packages: php/suhosin.patch - 5.3.1RC1-0.9.8: wget -q http://download.suh...
glen
glen at pld-linux.org
Wed Nov 25 10:02:29 CET 2009
Author: glen Date: Wed Nov 25 09:02:29 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- 5.3.1RC1-0.9.8:
wget -q http://download.suhosin.org/suhosin-patch-5.3.1RC1-0.9.8.patch.gz -O -|zcat > suhosin.patch
---- Files affected:
packages/php:
suhosin.patch (1.3 -> 1.4)
---- Diffs:
================================================================
Index: packages/php/suhosin.patch
diff -u /dev/null packages/php/suhosin.patch:1.4
--- /dev/null Wed Nov 25 10:02:29 2009
+++ packages/php/suhosin.patch Wed Nov 25 10:02:23 2009
@@ -0,0 +1,5427 @@
+diff -Nura php-5.3.1RC1/Zend/Makefile.am suhosin-patch-5.3.1RC1-0.9.8/Zend/Makefile.am
+--- php-5.3.1RC1/Zend/Makefile.am 2009-03-18 11:18:10.000000000 +0100
++++ suhosin-patch-5.3.1RC1-0.9.8/Zend/Makefile.am 2009-09-27 19:04:06.000000000 +0200
+@@ -17,7 +17,7 @@
+ zend_objects_API.c zend_ts_hash.c zend_stream.c \
+ zend_default_classes.c \
+ zend_iterators.c zend_interfaces.c zend_exceptions.c \
+- zend_strtod.c zend_closures.c zend_float.c
++ zend_strtod.c zend_closures.c zend_float.c zend_canary.c zend_alloc_canary.c
+
+ libZend_la_LDFLAGS =
+ libZend_la_LIBADD = @ZEND_EXTRA_LIBS@
+diff -Nura php-5.3.1RC1/Zend/Zend.dsp suhosin-patch-5.3.1RC1-0.9.8/Zend/Zend.dsp
+--- php-5.3.1RC1/Zend/Zend.dsp 2009-03-18 11:18:10.000000000 +0100
++++ suhosin-patch-5.3.1RC1-0.9.8/Zend/Zend.dsp 2009-09-27 19:04:06.000000000 +0200
+@@ -247,6 +247,14 @@
+ # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
++SOURCE=.\zend_alloc_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
+diff -Nura php-5.3.1RC1/Zend/ZendTS.dsp suhosin-patch-5.3.1RC1-0.9.8/Zend/ZendTS.dsp
+--- php-5.3.1RC1/Zend/ZendTS.dsp 2008-07-14 11:49:03.000000000 +0200
++++ suhosin-patch-5.3.1RC1-0.9.8/Zend/ZendTS.dsp 2009-09-27 19:04:06.000000000 +0200
+@@ -277,6 +277,14 @@
+ # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
++SOURCE=.\zend_alloc_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
+diff -Nura php-5.3.1RC1/Zend/zend.c suhosin-patch-5.3.1RC1-0.9.8/Zend/zend.c
+--- php-5.3.1RC1/Zend/zend.c 2009-06-16 18:10:15.000000000 +0200
++++ suhosin-patch-5.3.1RC1-0.9.8/Zend/zend.c 2009-09-27 19:04:06.000000000 +0200
+@@ -60,6 +60,10 @@
+ ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
+ ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC);
+
++#if SUHOSIN_PATCH
++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
++#endif
++
+ void (*zend_on_timeout)(int seconds TSRMLS_DC);
+
+ static void (*zend_message_dispatcher_p)(long message, void *data TSRMLS_DC);
+@@ -88,6 +92,74 @@
+ }
+ /* }}} */
+
++#if SUHOSIN_PATCH
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
++{
++ if (!new_value) {
++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY;
++ } else {
++ SPG(log_syslog) = atoi(new_value) | S_MEMORY;
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
++{
++ if (!new_value) {
++ SPG(log_syslog_facility) = LOG_USER;
++ } else {
++ SPG(log_syslog_facility) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
++{
++ if (!new_value) {
++ SPG(log_syslog_priority) = LOG_ALERT;
++ } else {
++ SPG(log_syslog_priority) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
++{
++ if (!new_value) {
++ SPG(log_sapi) = S_ALL & ~S_SQL;
++ } else {
++ SPG(log_sapi) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_script)
++{
++ if (!new_value) {
++ SPG(log_script) = S_ALL & ~S_MEMORY;
++ } else {
++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
++{
++ if (SPG(log_scriptname)) {
++ pefree(SPG(log_scriptname),1);
++ }
++ SPG(log_scriptname) = NULL;
++ if (new_value) {
++ SPG(log_scriptname) = pestrdup(new_value,1);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
++{
++ if (!new_value) {
++ SPG(log_phpscript) = S_ALL & ~S_MEMORY;
++ } else {
++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
++ }
++ return SUCCESS;
++}
++#endif
++
+ ZEND_INI_BEGIN()
+ ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting)
+ STD_ZEND_INI_BOOLEAN("zend.enable_gc", "1", ZEND_INI_ALL, OnUpdateGCEnabled, gc_enabled, zend_gc_globals, gc_globals)
+diff -Nura php-5.3.1RC1/Zend/zend.h suhosin-patch-5.3.1RC1-0.9.8/Zend/zend.h
+--- php-5.3.1RC1/Zend/zend.h 2009-08-06 03:33:54.000000000 +0200
++++ suhosin-patch-5.3.1RC1-0.9.8/Zend/zend.h 2009-09-27 19:04:06.000000000 +0200
+@@ -627,6 +627,9 @@
+ extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap);
+ extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
+ extern ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC);
++#if SUHOSIN_PATCH
++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
++#endif
+
+ ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3);
+
+@@ -766,6 +769,14 @@
+ ZEND_API void zend_replace_error_handling(zend_error_handling_t error_handling, zend_class_entry *exception_class, zend_error_handling *current TSRMLS_DC);
+ ZEND_API void zend_restore_error_handling(zend_error_handling *saved TSRMLS_DC);
+
++#if SUHOSIN_PATCH
++#include "suhosin_globals.h"
++#include "suhosin_patch.h"
++#include "php_syslog.h"
++
++ZEND_API size_t zend_canary();
++#endif
++
+ #endif /* ZEND_H */
+
+ /*
+diff -Nura php-5.3.1RC1/Zend/zend_alloc.c suhosin-patch-5.3.1RC1-0.9.8/Zend/zend_alloc.c
+--- php-5.3.1RC1/Zend/zend_alloc.c 2009-09-03 16:33:11.000000000 +0200
++++ suhosin-patch-5.3.1RC1-0.9.8/Zend/zend_alloc.c 2009-09-27 19:08:35.000000000 +0200
+@@ -18,7 +18,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id$ */
++/* $Id$ */
+
+ #include "zend.h"
+ #include "zend_alloc.h"
+@@ -32,6 +32,10 @@
+ # include <unistd.h>
+ #endif
+
++#if SUHOSIN_PATCH
++#include "suhosin_patch.h"
++#endif
++
+ #ifdef ZEND_WIN32
+ # include <wincrypt.h>
+ # include <process.h>
+@@ -59,6 +63,7 @@
+ # define PTR_FMT "0x%0.8lx"
+ #endif
+
++#ifndef SUHOSIN_MM_CLONE_FILE
+ #if ZEND_DEBUG
+ void zend_debug_alloc_output(char *format, ...)
+ {
+@@ -76,6 +81,7 @@
+ #endif
+ }
+ #endif
++#endif
+
+ #if (defined (__GNUC__) && __GNUC__ > 2 ) && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX)
+ static void zend_mm_panic(const char *message) __attribute__ ((noreturn));
+@@ -324,13 +330,28 @@
+ #define MEM_BLOCK_GUARD 0x2A8FCC84
+ #define MEM_BLOCK_LEAK 0x6C5E8F2D
+
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++# define CANARY_SIZE sizeof(size_t)
++#else
++# define CANARY_SIZE 0
++#endif
++
+ /* mm block type */
+ typedef struct _zend_mm_block_info {
+ #if ZEND_MM_COOKIES
+ size_t _cookie;
+ #endif
+- size_t _size;
+- size_t _prev;
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++ size_t canary_1;
++#endif
++ size_t _size;
++ size_t _prev;
++#if SUHOSIN_PATCH
++ size_t size;
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++ size_t canary_2;
++#endif
++#endif
+ } zend_mm_block_info;
+
+ #if ZEND_DEBUG
+@@ -404,7 +425,7 @@
+ # define ZEND_MM_CACHE_STAT 0
+ #endif
+
+-struct _zend_mm_heap {
++typedef struct _zend_mm_heap {
+ int use_zend_alloc;
+ void *(*_malloc)(size_t);
+ void (*_free)(void*);
+@@ -439,6 +460,9 @@
+ int miss;
+ } cache_stat[ZEND_MM_NUM_BUCKETS+1];
+ #endif
++#if SUHOSIN_PATCH
++ size_t canary_1,canary_2,canary_3;
++#endif
+ };
+
+ #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \
+@@ -512,18 +536,31 @@
+ /* optimized access */
+ #define ZEND_MM_FREE_BLOCK_SIZE(b) (b)->info._size
+
++#ifndef ZEND_MM_ALIGNMENT
++# define ZEND_MM_ALIGNMENT 8
++# define ZEND_MM_ALIGNMENT_LOG2 3
++#elif ZEND_MM_ALIGNMENT < 4
++# undef ZEND_MM_ALIGNMENT
++# undef ZEND_MM_ALIGNMENT_LOG2
++# define ZEND_MM_ALIGNMENT 4
++# define ZEND_MM_ALIGNMENT_LOG2 2
++#endif
++
++#define ZEND_MM_ALIGNMENT_MASK ~(ZEND_MM_ALIGNMENT-1)
++
+ /* Aligned header size */
++#define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK)
+ #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block))
+ #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block))
+-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE)
++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE)
+ #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE)
+ #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment))
+
+-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0)
++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0)
+
+ #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE)
+
+-#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)))
++#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)))
+
+ #define ZEND_MM_BUCKET_INDEX(true_size) ((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2))
+
+@@ -585,6 +622,44 @@
+
+ #endif
+
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++
++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \
++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \
++ canary_mismatch: \
++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \
++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { (block)->info.canary_1 = heap->canary_1; (block)->info.canary_2 = heap->canary_2; }\
++ } \
++ memcpy(&check, p, CANARY_SIZE); \
++ if (check != heap->canary_3) { \
++ zend_suhosin_log(S_MEMORY, "end canary mismatch on " MFUNCTION " - heap overflow detected at %p", (block)); \
++ if (SUHOSIN_CONFIG(SUHOSIN_MM_IGNORE_CANARY_VIOLATION) == 0) { _exit(1); } else { memcpy(p, heap->canary_3, CANARY_SIZE); } \
++ } \
++ } while (0)
++
++# define SUHOSIN_MM_SET_CANARIES(block) do { \
++ (block)->info.canary_1 = heap->canary_1; \
++ (block)->info.canary_2 = heap->canary_2; \
++ } while (0)
++
++# define SUHOSIN_MM_END_CANARY_PTR(block) \
++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE)
++
++# define SUHOSIN_MM_SET_END_CANARY(block) do { \
++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \
++ memcpy(p, &heap->canary_3, CANARY_SIZE); \
++ } while (0)
++
++#else
++
++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION)
++# define SUHOSIN_MM_SET_CANARIES(block)
++# define SUHOSIN_MM_END_CANARY_PTR(block)
++# define SUHOSIN_MM_SET_END_CANARY(block)
++
++#endif
++
+
+ #if ZEND_MM_HEAP_PROTECTION
+
+@@ -707,7 +782,7 @@
+ #endif
+ }
+
+-static inline void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
++static void zend_mm_add_to_rest_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
+ {
+ zend_mm_free_block *prev, *next;
+
+@@ -724,7 +799,7 @@
+ prev->next_free_block = next->prev_free_block = mm_block;
+ }
+
+-static inline void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
++static void zend_mm_add_to_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
+ {
+ size_t size;
+ size_t index;
+@@ -785,7 +860,7 @@
+ }
+ }
+
+-static inline void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
++static void zend_mm_remove_from_free_list(zend_mm_heap *heap, zend_mm_free_block *mm_block)
+ {
+ zend_mm_free_block *prev = mm_block->prev_free_block;
+ zend_mm_free_block *next = mm_block->next_free_block;
+@@ -795,6 +870,12 @@
+ if (EXPECTED(prev == mm_block)) {
+ zend_mm_free_block **rp, **cp;
+
++#if SUHOSIN_PATCH
++ if (next != mm_block) {
++ zend_suhosin_log(S_MEMORY, "zend_mm_heap corrupted at %p", mm_block);
++ _exit(1);
++ }
++#endif
+ #if ZEND_MM_SAFE_UNLINKING
+ if (UNEXPECTED(next != mm_block)) {
+ zend_mm_panic("zend_mm_heap corrupted");
+@@ -833,6 +914,13 @@
+ }
+ } else {
+
++#if SUHOSIN_PATCH
++ if (prev->next_free_block != mm_block || next->prev_free_block != mm_block) {
++ zend_suhosin_log(S_MEMORY, "zend_mm_head corrupted at %p", mm_block);
++ _exit(1);
++ }
++#endif
++
+ #if ZEND_MM_SAFE_UNLINKING
+ if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) {
+ zend_mm_panic("zend_mm_heap corrupted");
+@@ -856,7 +944,7 @@
+ }
+ }
+
+-static inline void zend_mm_init(zend_mm_heap *heap)
++static void zend_mm_init(zend_mm_heap *heap)
+ {
+ zend_mm_free_block* p;
+ int i;
+@@ -880,6 +968,13 @@
+ heap->large_free_buckets[i] = NULL;
+ }
+ heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap);
++#if SUHOSIN_PATCH
++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
++ heap->canary_1 = zend_canary();
++ heap->canary_2 = zend_canary();
++ heap->canary_3 = zend_canary();
++ }
++#endif
+ }
+
+ static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment)
+@@ -988,11 +1083,16 @@
+ }
+ #endif
+
++
+ /* Notes:
+ * - This function may alter the block_sizes values to match platform alignment
+ * - This function does *not* perform sanity checks on the arguments
+ */
+-ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++zend_mm_heap *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
++#else
++static zend_mm_heap *__zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
++#endif
+ {
+ zend_mm_storage *storage;
+ zend_mm_heap *heap;
+@@ -1062,12 +1162,12 @@
+ heap->reserve = NULL;
+ heap->reserve_size = reserve_size;
+ if (reserve_size > 0) {
+- heap->reserve = _zend_mm_alloc_int(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
++ heap->reserve = _zend_mm_alloc(heap, reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+ }
+ if (internal) {
+ int i;
+ zend_mm_free_block *p, *q, *orig;
+- zend_mm_heap *mm_heap = _zend_mm_alloc_int(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
++ zend_mm_heap *mm_heap = _zend_mm_alloc(heap, sizeof(zend_mm_heap) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+
+ *mm_heap = *heap;
+
+@@ -1098,7 +1198,11 @@
+ return heap;
+ }
+
+-ZEND_API zend_mm_heap *zend_mm_startup(void)
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++zend_mm_heap *__zend_mm_startup_canary(void)
++#else
++static zend_mm_heap *__zend_mm_startup(void)
++#endif
+ {
+ int i;
+ size_t seg_size;
+@@ -1152,6 +1256,27 @@
+ return heap;
+ }
+
++#ifndef SUHOSIN_MM_CLONE_FILE
++zend_mm_heap_canary *__zend_mm_startup_canary_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params);
++zend_mm_heap_canary *__zend_mm_startup_canary(void);
++
++ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_mem_handlers *handlers, size_t block_size, size_t reserve_size, int internal, void *params)
++{
++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
++ return (zend_mm_heap *)__zend_mm_startup_canary_ex(handlers, block_size, reserve_size, internal, params);
++ }
++ return __zend_mm_startup_ex(handlers, block_size, reserve_size, internal, params);
++}
++ZEND_API zend_mm_heap *zend_mm_startup(void)
++{
++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
++ return (zend_mm_heap *)__zend_mm_startup_canary();
++ }
++ return __zend_mm_startup();
++}
++
++#endif
++
+ #if ZEND_DEBUG
+ static long zend_mm_find_leaks(zend_mm_segment *segment, zend_mm_block *b)
+ {
+@@ -1520,7 +1645,11 @@
+ }
+ #endif
+
+-ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++void __zend_mm_shutdown_canary(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
++#else
++static void __zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
++#endif
+ {
+ zend_mm_storage *storage;
+ zend_mm_segment *segment;
+@@ -1530,7 +1659,7 @@
+ if (heap->reserve) {
+ #if ZEND_DEBUG
+ if (!silent) {
+- _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
++ _zend_mm_free(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+ }
+ #endif
+ heap->reserve = NULL;
+@@ -1613,12 +1742,23 @@
+ heap->size = 0;
+ heap->peak = 0;
+ if (heap->reserve_size) {
+- heap->reserve = _zend_mm_alloc_int(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
++ heap->reserve = _zend_mm_alloc(heap, heap->reserve_size ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
+ }
+ heap->overflow = 0;
+ }
+ }
+
++#ifndef SUHOSIN_MM_CLONE_FILE
++ZEND_API void zend_mm_shutdown(zend_mm_heap *heap, int full_shutdown, int silent TSRMLS_DC)
++{
++ if (SUHOSIN_CONFIG(SUHOSIN_MM_USE_CANARY_PROTECTION)) {
++ __zend_mm_shutdown_canary(heap, full_shutdown, silent TSRMLS_CC);
++ return;
++ }
++ __zend_mm_shutdown(heap, full_shutdown, silent TSRMLS_CC);
++}
++#endif
++
+ static void zend_mm_safe_error(zend_mm_heap *heap,
+ const char *format,
+ size_t limit,
+@@ -1629,7 +1769,11 @@
+ size_t size)
+ {
+ if (heap->reserve) {
++#if SUHOSIN_MM_WITH_CANARY_PROTECTION
++ _zend_mm_free_canary_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
++#else
+ _zend_mm_free_int(heap, heap->reserve ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC);
++#endif
+ heap->reserve = NULL;
+ }
+ if (heap->overflow == 0) {
+@@ -1752,6 +1896,9 @@
+ return best_fit->next_free_block;
+ }
+
++#if SUHOSIN_PATCH
++void *_zend_mm_alloc_canary_int(zend_mm_heap_canary *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC);
++#endif
+ static void *_zend_mm_alloc_int(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+ {
+ zend_mm_free_block *best_fit;
+@@ -1761,7 +1908,7 @@
+ size_t segment_size;
+ zend_mm_segment *segment;
+ int keep_rest = 0;
+-
++
+ if (EXPECTED(ZEND_MM_SMALL_SIZE(true_size))) {
+ size_t index = ZEND_MM_BUCKET_INDEX(true_size);
+ size_t bitmap;
+@@ -1779,6 +1926,11 @@
+ best_fit = heap->cache[index];
+ heap->cache[index] = best_fit->prev_free_block;
+ heap->cached -= true_size;
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
+ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
+ return ZEND_MM_DATA_OF(best_fit);
+@@ -1918,13 +2070,19 @@
+
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1);
+
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
++
+ heap->size += true_size;
+ if (heap->peak < heap->size) {
+ heap->peak = heap->size;
+ }
+
+ HANDLE_UNBLOCK_INTERRUPTIONS();
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/suhosin.patch?r1=1.3&r2=1.4&f=u
More information about the pld-cvs-commit
mailing list