(NULL, E_WARNING, "Empty filename or path"); RETVAL_FALSE; goto clean; } if (CHECK_NULL_PATH(buffer, buffer_len)) { php_error_docref(NULL, E_WARNING, "Invalid path"); RETVAL_FALSE; goto clean; } wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0); if (wrap) { php_stream *stream; php_stream_context *context = php_stream_context_from_zval(zcontext, 0); #ifdef PHP_WIN32 if (php_stream_stat_path_ex(buffer, 0, &ssb, context) == SUCCESS) { if (ssb.sb.st_mode & S_IFDIR) { ret_val = mime_directory; goto common; } } #endif #if PHP_API_VERSION < 20100412 stream = php_stream_open_wrapper_ex(buffer, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); #else stream = php_stream_open_wrapper_ex(buffer, "rb", REPORT_ERRORS, NULL, context); #endif if (!stream) { RETVAL_FALSE; goto clean; } if (php_stream_stat(stream, &ssb) == SUCCESS) { if (ssb.sb.st_mode & S_IFDIR) { ret_val = mime_directory; } else { ret_val = (char *)magic_stream(magic, stream); } } php_stream_close(stream); } break; } default: php_error_docref(NULL, E_WARNING, "Can only process string or stream arguments"); } common: if (ret_val) { RETVAL_STRING(ret_val); } else { php_error_docref(NULL, E_WARNING, "Failed identify data %d:%s", magic_errno(magic), magic_error(magic)); RETVAL_FALSE; } clean: if (mimetype_emu) { magic_close(magic); } /* Restore options */ if (options) { FINFO_SET_OPTION(magic, finfo->options) } return; }
static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, zend_bool raw_output_default) /* {{{ */ { char *algo, *data, *digest, *key, *K; int algo_len, data_len, key_len, i; zend_bool raw_output = raw_output_default; const php_hash_ops *ops; void *context; php_stream *stream = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|b", &algo, &algo_len, &data, &data_len, &key, &key_len, &raw_output) == FAILURE) { return; } ops = php_hash_fetch_ops(algo, algo_len); if (!ops) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown hashing algorithm: %s", algo); RETURN_FALSE; } if (isfilename) { if (CHECK_NULL_PATH(data, data_len)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path"); RETURN_FALSE; } stream = php_stream_open_wrapper_ex(data, "rb", REPORT_ERRORS, NULL, DEFAULT_CONTEXT); if (!stream) { /* Stream will report errors opening file */ RETURN_FALSE; } } context = emalloc(ops->context_size); ops->hash_init(context); K = emalloc(ops->block_size); memset(K, 0, ops->block_size); if (key_len > ops->block_size) { /* Reduce the key first */ ops->hash_update(context, (unsigned char *) key, key_len); ops->hash_final((unsigned char *) K, context); /* Make the context ready to start over */ ops->hash_init(context); } else { memcpy(K, key, key_len); } /* XOR ipad */ for(i=0; i < ops->block_size; i++) { K[i] ^= 0x36; } ops->hash_update(context, (unsigned char *) K, ops->block_size); if (isfilename) { char buf[1024]; int n; while ((n = php_stream_read(stream, buf, sizeof(buf))) > 0) { ops->hash_update(context, (unsigned char *) buf, n); } php_stream_close(stream); } else { ops->hash_update(context, (unsigned char *) data, data_len); } digest = emalloc(ops->digest_size + 1); ops->hash_final((unsigned char *) digest, context); /* Convert K to opad -- 0x6A = 0x36 ^ 0x5C */ for(i=0; i < ops->block_size; i++) { K[i] ^= 0x6A; } /* Feed this result into the outter hash */ ops->hash_init(context); ops->hash_update(context, (unsigned char *) K, ops->block_size); ops->hash_update(context, (unsigned char *) digest, ops->digest_size); ops->hash_final((unsigned char *) digest, context); /* Zero the key */ memset(K, 0, ops->block_size); efree(K); efree(context); if (raw_output) { digest[ops->digest_size] = 0; RETURN_STRINGL(digest, ops->digest_size, 0); } else { char *hex_digest = safe_emalloc(ops->digest_size, 2, 1); php_hash_bin2hex(hex_digest, (unsigned char *) digest, ops->digest_size); hex_digest[2 * ops->digest_size] = 0; efree(digest); RETURN_STRINGL(hex_digest, 2 * ops->digest_size, 0); } }