/* {{{ php_parse_user_ini_file
*/
PHPAPI int php_parse_user_ini_file(const char *dirname, char *ini_filename, HashTable *target_hash)
{
zend_stat_t sb;
char ini_file[MAXPATHLEN];
zend_file_handle fh;
snprintf(ini_file, MAXPATHLEN, "%s%c%s", dirname, DEFAULT_SLASH, ini_filename);
if (VCWD_STAT(ini_file, &sb) == 0) {
if (S_ISREG(sb.st_mode)) {
memset(&fh, 0, sizeof(fh));
if ((fh.handle.fp = VCWD_FOPEN(ini_file, "r"))) {
fh.filename = ini_file;
fh.type = ZEND_HANDLE_FP;
/* Reset active ini section */
RESET_ACTIVE_INI_HASH();
if (zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, target_hash) == SUCCESS) {
/* FIXME: Add parsed file to the list of user files read? */
return SUCCESS;
}
return FAILURE;
}
}
}
return FAILURE;
}
static int ps_files_cleanup_dir(const char *dirname, zend_long maxlifetime)
{
DIR *dir;
char dentry[sizeof(struct dirent) + MAXPATHLEN];
struct dirent *entry = (struct dirent *) &dentry;
zend_stat_t sbuf;
char buf[MAXPATHLEN];
time_t now;
int nrdels = 0;
size_t dirname_len;
dir = opendir(dirname);
if (!dir) {
php_error_docref(NULL, E_NOTICE, "ps_files_cleanup_dir: opendir(%s) failed: %s (%d)", dirname, strerror(errno), errno);
return (0);
}
time(&now);
dirname_len = strlen(dirname);
if (dirname_len >= MAXPATHLEN) {
php_error_docref(NULL, E_NOTICE, "ps_files_cleanup_dir: dirname(%s) is too long", dirname);
closedir(dir);
return (0);
}
/* Prepare buffer (dirname never changes) */
memcpy(buf, dirname, dirname_len);
buf[dirname_len] = PHP_DIR_SEPARATOR;
while (php_readdir_r(dir, (struct dirent *) dentry, &entry) == 0 && entry) {
/* does the file start with our prefix? */
if (!strncmp(entry->d_name, FILE_PREFIX, sizeof(FILE_PREFIX) - 1)) {
size_t entry_len = strlen(entry->d_name);
/* does it fit into our buffer? */
if (entry_len + dirname_len + 2 < MAXPATHLEN) {
/* create the full path.. */
memcpy(buf + dirname_len + 1, entry->d_name, entry_len);
/* NUL terminate it and */
buf[dirname_len + entry_len + 1] = '\0';
/* check whether its last access was more than maxlifetime ago */
if (VCWD_STAT(buf, &sbuf) == 0 &&
(now - sbuf.st_mtime) > maxlifetime) {
VCWD_UNLINK(buf);
nrdels++;
}
}
}
}
closedir(dir);
return (nrdels);
}
SAPI_API zend_stat_t *sapi_get_stat(void)
{
if (sapi_module.get_stat) {
return sapi_module.get_stat();
} else {
if (!SG(request_info).path_translated || (VCWD_STAT(SG(request_info).path_translated, &SG(global_stat)) == -1)) {
return NULL;
}
return &SG(global_stat);
}
}
static int ps_files_key_exists(ps_files *data, const char *key)
{
char buf[MAXPATHLEN];
zend_stat_t sbuf;
if (!key || !ps_files_path_create(buf, sizeof(buf), data, key)) {
return FAILURE;
}
if (VCWD_STAT(buf, &sbuf)) {
return FAILURE;
}
return SUCCESS;
}
/* {{{ data_unserialize */
static zval data_unserialize(const char *filename)
{
zval retval;
zend_long len = 0;
zend_stat_t sb;
char *contents, *tmp;
FILE *fp;
php_unserialize_data_t var_hash = {0,};
if(VCWD_STAT(filename, &sb) == -1) {
return EG(uninitialized_zval);
}
fp = fopen(filename, "rb");
len = sizeof(char)*sb.st_size;
tmp = contents = malloc(len);
if(!contents) {
fclose(fp);
return EG(uninitialized_zval);
}
if(fread(contents, 1, len, fp) < 1) {
fclose(fp);
free(contents);
return EG(uninitialized_zval);
}
ZVAL_UNDEF(&retval);
PHP_VAR_UNSERIALIZE_INIT(var_hash);
/* I wish I could use json */
if(!php_var_unserialize(&retval, (const unsigned char**)&tmp, (const unsigned char*)(contents+len), &var_hash)) {
fclose(fp);
free(contents);
return EG(uninitialized_zval);
}
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
free(contents);
fclose(fp);
return retval;
}
/* {{{ proto mixed phpdbg_exec(string context)
Attempt to set the execution context for phpdbg
If the execution context was set previously it is returned
If the execution context was not set previously boolean true is returned
If the request to set the context fails, boolean false is returned, and an E_WARNING raised */
static PHP_FUNCTION(phpdbg_exec)
{
char *exec = NULL;
int exec_len = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &exec, &exec_len) == FAILURE) {
return;
}
{
struct stat sb;
zend_bool result = 1;
if (VCWD_STAT(exec, &sb) != FAILURE) {
if (sb.st_mode & (S_IFREG|S_IFLNK)) {
if (PHPDBG_G(exec)) {
ZVAL_STRINGL(return_value, PHPDBG_G(exec), PHPDBG_G(exec_len), 1);
efree(PHPDBG_G(exec));
result = 0;
}
PHPDBG_G(exec) = estrndup(exec, exec_len);
PHPDBG_G(exec_len) = exec_len;
if (result)
ZVAL_BOOL(return_value, 1);
} else {
zend_error(
E_WARNING, "Failed to set execution context (%s), not a regular file or symlink", exec);
ZVAL_BOOL(return_value, 0);
}
} else {
zend_error(
E_WARNING, "Failed to set execution context (%s) the file does not exist", exec);
ZVAL_BOOL(return_value, 0);
}
}
} /* }}} */
static void php_stat(const char *filename, php_stat_len filename_length, int type, pval *return_value)
{
struct stat *stat_sb;
int rmask=S_IROTH,wmask=S_IWOTH,xmask=S_IXOTH; /* access rights defaults to other */
BLS_FETCH();
stat_sb = &BG(sb);
if (!BG(CurrentStatFile) || strcmp(filename, BG(CurrentStatFile))) {
if (!BG(CurrentStatFile) || filename_length > BG(CurrentStatLength)) {
if (BG(CurrentStatFile)) {
efree(BG(CurrentStatFile));
}
BG(CurrentStatLength) = filename_length;
BG(CurrentStatFile) = estrndup(filename, filename_length);
} else {
memcpy(BG(CurrentStatFile), filename, filename_length+1);
}
#if HAVE_SYMLINK
BG(lsb).st_mode = 0; /* mark lstat buf invalid */
#endif
if (VCWD_STAT(BG(CurrentStatFile), &BG(sb)) == -1) {
if (!IS_LINK_OPERATION() && (type != 15 || errno != ENOENT)) { /* fileexists() test must print no error */
php_error(E_NOTICE,"stat failed for %s (errno=%d - %s)", BG(CurrentStatFile), errno, strerror(errno));
}
efree(BG(CurrentStatFile));
BG(CurrentStatFile) = NULL;
if (!IS_LINK_OPERATION()) { /* Don't require success for link operation */
RETURN_FALSE;
}
}
}
#if HAVE_SYMLINK
if (IS_LINK_OPERATION() && !BG(lsb).st_mode) {
/* do lstat if the buffer is empty */
if (VCWD_LSTAT(filename, &BG(lsb)) == -1) {
php_error(E_NOTICE, "lstat failed for %s (errno=%d - %s)", filename, errno, strerror(errno));
RETURN_FALSE;
}
}
#endif
if (type >= 9 && type <= 11) {
if(BG(sb).st_uid==getuid()) {
rmask=S_IRUSR;
wmask=S_IWUSR;
xmask=S_IXUSR;
} else if(BG(sb).st_gid==getgid()) {
rmask=S_IRGRP;
wmask=S_IWGRP;
xmask=S_IXGRP;
} else {
int groups,n,i;
gid_t *gids;
groups = getgroups(0,NULL);
if(groups) {
gids=(gid_t *)emalloc(groups*sizeof(gid_t));
n=getgroups(groups,gids);
for(i=0;i<n;i++){
if(BG(sb).st_gid==gids[i]) {
rmask=S_IRGRP;
wmask=S_IWGRP;
xmask=S_IXGRP;
break;
}
}
efree(gids);
}
}
}
switch (type) {
case 0: /* fileperms */
RETURN_LONG((long)BG(sb).st_mode);
case 1: /* fileinode */
RETURN_LONG((long)BG(sb).st_ino);
case 2: /* filesize */
RETURN_LONG((long)BG(sb).st_size);
case 3: /* fileowner */
RETURN_LONG((long)BG(sb).st_uid);
case 4: /* filegroup */
RETURN_LONG((long)BG(sb).st_gid);
case 5: /* fileatime */
RETURN_LONG((long)BG(sb).st_atime);
case 6: /* filemtime */
RETURN_LONG((long)BG(sb).st_mtime);
case 7: /* filectime */
RETURN_LONG((long)BG(sb).st_ctime);
case 8: /* filetype */
#if HAVE_SYMLINK
if (S_ISLNK(BG(lsb).st_mode)) {
RETURN_STRING("link",1);
}
#endif
switch(BG(sb).st_mode&S_IFMT) {
case S_IFIFO: RETURN_STRING("fifo",1);
case S_IFCHR: RETURN_STRING("char",1);
case S_IFDIR: RETURN_STRING("dir",1);
case S_IFBLK: RETURN_STRING("block",1);
case S_IFREG: RETURN_STRING("file",1);
#if defined(S_IFSOCK) && !defined(ZEND_WIN32)&&!defined(__BEOS__)
case S_IFSOCK: RETURN_STRING("socket",1);
#endif
}
php_error(E_WARNING,"Unknown file type (%d)",BG(sb).st_mode&S_IFMT);
RETURN_STRING("unknown", 1);
case 9: /*is writable*/
if (getuid()==0) {
RETURN_LONG(1); /* root */
}
RETURN_LONG((BG(sb).st_mode & wmask) != 0);
case 10: /*is readable*/
if (getuid()==0) {
RETURN_LONG(1); /* root */
}
RETURN_LONG((BG(sb).st_mode&rmask)!=0);
case 11: /*is executable*/
if (getuid()==0) {
xmask = S_IXROOT; /* root */
}
RETURN_LONG((BG(sb).st_mode&xmask)!=0 && !S_ISDIR(BG(sb).st_mode));
case 12: /*is file*/
RETURN_LONG(S_ISREG(BG(sb).st_mode));
case 13: /*is dir*/
RETURN_LONG(S_ISDIR(BG(sb).st_mode));
case 14: /*is link*/
#if HAVE_SYMLINK
RETURN_LONG(S_ISLNK(BG(lsb).st_mode));
#else
RETURN_FALSE;
#endif
case 15: /*file exists*/
RETURN_TRUE; /* the false case was done earlier */
case 16: /* lstat */
#if HAVE_SYMLINK
stat_sb = &BG(lsb);
#endif
/* FALLTHROUGH */
case 17: /* stat */
if (array_init(return_value) == FAILURE) {
RETURN_FALSE;
}
add_next_index_long(return_value, stat_sb->st_dev);
add_next_index_long(return_value, stat_sb->st_ino);
add_next_index_long(return_value, stat_sb->st_mode);
add_next_index_long(return_value, stat_sb->st_nlink);
add_next_index_long(return_value, stat_sb->st_uid);
add_next_index_long(return_value, stat_sb->st_gid);
#ifdef HAVE_ST_RDEV
add_next_index_long(return_value, stat_sb->st_rdev);
#else
add_next_index_long(return_value, -1);
#endif
add_next_index_long(return_value, stat_sb->st_size);
add_next_index_long(return_value, stat_sb->st_atime);
add_next_index_long(return_value, stat_sb->st_mtime);
add_next_index_long(return_value, stat_sb->st_ctime);
#ifdef HAVE_ST_BLKSIZE
add_next_index_long(return_value, stat_sb->st_blksize);
#else
add_next_index_long(return_value, -1);
#endif
#ifdef HAVE_ST_BLOCKS
add_next_index_long(return_value, stat_sb->st_blocks);
#else
add_next_index_long(return_value, -1);
#endif
/* Support string references as well as numerical*/
add_assoc_long ( return_value , "dev" , stat_sb->st_dev );
add_assoc_long ( return_value , "ino" , stat_sb->st_ino );
add_assoc_long ( return_value , "mode" , stat_sb->st_mode );
add_assoc_long ( return_value , "nlink" , stat_sb->st_nlink );
add_assoc_long ( return_value , "uid" , stat_sb->st_uid );
add_assoc_long ( return_value , "gid" , stat_sb->st_gid );
#ifdef HAVE_ST_RDEV
add_assoc_long ( return_value, "rdev" , stat_sb->st_rdev );
#endif
#ifdef HAVE_ST_BLKSIZE
add_assoc_long ( return_value , "blksize" , stat_sb->st_blksize );
#endif
add_assoc_long ( return_value , "size" , stat_sb->st_size );
add_assoc_long ( return_value , "atime" , stat_sb->st_atime );
add_assoc_long ( return_value , "mtime" , stat_sb->st_mtime );
add_assoc_long ( return_value , "ctime" , stat_sb->st_ctime );
#ifdef HAVE_ST_BLOCKS
add_assoc_long ( return_value , "blocks" , stat_sb->st_blocks );
#endif
return;
}
php_error(E_WARNING, "didn't understand stat call");
RETURN_FALSE;
}
void phpdbg_list_file(const char *filename, long count, long offset TSRMLS_DC) /* {{{ */
{
unsigned char *mem, *pos, *last_pos, *end_pos;
struct stat st;
#ifndef _WIN32
int fd;
#else
HANDLE fd, map;
#endif
int all_content = (count == 0);
unsigned int line = 0, displayed = 0;
if (VCWD_STAT(filename, &st) == -1) {
phpdbg_error("Failed to stat file %s", filename);
return;
}
#ifndef _WIN32
if ((fd = VCWD_OPEN(filename, O_RDONLY)) == -1) {
phpdbg_error("Failed to open file %s to list", filename);
return;
}
last_pos = mem = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
end_pos = mem + st.st_size;
#else
fd = CreateFile(filename, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
if (fd == INVALID_HANDLE_VALUE) {
phpdbg_error("Failed to open file!");
return;
}
map = CreateFileMapping(fd, NULL, PAGE_EXECUTE_READ, 0, 0, 0);
if (map == NULL) {
phpdbg_error("Failed to map file!");
CloseHandle(fd);
return;
}
last_pos = mem = (char*) MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
if (mem == NULL) {
phpdbg_error("Failed to map file in memory");
CloseHandle(map);
CloseHandle(fd);
return;
}
end_pos = mem + st.st_size;
#endif
while (1) {
pos = memchr(last_pos, '\n', end_pos - last_pos);
if (!pos) {
/* No more line breaks */
break;
}
++line;
if (!offset || offset <= line) {
/* Without offset, or offset reached */
phpdbg_writeln("%05u: %.*s", line, (int)(pos - last_pos), last_pos);
++displayed;
}
last_pos = pos + 1;
if (!all_content && displayed == count) {
/* Reached max line to display */
break;
}
}
#ifndef _WIN32
munmap(mem, st.st_size);
close(fd);
#else
UnmapViewOfFile(mem);
CloseHandle(map);
CloseHandle(fd);
#endif
} /* }}} */
PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
{
int s, r, i=0, fd;
long written, towrite;
int getcaller=0;
char *wbuf;
struct timeval tv;
time_t now;
struct tm tm;
#if defined(AF_UNIX)
struct sockaddr_un saun;
#endif
#ifdef PHP_WIN32
LPTSTR strs[2];
unsigned short etype;
DWORD evid;
#endif
char buf[5000];
char error[5000];
char *ip_address;
char *fname;
char *alertstring;
int lineno;
va_list ap;
TSRMLS_FETCH();
#if PHP_VERSION_ID >= 50500
getcaller = (loglevel & S_GETCALLER) == S_GETCALLER;
#endif
/* remove the S_GETCALLER flag */
loglevel = loglevel & ~S_GETCALLER;
SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script));
/* dump core if wanted */
if (SUHOSIN_G(coredump) && loglevel == S_MEMORY) {
volatile unsigned int *x = 0;
volatile int y = *x;
}
if (SUHOSIN_G(log_use_x_forwarded_for)) {
ip_address = suhosin_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC);
if (ip_address == NULL) {
ip_address = "X-FORWARDED-FOR not set";
}
} else {
ip_address = suhosin_getenv("REMOTE_ADDR", 11 TSRMLS_CC);
if (ip_address == NULL) {
ip_address = "REMOTE_ADDR not set";
}
}
va_start(ap, fmt);
ap_php_vsnprintf(error, sizeof(error), fmt, ap);
va_end(ap);
while (error[i]) {
if (error[i] < 32) error[i] = '.';
i++;
}
if (SUHOSIN_G(simulation)) {
alertstring = "ALERT-SIMULATION";
} else {
alertstring = "ALERT";
}
if (zend_is_executing(TSRMLS_C)) {
zend_execute_data *exdata = EG(current_execute_data);
if (exdata) {
if (getcaller && exdata->prev_execute_data) {
lineno = exdata->prev_execute_data->opline->lineno;
fname = (char *)exdata->prev_execute_data->op_array->filename;
} else {
lineno = exdata->opline->lineno;
fname = (char *)exdata->op_array->filename;
}
} else {
lineno = zend_get_executed_lineno(TSRMLS_C);
fname = (char *)zend_get_executed_filename(TSRMLS_C);
}
ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno);
} else {
fname = suhosin_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC);
if (fname==NULL) {
fname = "unknown";
}
ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname);
}
/* Syslog-Logging disabled? */
if (((SUHOSIN_G(log_syslog)|S_INTERNAL) & loglevel)==0) {
goto log_file;
}
#if defined(AF_UNIX)
ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SUHOSIN_G(log_syslog_facility)|SUHOSIN_G(log_syslog_priority)),getpid(),buf);
s = socket(AF_UNIX, SOCK_DGRAM, 0);
if (s == -1) {
goto log_file;
}
memset(&saun, 0, sizeof(saun));
saun.sun_family = AF_UNIX;
strcpy(saun.sun_path, SYSLOG_PATH);
/*saun.sun_len = sizeof(saun);*/
r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
if (r) {
close(s);
s = socket(AF_UNIX, SOCK_STREAM, 0);
if (s == -1) {
goto log_file;
}
memset(&saun, 0, sizeof(saun));
saun.sun_family = AF_UNIX;
strcpy(saun.sun_path, SYSLOG_PATH);
/*saun.sun_len = sizeof(saun);*/
r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
if (r) {
close(s);
goto log_file;
}
}
send(s, error, strlen(error), 0);
close(s);
#endif
#ifdef PHP_WIN32
ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf);
switch (SUHOSIN_G(log_syslog_priority)) { /* translate UNIX type into NT type */
case 1: /*LOG_ALERT:*/
etype = EVENTLOG_ERROR_TYPE;
break;
case 6: /*LOG_INFO:*/
etype = EVENTLOG_INFORMATION_TYPE;
break;
default:
etype = EVENTLOG_WARNING_TYPE;
}
evid = loglevel;
strs[0] = error;
/* report the event */
if (log_source == NULL) {
log_source = RegisterEventSource(NULL, "Suhosin-" SUHOSIN_EXT_VERSION);
}
ReportEvent(log_source, etype, (unsigned short) SUHOSIN_G(log_syslog_priority), evid, NULL, 1, 0, strs, NULL);
#endif
log_file:
/* File-Logging disabled? */
if ((SUHOSIN_G(log_file) & loglevel)==0) {
goto log_sapi;
}
if (!SUHOSIN_G(log_filename) || !SUHOSIN_G(log_filename)[0]) {
goto log_sapi;
}
fd = open(SUHOSIN_G(log_filename), O_CREAT|O_APPEND|O_WRONLY, 0640);
if (fd == -1) {
suhosin_log(S_INTERNAL, "Unable to open logfile: %s", SUHOSIN_G(log_filename));
return;
}
gettimeofday(&tv, NULL);
now = tv.tv_sec;
php_gmtime_r(&now, &tm);
ap_php_snprintf(error, sizeof(error), "%s %2d %02d:%02d:%02d [%u] %s\n", month_names[tm.tm_mon], tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, getpid(),buf);
towrite = strlen(error);
wbuf = error;
php_flock(fd, LOCK_EX);
while (towrite > 0) {
written = write(fd, wbuf, towrite);
if (written < 0) {
break;
}
towrite -= written;
wbuf += written;
}
php_flock(fd, LOCK_UN);
close(fd);
log_sapi:
/* SAPI Logging activated? */
SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script), SUHOSIN_G(log_phpscript));
if (((SUHOSIN_G(log_sapi)|S_INTERNAL) & loglevel)!=0) {
#if PHP_VERSION_ID < 50400
sapi_module.log_message(buf);
#else
sapi_module.log_message(buf TSRMLS_CC);
#endif
}
if ((SUHOSIN_G(log_stdout) & loglevel)!=0) {
printf("%s\n", buf);
}
/*log_script:*/
/* script logging activaed? */
if (((SUHOSIN_G(log_script) & loglevel)!=0) && SUHOSIN_G(log_scriptname)!=NULL) {
char cmd[8192], *cmdpos, *bufpos;
FILE *in;
int space;
struct stat st;
char *sname = SUHOSIN_G(log_scriptname);
while (isspace(*sname)) ++sname;
if (*sname == 0) goto log_phpscript;
if (VCWD_STAT(sname, &st) < 0) {
suhosin_log(S_INTERNAL, "unable to find logging shell script %s - file dropped", sname);
goto log_phpscript;
}
if (access(sname, X_OK|R_OK) < 0) {
suhosin_log(S_INTERNAL, "logging shell script %s is not executable - file dropped", sname);
goto log_phpscript;
}
/* TODO: clean up this code to calculate size of output dynamically */
ap_php_snprintf(cmd, sizeof(cmd) - 20, "%s %s \'", sname, loglevel2string(loglevel));
space = sizeof(cmd) - strlen(cmd) - 20;
cmdpos = cmd + strlen(cmd);
bufpos = buf;
if (space <= 1) return;
while (space > 2 && *bufpos) {
if (*bufpos == '\'') {
if (space<=5) break;
*cmdpos++ = '\'';
*cmdpos++ = '\\';
*cmdpos++ = '\'';
*cmdpos++ = '\'';
bufpos++;
space-=4;
} else {
*cmdpos++ = *bufpos++;
space--;
}
}
*cmdpos++ = '\'';
*cmdpos++ = ' ';
*cmdpos++ = '2';
*cmdpos++ = '>';
*cmdpos++ = '&';
*cmdpos++ = '1';
*cmdpos = 0;
if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
suhosin_log(S_INTERNAL, "Unable to execute logging shell script: %s", sname);
goto log_phpscript;
}
/* read and forget the result */
while (1) {
int readbytes = fread(cmd, 1, sizeof(cmd), in);
if (readbytes<=0) {
break;
}
if (strncmp(cmd, "sh: ", 4) == 0) {
/* assume this is an error */
suhosin_log(S_INTERNAL, "Error while executing logging shell script: %s", sname);
pclose(in);
goto log_phpscript;
}
}
pclose(in);
}
log_phpscript:
if ((SUHOSIN_G(log_phpscript) & loglevel)!=0 && EG(in_execution) && SUHOSIN_G(log_phpscriptname) && SUHOSIN_G(log_phpscriptname)[0]) {
zend_file_handle file_handle;
zend_op_array *new_op_array;
zval *result = NULL;
long orig_execution_depth = SUHOSIN_G(execution_depth);
#if PHP_VERSION_ID < 50400
zend_bool orig_safe_mode = PG(safe_mode);
#endif
char *orig_basedir = PG(open_basedir);
char *phpscript = SUHOSIN_G(log_phpscriptname);
SDEBUG("scriptname %s", SUHOSIN_G(log_phpscriptname));
#ifdef ZEND_ENGINE_2
if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) {
#else
if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
file_handle.filename = phpscript;
file_handle.free_filename = 0;
#endif
if (!file_handle.opened_path) {
file_handle.opened_path = estrndup(phpscript, strlen(phpscript));
}
new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC);
zend_destroy_file_handle(&file_handle TSRMLS_CC);
if (new_op_array) {
HashTable *active_symbol_table = EG(active_symbol_table);
zval *zerror, *zerror_class;
if (active_symbol_table == NULL) {
active_symbol_table = &EG(symbol_table);
}
EG(return_value_ptr_ptr) = &result;
EG(active_op_array) = new_op_array;
MAKE_STD_ZVAL(zerror);
MAKE_STD_ZVAL(zerror_class);
ZVAL_STRING(zerror, buf, 1);
ZVAL_LONG(zerror_class, loglevel);
zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL);
zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL);
SUHOSIN_G(execution_depth) = 0;
if (SUHOSIN_G(log_phpscript_is_safe)) {
#if PHP_VERSION_ID < 50400
PG(safe_mode) = 0;
#endif
PG(open_basedir) = NULL;
}
zend_execute(new_op_array TSRMLS_CC);
SUHOSIN_G(execution_depth) = orig_execution_depth;
#if PHP_VERSION_ID < 50400
PG(safe_mode) = orig_safe_mode;
#endif
PG(open_basedir) = orig_basedir;
#ifdef ZEND_ENGINE_2
destroy_op_array(new_op_array TSRMLS_CC);
#else
destroy_op_array(new_op_array);
#endif
efree(new_op_array);
#ifdef ZEND_ENGINE_2
if (!EG(exception))
#endif
{
if (EG(return_value_ptr_ptr)) {
zval_ptr_dtor(EG(return_value_ptr_ptr));
EG(return_value_ptr_ptr) = NULL;
}
}
} else {
suhosin_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SUHOSIN_G(log_phpscriptname));
return;
}
} else {
suhosin_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SUHOSIN_G(log_phpscriptname));
return;
}
}
}
ad_keyword_globals->table_size = 0;
}
static ad_keyword_globals_ctor(zend_ad_keyword_globals *ad_keyword_globals TSRMLS_DC) {
FILE *fp;
int file_exists;
int pattern_size = 0;
char buffer[60];
int table_size;
char *tmp_buffer = NULL;
int i = 0;
struct stat file_stat;
const char *file_path = INI_STR("ad_keword.pattern");
file_exists = VCWD_STAT(file_path, &file_stat);
if(file_exists != 0){
php_printf("the file:%s from php.ini not exists!\n", file_path);
return 0;
}
fp = VCWD_FOPEN(file_path, "r");
if (fp == NULL) {
return 1;
}
while (fgets(buffer, 60, fp)) {
tmp_buffer = php_trim(buffer, strlen(buffer), NULL, 0, NULL, 3 TSRMLS_CC);
if (strlen(tmp_buffer)) {
pattern_size++;
}
}
if (0 == pattern_size)
/* {{{ php_init_config
*/
int php_init_config(void)
{
char *php_ini_file_name = NULL;
char *php_ini_search_path = NULL;
int php_ini_scanned_path_len;
char *open_basedir;
int free_ini_search_path = 0;
zend_file_handle fh;
zend_hash_init(&configuration_hash, 8, NULL, config_zval_dtor, 1);
if (sapi_module.ini_defaults) {
sapi_module.ini_defaults(&configuration_hash);
}
zend_llist_init(&extension_lists.engine, sizeof(char *), (llist_dtor_func_t) free_estring, 1);
zend_llist_init(&extension_lists.functions, sizeof(char *), (llist_dtor_func_t) free_estring, 1);
open_basedir = PG(open_basedir);
if (sapi_module.php_ini_path_override) {
php_ini_file_name = sapi_module.php_ini_path_override;
php_ini_search_path = sapi_module.php_ini_path_override;
free_ini_search_path = 0;
} else if (!sapi_module.php_ini_ignore) {
int search_path_size;
char *default_location;
char *env_location;
static const char paths_separator[] = { ZEND_PATHS_SEPARATOR, 0 };
#ifdef PHP_WIN32
char *reg_location;
char phprc_path[MAXPATHLEN];
#endif
env_location = getenv("PHPRC");
#ifdef PHP_WIN32
if (!env_location) {
char dummybuf;
int size;
SetLastError(0);
/*If the given bugger is not large enough to hold the data, the return value is
the buffer size, in characters, required to hold the string and its terminating
null character. We use this return value to alloc the final buffer. */
size = GetEnvironmentVariableA("PHPRC", &dummybuf, 0);
if (GetLastError() == ERROR_ENVVAR_NOT_FOUND) {
/* The environment variable doesn't exist. */
env_location = "";
} else {
if (size == 0) {
env_location = "";
} else {
size = GetEnvironmentVariableA("PHPRC", phprc_path, size);
if (size == 0) {
env_location = "";
} else {
env_location = phprc_path;
}
}
}
}
#else
if (!env_location) {
env_location = "";
}
#endif
/*
* Prepare search path
*/
search_path_size = MAXPATHLEN * 4 + (int)strlen(env_location) + 3 + 1;
php_ini_search_path = (char *) emalloc(search_path_size);
free_ini_search_path = 1;
php_ini_search_path[0] = 0;
/* Add environment location */
if (env_location[0]) {
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, env_location, search_path_size);
php_ini_file_name = env_location;
}
#ifdef PHP_WIN32
/* Add registry location */
reg_location = GetIniPathFromRegistry();
if (reg_location != NULL) {
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, reg_location, search_path_size);
efree(reg_location);
}
#endif
/* Add cwd (not with CLI) */
if (!sapi_module.php_ini_ignore_cwd) {
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, ".", search_path_size);
}
if (PG(php_binary)) {
char *separator_location, *binary_location;
binary_location = estrdup(PG(php_binary));
separator_location = strrchr(binary_location, DEFAULT_SLASH);
if (separator_location && separator_location != binary_location) {
*(separator_location) = 0;
}
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, binary_location, search_path_size);
efree(binary_location);
}
/* Add default location */
#ifdef PHP_WIN32
default_location = (char *) emalloc(MAXPATHLEN + 1);
if (0 < GetWindowsDirectory(default_location, MAXPATHLEN)) {
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, default_location, search_path_size);
}
/* For people running under terminal services, GetWindowsDirectory will
* return their personal Windows directory, so lets add the system
* windows directory too */
if (0 < GetSystemWindowsDirectory(default_location, MAXPATHLEN)) {
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, default_location, search_path_size);
}
efree(default_location);
#else
default_location = PHP_CONFIG_FILE_PATH;
if (*php_ini_search_path) {
strlcat(php_ini_search_path, paths_separator, search_path_size);
}
strlcat(php_ini_search_path, default_location, search_path_size);
#endif
}
PG(open_basedir) = NULL;
/*
* Find and open actual ini file
*/
memset(&fh, 0, sizeof(fh));
/* If SAPI does not want to ignore all ini files OR an overriding file/path is given.
* This allows disabling scanning for ini files in the PHP_CONFIG_FILE_SCAN_DIR but still
* load an optional ini file. */
if (!sapi_module.php_ini_ignore || sapi_module.php_ini_path_override) {
/* Check if php_ini_file_name is a file and can be opened */
if (php_ini_file_name && php_ini_file_name[0]) {
zend_stat_t statbuf;
if (!VCWD_STAT(php_ini_file_name, &statbuf)) {
if (!((statbuf.st_mode & S_IFMT) == S_IFDIR)) {
fh.handle.fp = VCWD_FOPEN(php_ini_file_name, "r");
if (fh.handle.fp) {
fh.filename = php_ini_opened_path = expand_filepath(php_ini_file_name, NULL);
}
}
}
}
/* Otherwise search for php-%sapi-module-name%.ini file in search path */
if (!fh.handle.fp) {
const char *fmt = "php-%s.ini";
char *ini_fname;
spprintf(&ini_fname, 0, fmt, sapi_module.name);
fh.handle.fp = php_fopen_with_path(ini_fname, "r", php_ini_search_path, &php_ini_opened_path);
efree(ini_fname);
if (fh.handle.fp) {
fh.filename = php_ini_opened_path;
}
}
/* If still no ini file found, search for php.ini file in search path */
if (!fh.handle.fp) {
fh.handle.fp = php_fopen_with_path("php.ini", "r", php_ini_search_path, &php_ini_opened_path);
if (fh.handle.fp) {
fh.filename = php_ini_opened_path;
}
}
}
if (free_ini_search_path) {
efree(php_ini_search_path);
}
PG(open_basedir) = open_basedir;
if (fh.handle.fp) {
fh.type = ZEND_HANDLE_FP;
RESET_ACTIVE_INI_HASH();
zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash);
{
zval tmp;
ZVAL_NEW_STR(&tmp, zend_string_init(fh.filename, strlen(fh.filename), 1));
zend_hash_str_update(&configuration_hash, "cfg_file_path", sizeof("cfg_file_path")-1, &tmp);
if (php_ini_opened_path) {
efree(php_ini_opened_path);
}
php_ini_opened_path = zend_strndup(Z_STRVAL(tmp), Z_STRLEN(tmp));
}
}
/* Check for PHP_INI_SCAN_DIR environment variable to override/set config file scan directory */
php_ini_scanned_path = getenv("PHP_INI_SCAN_DIR");
if (!php_ini_scanned_path) {
/* Or fall back using possible --with-config-file-scan-dir setting (defaults to empty string!) */
php_ini_scanned_path = PHP_CONFIG_FILE_SCAN_DIR;
}
php_ini_scanned_path_len = (int)strlen(php_ini_scanned_path);
/* Scan and parse any .ini files found in scan path if path not empty. */
if (!sapi_module.php_ini_ignore && php_ini_scanned_path_len) {
struct dirent **namelist;
int ndir, i;
zend_stat_t sb;
char ini_file[MAXPATHLEN];
char *p;
zend_file_handle fh2;
zend_llist scanned_ini_list;
zend_llist_element *element;
int l, total_l = 0;
char *bufpath, *debpath, *endpath;
int lenpath;
zend_llist_init(&scanned_ini_list, sizeof(char *), (llist_dtor_func_t) free_estring, 1);
memset(&fh2, 0, sizeof(fh2));
bufpath = estrdup(php_ini_scanned_path);
for (debpath = bufpath ; debpath ; debpath=endpath) {
endpath = strchr(debpath, DEFAULT_DIR_SEPARATOR);
if (endpath) {
*(endpath++) = 0;
}
if (!debpath[0]) {
/* empty string means default builtin value
to allow "/foo/phd.d:" or ":/foo/php.d" */
debpath = PHP_CONFIG_FILE_SCAN_DIR;
}
lenpath = (int)strlen(debpath);
if (lenpath > 0 && (ndir = php_scandir(debpath, &namelist, 0, php_alphasort)) > 0) {
for (i = 0; i < ndir; i++) {
/* check for any file with .ini extension */
if (!(p = strrchr(namelist[i]->d_name, '.')) || (p && strcmp(p, ".ini"))) {
free(namelist[i]);
continue;
}
/* Reset active ini section */
RESET_ACTIVE_INI_HASH();
if (IS_SLASH(debpath[lenpath - 1])) {
snprintf(ini_file, MAXPATHLEN, "%s%s", debpath, namelist[i]->d_name);
} else {
snprintf(ini_file, MAXPATHLEN, "%s%c%s", debpath, DEFAULT_SLASH, namelist[i]->d_name);
}
if (VCWD_STAT(ini_file, &sb) == 0) {
if (S_ISREG(sb.st_mode)) {
if ((fh2.handle.fp = VCWD_FOPEN(ini_file, "r"))) {
fh2.filename = ini_file;
fh2.type = ZEND_HANDLE_FP;
if (zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash) == SUCCESS) {
/* Here, add it to the list of ini files read */
l = (int)strlen(ini_file);
total_l += l + 2;
p = estrndup(ini_file, l);
zend_llist_add_element(&scanned_ini_list, &p);
}
}
}
}
free(namelist[i]);
}
free(namelist);
}
}
efree(bufpath);
if (total_l) {
int php_ini_scanned_files_len = (php_ini_scanned_files) ? (int)strlen(php_ini_scanned_files) + 1 : 0;
php_ini_scanned_files = (char *) realloc(php_ini_scanned_files, php_ini_scanned_files_len + total_l + 1);
if (!php_ini_scanned_files_len) {
*php_ini_scanned_files = '\0';
}
total_l += php_ini_scanned_files_len;
for (element = scanned_ini_list.head; element; element = element->next) {
if (php_ini_scanned_files_len) {
strlcat(php_ini_scanned_files, ",\n", total_l);
}
strlcat(php_ini_scanned_files, *(char **)element->data, total_l);
strlcat(php_ini_scanned_files, element->next ? ",\n" : "\n", total_l);
}
}
zend_llist_destroy(&scanned_ini_list);
} else {
/* Make sure an empty php_ini_scanned_path ends up as NULL */
php_ini_scanned_path = NULL;
}
if (sapi_module.ini_entries) {
/* Reset active ini section */
RESET_ACTIVE_INI_HASH();
zend_parse_ini_string(sapi_module.ini_entries, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash);
}
return SUCCESS;
}
PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mode, int flags)
{
struct stat sb;
int ret, nofile=0;
long uid=0L, gid=0L, duid=0L, dgid=0L;
char path[MAXPATHLEN];
char *s, filenamecopy[MAXPATHLEN];
TSRMLS_FETCH();
path[0] = '\0';
if (!filename) {
return 0; /* path must be provided */
}
if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) {
return 0;
}
filename=(char *)&filenamecopy;
if (fopen_mode) {
if (fopen_mode[0] == 'r') {
mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;
} else {
mode = CHECKUID_CHECK_FILE_AND_DIR;
}
}
/* First we see if the file is owned by the same user...
* If that fails, passthrough and check directory...
*/
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
#if HAVE_BROKEN_GETCWD
char ftest[MAXPATHLEN];
strcpy(ftest, filename);
if (VCWD_GETCWD(ftest, sizeof(ftest)) == NULL) {
strcpy(path, filename);
} else
#endif
expand_filepath(filename, path TSRMLS_CC);
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
}
return 0;
} else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
}
return 1;
}
nofile = 1;
} else {
uid = sb.st_uid;
gid = sb.st_gid;
if (uid == php_getuid()) {
return 1;
} else if (PG(safe_mode_gid) && gid == php_getgid()) {
return 1;
}
}
/* Trim off filename */
if ((s = strrchr(path, DEFAULT_SLASH))) {
if (*(s + 1) == '\0' && s != path) { /* make sure that the / is not the last character */
*s = '\0';
s = strrchr(path, DEFAULT_SLASH);
}
if (s) {
if (s == path) {
path[1] = '\0';
} else {
*s = '\0';
}
}
}
} else { /* CHECKUID_ALLOW_ONLY_DIR */
s = strrchr(filename, DEFAULT_SLASH);
if (s == filename) {
/* root dir */
path[0] = DEFAULT_SLASH;
path[1] = '\0';
} else if (s && *(s + 1) != '\0') { /* make sure that the / is not the last character */
*s = '\0';
VCWD_REALPATH(filename, path);
*s = DEFAULT_SLASH;
} else {
/* Under Solaris, getcwd() can fail if there are no
* read permissions on a component of the path, even
* though it has the required x permissions */
path[0] = '.';
path[1] = '\0';
VCWD_GETCWD(path, sizeof(path));
}
} /* end CHECKUID_ALLOW_ONLY_DIR */
if (mode != CHECKUID_ALLOW_ONLY_FILE) {
/* check directory */
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
}
return 0;
}
duid = sb.st_uid;
dgid = sb.st_gid;
if (duid == php_getuid()) {
return 1;
} else if (PG(safe_mode_gid) && dgid == php_getgid()) {
return 1;
} else {
if (SG(rfc1867_uploaded_files)) {
if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, strlen(filename)+1)) {
return 1;
}
}
}
}
if (mode == CHECKUID_ALLOW_ONLY_DIR) {
uid = duid;
gid = dgid;
if (s) {
*s = 0;
}
}
if (nofile) {
uid = duid;
gid = dgid;
filename = path;
}
if ((flags & CHECKUID_NO_ERRORS) == 0) {
if (PG(safe_mode_gid)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(), filename, uid);
}
}
return 0;
}
