zend_op_array *pm9screw_compile_file(zend_file_handle *file_handle, int type TSRMLS_DC)
{
FILE *fp;
char buf[PM9SCREW_LEN + 1];
char fname[32];
char *buffer, *res;
size_t size, res_size;
memset(fname, 0, sizeof fname);
if (zend_is_executing(TSRMLS_C)) {
if (get_active_function_name(TSRMLS_C)) {
strncpy(fname, get_active_function_name(TSRMLS_C), sizeof fname - 2);
}
}
if (fname[0]) {
#ifdef WIN32
if (_stricmp(fname, "show_source") == 0
|| _stricmp(fname, "highlight_file") == 0) {
return NULL;
}
#else
if (strcasecmp(fname, "show_source") == 0
|| strcasecmp(fname, "highlight_file") == 0) {
return NULL;
}
#endif
}
fp = fopen(file_handle->filename, "rb");
if (!fp) {
return org_compile_file(file_handle, type TSRMLS_CC);
}
fread(buf, PM9SCREW_LEN, 1, fp);
if (memcmp(buf, PM9SCREW, PM9SCREW_LEN) != 0) {
printf("not a crypted file.\r\n");
fclose(fp);
return org_compile_file(file_handle, type TSRMLS_CC);
}
res = pm9screw_ext_fopen(fp);
res_size = strlen(res);
if (zend_stream_fixup(file_handle, &buffer, &size TSRMLS_CC) == FAILURE) {
return NULL;
}
file_handle->handle.stream.mmap.buf = res;
file_handle->handle.stream.mmap.len = res_size;
file_handle->handle.stream.closer = NULL;
return org_compile_file(file_handle, type TSRMLS_CC);
}
void psi_error_wrapper(struct psi_data *context, struct psi_token *t, int type, const char *msg, ...)
{
va_list argv;
const char *fn = NULL;
unsigned ln = 0;
if (context) {
if (context->flags & PSI_SILENT) {
/* context->last_error may be an argument to print */
char error[sizeof(context->last_error)];
va_start(argv, msg);
vslprintf(error, sizeof(error), msg, argv);
va_end(argv);
memcpy(context->last_error, error,
sizeof(context->last_error));
return;
}
}
if (t) {
fn = t->file->val;
ln = t->line;
} else if (zend_is_executing()) {
fn = zend_get_executed_filename();
ln = zend_get_executed_lineno();
} else if (zend_is_compiling()) {
fn = zend_get_compiled_filename()->val;
ln = zend_get_compiled_lineno();
} else {
fn = "PSI module startup";
}
va_start(argv, msg);
psi_verror(type, fn, ln, msg, argv);
va_end(argv);
va_start(argv, msg);
PSI_DEBUG_LOCK(context,
PSI_DEBUG_PRINTV(context, msg, argv);
PSI_DEBUG_PRINT(context, "\n");
);
static void xsl_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int type) /* {{{ */
{
xsltTransformContextPtr tctxt;
zval *args;
zval retval;
int result, i;
int error = 0;
zend_fcall_info fci;
zval handler;
xmlXPathObjectPtr obj;
char *str;
xsl_object *intern;
zend_string *callable = NULL;
if (! zend_is_executing()) {
xsltGenericError(xsltGenericErrorContext,
"xsltExtFunctionTest: Function called from outside of PHP\n");
error = 1;
} else {
tctxt = xsltXPathGetTransformContext(ctxt);
if (tctxt == NULL) {
xsltGenericError(xsltGenericErrorContext,
"xsltExtFunctionTest: failed to get the transformation context\n");
error = 1;
} else {
intern = (xsl_object*)tctxt->_private;
if (intern == NULL) {
xsltGenericError(xsltGenericErrorContext,
"xsltExtFunctionTest: failed to get the internal object\n");
error = 1;
}
else if (intern->registerPhpFunctions == 0) {
xsltGenericError(xsltGenericErrorContext,
"xsltExtFunctionTest: PHP Object did not register PHP functions\n");
error = 1;
}
}
}
if (error == 1) {
for (i = nargs - 1; i >= 0; i--) {
obj = valuePop(ctxt);
xmlXPathFreeObject(obj);
}
return;
}
fci.param_count = nargs - 1;
if (fci.param_count > 0) {
args = safe_emalloc(fci.param_count, sizeof(zval), 0);
}
/* Reverse order to pop values off ctxt stack */
for (i = nargs - 2; i >= 0; i--) {
obj = valuePop(ctxt);
switch (obj->type) {
case XPATH_STRING:
ZVAL_STRING(&args[i], (char *)obj->stringval);
break;
case XPATH_BOOLEAN:
ZVAL_BOOL(&args[i], obj->boolval);
break;
case XPATH_NUMBER:
ZVAL_DOUBLE(&args[i], obj->floatval);
break;
case XPATH_NODESET:
if (type == 1) {
str = (char*)xmlXPathCastToString(obj);
ZVAL_STRING(&args[i], str);
xmlFree(str);
} else if (type == 2) {
int j;
dom_object *domintern = (dom_object *)intern->doc;
array_init(&args[i]);
if (obj->nodesetval && obj->nodesetval->nodeNr > 0) {
for (j = 0; j < obj->nodesetval->nodeNr; j++) {
xmlNodePtr node = obj->nodesetval->nodeTab[j];
zval child;
/* not sure, if we need this... it's copied from xpath.c */
if (node->type == XML_NAMESPACE_DECL) {
xmlNsPtr curns;
xmlNodePtr nsparent;
nsparent = node->_private;
curns = xmlNewNs(NULL, node->name, NULL);
if (node->children) {
curns->prefix = xmlStrdup((char *)node->children);
}
if (node->children) {
node = xmlNewDocNode(node->doc, NULL, (char *) node->children, node->name);
} else {
node = xmlNewDocNode(node->doc, NULL, (const xmlChar *) "xmlns", node->name);
}
node->type = XML_NAMESPACE_DECL;
node->parent = nsparent;
node->ns = curns;
} else {
node = xmlDocCopyNodeList(domintern->document->ptr, node);
}
php_dom_create_object(node, &child, domintern);
add_next_index_zval(&args[i], &child);
}
}
}
break;
default:
str = (char *) xmlXPathCastToString(obj);
ZVAL_STRING(&args[i], str);
xmlFree(str);
}
xmlXPathFreeObject(obj);
}
fci.size = sizeof(fci);
fci.function_table = EG(function_table);
if (fci.param_count > 0) {
fci.params = args;
} else {
fci.params = NULL;
}
obj = valuePop(ctxt);
if (obj->stringval == NULL) {
php_error_docref(NULL, E_WARNING, "Handler name must be a string");
xmlXPathFreeObject(obj);
valuePush(ctxt, xmlXPathNewString((const xmlChar *) ""));
if (fci.param_count > 0) {
for (i = 0; i < nargs - 1; i++) {
zval_ptr_dtor(&args[i]);
}
efree(args);
}
return;
}
ZVAL_STRING(&handler, (char *) obj->stringval);
xmlXPathFreeObject(obj);
ZVAL_COPY_VALUE(&fci.function_name, &handler);
fci.symbol_table = NULL;
fci.object = NULL;
fci.retval = &retval;
fci.no_separation = 0;
/*fci.function_handler_cache = &function_ptr;*/
if (!zend_make_callable(&handler, &callable)) {
php_error_docref(NULL, E_WARNING, "Unable to call handler %s()", ZSTR_VAL(callable));
valuePush(ctxt, xmlXPathNewString((const xmlChar *) ""));
} else if ( intern->registerPhpFunctions == 2 && zend_hash_exists(intern->registered_phpfunctions, callable) == 0) {
php_error_docref(NULL, E_WARNING, "Not allowed to call handler '%s()'", ZSTR_VAL(callable));
/* Push an empty string, so that we at least have an xslt result... */
valuePush(ctxt, xmlXPathNewString((const xmlChar *) ""));
} else {
result = zend_call_function(&fci, NULL);
if (result == FAILURE) {
if (Z_TYPE(handler) == IS_STRING) {
php_error_docref(NULL, E_WARNING, "Unable to call handler %s()", Z_STRVAL(handler));
valuePush(ctxt, xmlXPathNewString((const xmlChar *) ""));
}
/* retval is == NULL, when an exception occurred, don't report anything, because PHP itself will handle that */
} else if (Z_ISUNDEF(retval)) {
} else {
if (Z_TYPE(retval) == IS_OBJECT && instanceof_function(Z_OBJCE(retval), dom_node_class_entry)) {
xmlNode *nodep;
dom_object *obj;
if (intern->node_list == NULL) {
ALLOC_HASHTABLE(intern->node_list);
zend_hash_init(intern->node_list, 0, NULL, ZVAL_PTR_DTOR, 0);
}
Z_ADDREF(retval);
zend_hash_next_index_insert(intern->node_list, &retval);
obj = Z_DOMOBJ_P(&retval);
nodep = dom_object_get_node(obj);
valuePush(ctxt, xmlXPathNewNodeSet(nodep));
} else if (Z_TYPE(retval) == IS_TRUE || Z_TYPE(retval) == IS_FALSE) {
valuePush(ctxt, xmlXPathNewBoolean(Z_LVAL(retval)));
} else if (Z_TYPE(retval) == IS_OBJECT) {
php_error_docref(NULL, E_WARNING, "A PHP Object cannot be converted to a XPath-string");
valuePush(ctxt, xmlXPathNewString((const xmlChar *) ""));
} else {
convert_to_string_ex(&retval);
valuePush(ctxt, xmlXPathNewString((xmlChar *) Z_STRVAL(retval)));
}
zval_ptr_dtor(&retval);
}
}
zend_string_release(callable);
zval_ptr_dtor(&handler);
if (fci.param_count > 0) {
for (i = 0; i < nargs - 1; i++) {
zval_ptr_dtor(&args[i]);
}
efree(args);
}
}
static void dom_xpath_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int type) /* {{{ */
{
zval retval;
int result, i;
int error = 0;
zend_fcall_info fci;
xmlXPathObjectPtr obj;
char *str;
zend_string *callable = NULL;
dom_xpath_object *intern;
if (! zend_is_executing()) {
xmlGenericError(xmlGenericErrorContext,
"xmlExtFunctionTest: Function called from outside of PHP\n");
error = 1;
} else {
intern = (dom_xpath_object *) ctxt->context->userData;
if (intern == NULL) {
xmlGenericError(xmlGenericErrorContext,
"xmlExtFunctionTest: failed to get the internal object\n");
error = 1;
}
else if (intern->registerPhpFunctions == 0) {
xmlGenericError(xmlGenericErrorContext,
"xmlExtFunctionTest: PHP Object did not register PHP functions\n");
error = 1;
}
}
if (error == 1) {
for (i = nargs - 1; i >= 0; i--) {
obj = valuePop(ctxt);
xmlXPathFreeObject(obj);
}
return;
}
fci.param_count = nargs - 1;
if (fci.param_count > 0) {
fci.params = safe_emalloc(fci.param_count, sizeof(zval), 0);
}
/* Reverse order to pop values off ctxt stack */
for (i = nargs - 2; i >= 0; i--) {
obj = valuePop(ctxt);
switch (obj->type) {
case XPATH_STRING:
ZVAL_STRING(&fci.params[i], (char *)obj->stringval);
break;
case XPATH_BOOLEAN:
ZVAL_BOOL(&fci.params[i], obj->boolval);
break;
case XPATH_NUMBER:
ZVAL_DOUBLE(&fci.params[i], obj->floatval);
break;
case XPATH_NODESET:
if (type == 1) {
str = (char *)xmlXPathCastToString(obj);
ZVAL_STRING(&fci.params[i], str);
xmlFree(str);
} else if (type == 2) {
int j;
array_init(&fci.params[i]);
if (obj->nodesetval && obj->nodesetval->nodeNr > 0) {
for (j = 0; j < obj->nodesetval->nodeNr; j++) {
xmlNodePtr node = obj->nodesetval->nodeTab[j];
zval child;
/* not sure, if we need this... it's copied from xpath.c */
if (node->type == XML_NAMESPACE_DECL) {
xmlNsPtr curns;
xmlNodePtr nsparent;
nsparent = node->_private;
curns = xmlNewNs(NULL, node->name, NULL);
if (node->children) {
curns->prefix = xmlStrdup((xmlChar *) node->children);
}
if (node->children) {
node = xmlNewDocNode(node->doc, NULL, (xmlChar *) node->children, node->name);
} else {
node = xmlNewDocNode(node->doc, NULL, (xmlChar *) "xmlns", node->name);
}
node->type = XML_NAMESPACE_DECL;
node->parent = nsparent;
node->ns = curns;
}
php_dom_create_object(node, &child, &intern->dom);
add_next_index_zval(&fci.params[i], &child);
}
}
}
break;
default:
ZVAL_STRING(&fci.params[i], (char *)xmlXPathCastToString(obj));
}
xmlXPathFreeObject(obj);
}
fci.size = sizeof(fci);
fci.function_table = EG(function_table);
obj = valuePop(ctxt);
if (obj->stringval == NULL) {
php_error_docref(NULL, E_WARNING, "Handler name must be a string");
xmlXPathFreeObject(obj);
if (fci.param_count > 0) {
for (i = 0; i < nargs - 1; i++) {
zval_ptr_dtor(&fci.params[i]);
}
efree(fci.params);
}
return;
}
ZVAL_STRING(&fci.function_name, (char *) obj->stringval);
xmlXPathFreeObject(obj);
fci.symbol_table = NULL;
fci.object = NULL;
fci.retval = &retval;
fci.no_separation = 0;
if (!zend_make_callable(&fci.function_name, &callable)) {
php_error_docref(NULL, E_WARNING, "Unable to call handler %s()", callable->val);
} else if (intern->registerPhpFunctions == 2 && zend_hash_exists(intern->registered_phpfunctions, callable) == 0) {
php_error_docref(NULL, E_WARNING, "Not allowed to call handler '%s()'.", callable->val);
/* Push an empty string, so that we at least have an xslt result... */
valuePush(ctxt, xmlXPathNewString((xmlChar *)""));
} else {
result = zend_call_function(&fci, NULL);
if (result == SUCCESS && Z_TYPE(retval) != IS_UNDEF) {
if (Z_TYPE(retval) == IS_OBJECT && instanceof_function(Z_OBJCE(retval), dom_node_class_entry)) {
xmlNode *nodep;
dom_object *obj;
if (intern->node_list == NULL) {
ALLOC_HASHTABLE(intern->node_list);
zend_hash_init(intern->node_list, 0, NULL, ZVAL_PTR_DTOR, 0);
}
GC_REFCOUNT(&retval)++;
zend_hash_next_index_insert(intern->node_list, &retval);
obj = Z_DOMOBJ_P(&retval);
nodep = dom_object_get_node(obj);
valuePush(ctxt, xmlXPathNewNodeSet(nodep));
} else if (Z_TYPE(retval) == IS_FALSE || Z_TYPE(retval) == IS_TRUE) {
valuePush(ctxt, xmlXPathNewBoolean(Z_TYPE(retval) == IS_TRUE));
} else if (Z_TYPE(retval) == IS_OBJECT) {
php_error_docref(NULL, E_WARNING, "A PHP Object cannot be converted to a XPath-string");
valuePush(ctxt, xmlXPathNewString((xmlChar *)""));
} else {
zend_string *str = zval_get_string(&retval);
valuePush(ctxt, xmlXPathNewString((xmlChar *) str->val));
zend_string_release(str);
}
zval_ptr_dtor(&retval);
}
}
zend_string_release(callable);
zval_dtor(&fci.function_name);
if (fci.param_count > 0) {
for (i = 0; i < nargs - 1; i++) {
zval_ptr_dtor(&fci.params[i]);
}
efree(fci.params);
}
}
/* {{{ php_fopen_with_path
* Tries to open a file with a PATH-style list of directories.
* If the filename starts with "." or "/", the path is ignored.
*/
PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, zend_string **opened_path)
{
char *pathbuf, *ptr, *end;
char trypath[MAXPATHLEN];
FILE *fp;
int filename_length;
zend_string *exec_filename;
if (opened_path) {
*opened_path = NULL;
}
if (!filename) {
return NULL;
}
filename_length = (int)strlen(filename);
#ifndef PHP_WIN32
(void) filename_length;
#endif
/* Relative path open */
if ((*filename == '.')
/* Absolute path open */
|| IS_ABSOLUTE_PATH(filename, filename_length)
|| (!path || (path && !*path))
) {
return php_fopen_and_set_opened_path(filename, mode, opened_path);
}
/* check in provided path */
/* append the calling scripts' current working directory
* as a fall back case
*/
if (zend_is_executing() &&
(exec_filename = zend_get_executed_filename_ex()) != NULL) {
const char *exec_fname = exec_filename->val;
size_t exec_fname_length = exec_filename->len;
while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length]));
if ((exec_fname && exec_fname[0] == '[') || exec_fname_length <= 0) {
/* [no active file] or no path */
pathbuf = estrdup(path);
} else {
size_t path_length = strlen(path);
pathbuf = (char *) emalloc(exec_fname_length + path_length + 1 + 1);
memcpy(pathbuf, path, path_length);
pathbuf[path_length] = DEFAULT_DIR_SEPARATOR;
memcpy(pathbuf + path_length + 1, exec_fname, exec_fname_length);
pathbuf[path_length + exec_fname_length + 1] = '\0';
}
} else {
pathbuf = estrdup(path);
}
ptr = pathbuf;
while (ptr && *ptr) {
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
if (end != NULL) {
*end = '\0';
end++;
}
if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
php_error_docref(NULL, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
}
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path);
if (fp) {
efree(pathbuf);
return fp;
}
ptr = end;
} /* end provided path */
efree(pathbuf);
return NULL;
}
/* {{{ php_resolve_path
* Returns the realpath for given filename according to include path
*/
PHPAPI zend_string *php_resolve_path(const char *filename, int filename_length, const char *path)
{
char resolved_path[MAXPATHLEN];
char trypath[MAXPATHLEN];
const char *ptr, *end, *p;
const char *actual_path;
php_stream_wrapper *wrapper;
zend_string *exec_filename;
if (!filename || CHECK_NULL_PATH(filename, filename_length)) {
return NULL;
}
/* Don't resolve paths which contain protocol (except of file://) */
for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (wrapper == &php_plain_files_wrapper) {
if (tsrm_realpath(actual_path, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
}
}
return NULL;
}
if ((*filename == '.' &&
(IS_SLASH(filename[1]) ||
((filename[1] == '.') && IS_SLASH(filename[2])))) ||
IS_ABSOLUTE_PATH(filename, filename_length) ||
!path ||
!*path) {
if (tsrm_realpath(filename, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
} else {
return NULL;
}
}
ptr = path;
while (ptr && *ptr) {
/* Check for stream wrapper */
int is_stream_wrapper = 0;
for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
/* .:// or ..:// is not a stream wrapper */
if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
p += 3;
is_stream_wrapper = 1;
}
}
end = strchr(p, DEFAULT_DIR_SEPARATOR);
if (end) {
if ((end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) {
ptr = end + 1;
continue;
}
memcpy(trypath, ptr, end-ptr);
trypath[end-ptr] = '/';
memcpy(trypath+(end-ptr)+1, filename, filename_length+1);
ptr = end+1;
} else {
int len = (int)strlen(ptr);
if (len + 1 + filename_length + 1 >= MAXPATHLEN) {
break;
}
memcpy(trypath, ptr, len);
trypath[len] = '/';
memcpy(trypath+len+1, filename, filename_length+1);
ptr = NULL;
}
actual_path = trypath;
if (is_stream_wrapper) {
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (!wrapper) {
continue;
} else if (wrapper != &php_plain_files_wrapper) {
if (wrapper->wops->url_stat) {
php_stream_statbuf ssb;
if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) {
return zend_string_init(trypath, strlen(trypath), 0);
}
}
continue;
}
}
if (tsrm_realpath(actual_path, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
}
} /* end provided path */
/* check in calling scripts' current working directory as a fall back case
*/
if (zend_is_executing() &&
(exec_filename = zend_get_executed_filename_ex()) != NULL) {
const char *exec_fname = exec_filename->val;
size_t exec_fname_length = exec_filename->len;
while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length]));
if (exec_fname_length > 0 &&
exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) {
memcpy(trypath, exec_fname, exec_fname_length + 1);
memcpy(trypath+exec_fname_length + 1, filename, filename_length+1);
actual_path = trypath;
/* Check for stream wrapper */
for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (!wrapper) {
return NULL;
} else if (wrapper != &php_plain_files_wrapper) {
if (wrapper->wops->url_stat) {
php_stream_statbuf ssb;
if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) {
return zend_string_init(trypath, strlen(trypath), 0);
}
}
return NULL;
}
}
if (tsrm_realpath(actual_path, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
}
}
}
return NULL;
}
PHP_SUHOSIN_API void suhosin_log(int loglevel, char *fmt, ...)
{
int s, r, i=0, fd;
long written, towrite;
int getcaller=0;
char *wbuf;
struct timeval tv;
time_t now;
struct tm tm;
#if defined(AF_UNIX)
struct sockaddr_un saun;
#endif
#ifdef PHP_WIN32
LPTSTR strs[2];
unsigned short etype;
DWORD evid;
#endif
char buf[5000];
char error[5000];
char *ip_address;
char *fname;
char *alertstring;
int lineno;
va_list ap;
TSRMLS_FETCH();
#if PHP_VERSION_ID >= 50500
getcaller = (loglevel & S_GETCALLER) == S_GETCALLER;
#endif
/* remove the S_GETCALLER flag */
loglevel = loglevel & ~S_GETCALLER;
SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script));
/* dump core if wanted */
if (SUHOSIN_G(coredump) && loglevel == S_MEMORY) {
volatile unsigned int *x = 0;
volatile int y = *x;
}
if (SUHOSIN_G(log_use_x_forwarded_for)) {
ip_address = suhosin_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC);
if (ip_address == NULL) {
ip_address = "X-FORWARDED-FOR not set";
}
} else {
ip_address = suhosin_getenv("REMOTE_ADDR", 11 TSRMLS_CC);
if (ip_address == NULL) {
ip_address = "REMOTE_ADDR not set";
}
}
va_start(ap, fmt);
ap_php_vsnprintf(error, sizeof(error), fmt, ap);
va_end(ap);
while (error[i]) {
if (error[i] < 32) error[i] = '.';
i++;
}
if (SUHOSIN_G(simulation)) {
alertstring = "ALERT-SIMULATION";
} else {
alertstring = "ALERT";
}
if (zend_is_executing(TSRMLS_C)) {
zend_execute_data *exdata = EG(current_execute_data);
if (exdata) {
if (getcaller && exdata->prev_execute_data) {
lineno = exdata->prev_execute_data->opline->lineno;
fname = (char *)exdata->prev_execute_data->op_array->filename;
} else {
lineno = exdata->opline->lineno;
fname = (char *)exdata->op_array->filename;
}
} else {
lineno = zend_get_executed_lineno(TSRMLS_C);
fname = (char *)zend_get_executed_filename(TSRMLS_C);
}
ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno);
} else {
fname = suhosin_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC);
if (fname==NULL) {
fname = "unknown";
}
ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname);
}
/* Syslog-Logging disabled? */
if (((SUHOSIN_G(log_syslog)|S_INTERNAL) & loglevel)==0) {
goto log_file;
}
#if defined(AF_UNIX)
ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SUHOSIN_G(log_syslog_facility)|SUHOSIN_G(log_syslog_priority)),getpid(),buf);
s = socket(AF_UNIX, SOCK_DGRAM, 0);
if (s == -1) {
goto log_file;
}
memset(&saun, 0, sizeof(saun));
saun.sun_family = AF_UNIX;
strcpy(saun.sun_path, SYSLOG_PATH);
/*saun.sun_len = sizeof(saun);*/
r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
if (r) {
close(s);
s = socket(AF_UNIX, SOCK_STREAM, 0);
if (s == -1) {
goto log_file;
}
memset(&saun, 0, sizeof(saun));
saun.sun_family = AF_UNIX;
strcpy(saun.sun_path, SYSLOG_PATH);
/*saun.sun_len = sizeof(saun);*/
r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
if (r) {
close(s);
goto log_file;
}
}
send(s, error, strlen(error), 0);
close(s);
#endif
#ifdef PHP_WIN32
ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf);
switch (SUHOSIN_G(log_syslog_priority)) { /* translate UNIX type into NT type */
case 1: /*LOG_ALERT:*/
etype = EVENTLOG_ERROR_TYPE;
break;
case 6: /*LOG_INFO:*/
etype = EVENTLOG_INFORMATION_TYPE;
break;
default:
etype = EVENTLOG_WARNING_TYPE;
}
evid = loglevel;
strs[0] = error;
/* report the event */
if (log_source == NULL) {
log_source = RegisterEventSource(NULL, "Suhosin-" SUHOSIN_EXT_VERSION);
}
ReportEvent(log_source, etype, (unsigned short) SUHOSIN_G(log_syslog_priority), evid, NULL, 1, 0, strs, NULL);
#endif
log_file:
/* File-Logging disabled? */
if ((SUHOSIN_G(log_file) & loglevel)==0) {
goto log_sapi;
}
if (!SUHOSIN_G(log_filename) || !SUHOSIN_G(log_filename)[0]) {
goto log_sapi;
}
fd = open(SUHOSIN_G(log_filename), O_CREAT|O_APPEND|O_WRONLY, 0640);
if (fd == -1) {
suhosin_log(S_INTERNAL, "Unable to open logfile: %s", SUHOSIN_G(log_filename));
return;
}
gettimeofday(&tv, NULL);
now = tv.tv_sec;
php_gmtime_r(&now, &tm);
ap_php_snprintf(error, sizeof(error), "%s %2d %02d:%02d:%02d [%u] %s\n", month_names[tm.tm_mon], tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, getpid(),buf);
towrite = strlen(error);
wbuf = error;
php_flock(fd, LOCK_EX);
while (towrite > 0) {
written = write(fd, wbuf, towrite);
if (written < 0) {
break;
}
towrite -= written;
wbuf += written;
}
php_flock(fd, LOCK_UN);
close(fd);
log_sapi:
/* SAPI Logging activated? */
SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script), SUHOSIN_G(log_phpscript));
if (((SUHOSIN_G(log_sapi)|S_INTERNAL) & loglevel)!=0) {
#if PHP_VERSION_ID < 50400
sapi_module.log_message(buf);
#else
sapi_module.log_message(buf TSRMLS_CC);
#endif
}
if ((SUHOSIN_G(log_stdout) & loglevel)!=0) {
printf("%s\n", buf);
}
/*log_script:*/
/* script logging activaed? */
if (((SUHOSIN_G(log_script) & loglevel)!=0) && SUHOSIN_G(log_scriptname)!=NULL) {
char cmd[8192], *cmdpos, *bufpos;
FILE *in;
int space;
struct stat st;
char *sname = SUHOSIN_G(log_scriptname);
while (isspace(*sname)) ++sname;
if (*sname == 0) goto log_phpscript;
if (VCWD_STAT(sname, &st) < 0) {
suhosin_log(S_INTERNAL, "unable to find logging shell script %s - file dropped", sname);
goto log_phpscript;
}
if (access(sname, X_OK|R_OK) < 0) {
suhosin_log(S_INTERNAL, "logging shell script %s is not executable - file dropped", sname);
goto log_phpscript;
}
/* TODO: clean up this code to calculate size of output dynamically */
ap_php_snprintf(cmd, sizeof(cmd) - 20, "%s %s \'", sname, loglevel2string(loglevel));
space = sizeof(cmd) - strlen(cmd) - 20;
cmdpos = cmd + strlen(cmd);
bufpos = buf;
if (space <= 1) return;
while (space > 2 && *bufpos) {
if (*bufpos == '\'') {
if (space<=5) break;
*cmdpos++ = '\'';
*cmdpos++ = '\\';
*cmdpos++ = '\'';
*cmdpos++ = '\'';
bufpos++;
space-=4;
} else {
*cmdpos++ = *bufpos++;
space--;
}
}
*cmdpos++ = '\'';
*cmdpos++ = ' ';
*cmdpos++ = '2';
*cmdpos++ = '>';
*cmdpos++ = '&';
*cmdpos++ = '1';
*cmdpos = 0;
if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
suhosin_log(S_INTERNAL, "Unable to execute logging shell script: %s", sname);
goto log_phpscript;
}
/* read and forget the result */
while (1) {
int readbytes = fread(cmd, 1, sizeof(cmd), in);
if (readbytes<=0) {
break;
}
if (strncmp(cmd, "sh: ", 4) == 0) {
/* assume this is an error */
suhosin_log(S_INTERNAL, "Error while executing logging shell script: %s", sname);
pclose(in);
goto log_phpscript;
}
}
pclose(in);
}
log_phpscript:
if ((SUHOSIN_G(log_phpscript) & loglevel)!=0 && EG(in_execution) && SUHOSIN_G(log_phpscriptname) && SUHOSIN_G(log_phpscriptname)[0]) {
zend_file_handle file_handle;
zend_op_array *new_op_array;
zval *result = NULL;
long orig_execution_depth = SUHOSIN_G(execution_depth);
#if PHP_VERSION_ID < 50400
zend_bool orig_safe_mode = PG(safe_mode);
#endif
char *orig_basedir = PG(open_basedir);
char *phpscript = SUHOSIN_G(log_phpscriptname);
SDEBUG("scriptname %s", SUHOSIN_G(log_phpscriptname));
#ifdef ZEND_ENGINE_2
if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) {
#else
if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
file_handle.filename = phpscript;
file_handle.free_filename = 0;
#endif
if (!file_handle.opened_path) {
file_handle.opened_path = estrndup(phpscript, strlen(phpscript));
}
new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC);
zend_destroy_file_handle(&file_handle TSRMLS_CC);
if (new_op_array) {
HashTable *active_symbol_table = EG(active_symbol_table);
zval *zerror, *zerror_class;
if (active_symbol_table == NULL) {
active_symbol_table = &EG(symbol_table);
}
EG(return_value_ptr_ptr) = &result;
EG(active_op_array) = new_op_array;
MAKE_STD_ZVAL(zerror);
MAKE_STD_ZVAL(zerror_class);
ZVAL_STRING(zerror, buf, 1);
ZVAL_LONG(zerror_class, loglevel);
zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL);
zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL);
SUHOSIN_G(execution_depth) = 0;
if (SUHOSIN_G(log_phpscript_is_safe)) {
#if PHP_VERSION_ID < 50400
PG(safe_mode) = 0;
#endif
PG(open_basedir) = NULL;
}
zend_execute(new_op_array TSRMLS_CC);
SUHOSIN_G(execution_depth) = orig_execution_depth;
#if PHP_VERSION_ID < 50400
PG(safe_mode) = orig_safe_mode;
#endif
PG(open_basedir) = orig_basedir;
#ifdef ZEND_ENGINE_2
destroy_op_array(new_op_array TSRMLS_CC);
#else
destroy_op_array(new_op_array);
#endif
efree(new_op_array);
#ifdef ZEND_ENGINE_2
if (!EG(exception))
#endif
{
if (EG(return_value_ptr_ptr)) {
zval_ptr_dtor(EG(return_value_ptr_ptr));
EG(return_value_ptr_ptr) = NULL;
}
}
} else {
suhosin_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SUHOSIN_G(log_phpscriptname));
return;
}
} else {
suhosin_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SUHOSIN_G(log_phpscriptname));
return;
}
}
}
/* {{{ php_resolve_path
* Returns the realpath for given filename according to include path
*/
PHPAPI zend_string *php_resolve_path(const char *filename, int filename_length, const char *path)
{
char resolved_path[MAXPATHLEN];
char trypath[MAXPATHLEN];
const char *ptr, *end, *p;
const char *actual_path;
php_stream_wrapper *wrapper;
zend_string *exec_filename;
if (!filename || CHECK_NULL_PATH(filename, filename_length)) {
return NULL;
}
/* Don't resolve paths which contain protocol (except of file://) */
for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (wrapper == &php_plain_files_wrapper) {
if (tsrm_realpath(actual_path, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
}
}
return NULL;
}
if ((*filename == '.' &&
(IS_SLASH(filename[1]) ||
((filename[1] == '.') && IS_SLASH(filename[2])))) ||
IS_ABSOLUTE_PATH(filename, filename_length) ||
#if PHP_WIN32
/* This should count as an absolute local path as well, however
IS_ABSOLUTE_PATH doesn't care about this path form till now. It
might be a big thing to extend, thus just a local handling for
now. */
filename_length >=2 && IS_SLASH(filename[0]) && !IS_SLASH(filename[1]) ||
#endif
!path ||
!*path) {
if (tsrm_realpath(filename, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
} else {
return NULL;
}
}
ptr = path;
while (ptr && *ptr) {
/* Check for stream wrapper */
int is_stream_wrapper = 0;
for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
/* .:// or ..:// is not a stream wrapper */
if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
p += 3;
is_stream_wrapper = 1;
}
}
end = strchr(p, DEFAULT_DIR_SEPARATOR);
if (end) {
if (filename_length > (MAXPATHLEN - 2) || (end-ptr) > MAXPATHLEN || (end-ptr) + 1 + (size_t)filename_length + 1 >= MAXPATHLEN) {
ptr = end + 1;
continue;
}
memcpy(trypath, ptr, end-ptr);
trypath[end-ptr] = '/';
memcpy(trypath+(end-ptr)+1, filename, filename_length+1);
ptr = end+1;
} else {
size_t len = strlen(ptr);
if (filename_length > (MAXPATHLEN - 2) || len > MAXPATHLEN || len + 1 + (size_t)filename_length + 1 >= MAXPATHLEN) {
break;
}
memcpy(trypath, ptr, len);
trypath[len] = '/';
memcpy(trypath+len+1, filename, filename_length+1);
ptr = NULL;
}
actual_path = trypath;
if (is_stream_wrapper) {
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (!wrapper) {
continue;
} else if (wrapper != &php_plain_files_wrapper) {
if (wrapper->wops->url_stat) {
php_stream_statbuf ssb;
if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) {
return zend_string_init(trypath, strlen(trypath), 0);
}
}
continue;
}
}
if (tsrm_realpath(actual_path, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
}
} /* end provided path */
/* check in calling scripts' current working directory as a fall back case
*/
if (zend_is_executing() &&
(exec_filename = zend_get_executed_filename_ex()) != NULL) {
const char *exec_fname = ZSTR_VAL(exec_filename);
size_t exec_fname_length = ZSTR_LEN(exec_filename);
while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
if (exec_fname_length > 0 &&
filename_length < (MAXPATHLEN - 2) &&
exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) {
memcpy(trypath, exec_fname, exec_fname_length + 1);
memcpy(trypath+exec_fname_length + 1, filename, filename_length+1);
actual_path = trypath;
/* Check for stream wrapper */
for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
if (!wrapper) {
return NULL;
} else if (wrapper != &php_plain_files_wrapper) {
if (wrapper->wops->url_stat) {
php_stream_statbuf ssb;
if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) {
return zend_string_init(trypath, strlen(trypath), 0);
}
}
return NULL;
}
}
if (tsrm_realpath(actual_path, resolved_path)) {
return zend_string_init(resolved_path, strlen(resolved_path), 0);
}
}
}
return NULL;
}
static void dom_xpath_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int type) /* {{{ */
{
zval **args = NULL;
zval *retval;
int result, i, ret;
int error = 0;
zend_fcall_info fci;
zval handler;
xmlXPathObjectPtr obj;
char *str;
char *callable = NULL;
dom_xpath_object *intern;
TSRMLS_FETCH();
if (! zend_is_executing(TSRMLS_C)) {
xmlGenericError(xmlGenericErrorContext,
"xmlExtFunctionTest: Function called from outside of PHP\n");
error = 1;
} else {
intern = (dom_xpath_object *) ctxt->context->userData;
if (intern == NULL) {
xmlGenericError(xmlGenericErrorContext,
"xmlExtFunctionTest: failed to get the internal object\n");
error = 1;
}
else if (intern->registerPhpFunctions == 0) {
xmlGenericError(xmlGenericErrorContext,
"xmlExtFunctionTest: PHP Object did not register PHP functions\n");
error = 1;
}
}
if (error == 1) {
for (i = nargs - 1; i >= 0; i--) {
obj = valuePop(ctxt);
xmlXPathFreeObject(obj);
}
return;
}
fci.param_count = nargs - 1;
if (fci.param_count > 0) {
fci.params = safe_emalloc(fci.param_count, sizeof(zval**), 0);
args = safe_emalloc(fci.param_count, sizeof(zval *), 0);
}
/* Reverse order to pop values off ctxt stack */
for (i = nargs - 2; i >= 0; i--) {
obj = valuePop(ctxt);
MAKE_STD_ZVAL(args[i]);
switch (obj->type) {
case XPATH_STRING:
ZVAL_STRING(args[i], (char *)obj->stringval, 1);
break;
case XPATH_BOOLEAN:
ZVAL_BOOL(args[i], obj->boolval);
break;
case XPATH_NUMBER:
ZVAL_DOUBLE(args[i], obj->floatval);
break;
case XPATH_NODESET:
if (type == 1) {
str = (char *)xmlXPathCastToString(obj);
ZVAL_STRING(args[i], str, 1);
xmlFree(str);
} else if (type == 2) {
int j;
array_init(args[i]);
if (obj->nodesetval && obj->nodesetval->nodeNr > 0) {
for (j = 0; j < obj->nodesetval->nodeNr; j++) {
xmlNodePtr node = obj->nodesetval->nodeTab[j];
zval *child;
MAKE_STD_ZVAL(child);
/* not sure, if we need this... it's copied from xpath.c */
if (node->type == XML_NAMESPACE_DECL) {
xmlNsPtr curns;
xmlNodePtr nsparent;
nsparent = node->_private;
curns = xmlNewNs(NULL, node->name, NULL);
if (node->children) {
curns->prefix = xmlStrdup((xmlChar *) node->children);
}
if (node->children) {
node = xmlNewDocNode(node->doc, NULL, (xmlChar *) node->children, node->name);
} else {
node = xmlNewDocNode(node->doc, NULL, (xmlChar *) "xmlns", node->name);
}
node->type = XML_NAMESPACE_DECL;
node->parent = nsparent;
node->ns = curns;
}
child = php_dom_create_object(node, &ret, child, (dom_object *)intern TSRMLS_CC);
add_next_index_zval(args[i], child);
}
}
}
break;
default:
ZVAL_STRING(args[i], (char *)xmlXPathCastToString(obj), 1);
}
xmlXPathFreeObject(obj);
fci.params[i] = &args[i];
}
fci.size = sizeof(fci);
fci.function_table = EG(function_table);
obj = valuePop(ctxt);
if (obj->stringval == NULL) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string");
xmlXPathFreeObject(obj);
if (fci.param_count > 0) {
for (i = 0; i < nargs - 1; i++) {
zval_ptr_dtor(&args[i]);
}
efree(args);
efree(fci.params);
}
return;
}
INIT_PZVAL(&handler);
ZVAL_STRING(&handler, obj->stringval, 1);
xmlXPathFreeObject(obj);
fci.function_name = &handler;
fci.symbol_table = NULL;
fci.object_ptr = NULL;
fci.retval_ptr_ptr = &retval;
fci.no_separation = 0;
if (!zend_make_callable(&handler, &callable TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call handler %s()", callable);
} else if ( intern->registerPhpFunctions == 2 && zend_hash_exists(intern->registered_phpfunctions, callable, strlen(callable) + 1) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not allowed to call handler '%s()'.", callable);
/* Push an empty string, so that we at least have an xslt result... */
valuePush(ctxt, xmlXPathNewString((xmlChar *)""));
} else {
result = zend_call_function(&fci, NULL TSRMLS_CC);
if (result == FAILURE) {
if (Z_TYPE(handler) == IS_STRING) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call handler %s()", Z_STRVAL_P(&handler));
}
/* retval is == NULL, when an exception occurred, don't report anything, because PHP itself will handle that */
} else if (retval == NULL) {
} else {
if (retval->type == IS_OBJECT && instanceof_function( Z_OBJCE_P(retval), dom_node_class_entry TSRMLS_CC)) {
xmlNode *nodep;
dom_object *obj;
if (intern->node_list == NULL) {
ALLOC_HASHTABLE(intern->node_list);
zend_hash_init(intern->node_list, 0, NULL, ZVAL_PTR_DTOR, 0);
}
zval_add_ref(&retval);
zend_hash_next_index_insert(intern->node_list, &retval, sizeof(zval *), NULL);
obj = (dom_object *)zend_object_store_get_object(retval TSRMLS_CC);
nodep = dom_object_get_node(obj);
valuePush(ctxt, xmlXPathNewNodeSet(nodep));
} else if (retval->type == IS_BOOL) {
valuePush(ctxt, xmlXPathNewBoolean(retval->value.lval));
} else if (retval->type == IS_OBJECT) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "A PHP Object cannot be converted to a XPath-string");
valuePush(ctxt, xmlXPathNewString((xmlChar *)""));
} else {
convert_to_string_ex(&retval);
valuePush(ctxt, xmlXPathNewString( Z_STRVAL_P(retval)));
}
zval_ptr_dtor(&retval);
}
}
efree(callable);
zval_dtor(&handler);
if (fci.param_count > 0) {
for (i = 0; i < nargs - 1; i++) {
zval_ptr_dtor(&args[i]);
}
efree(args);
efree(fci.params);
}
}
