forked from runkit7/runkit7
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathphp_runkit_sandbox.h
187 lines (170 loc) · 6.47 KB
/
php_runkit_sandbox.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
/*
+----------------------------------------------------------------------+
| PHP Version 7 |
+----------------------------------------------------------------------+
| (c) 2008-2015 Dmitry Zenovich |
| "runkit7" patches (c) 2015-2018 Tyson Andre |
+----------------------------------------------------------------------+
| This source file is subject to the new BSD license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.opensource.org/licenses/BSD-3-Clause |
| If you did not receive a copy of the license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| [email protected] so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Author: Dmitry Zenovich <[email protected]> |
| Modified for php7 by Tyson Andre <[email protected]> |
+----------------------------------------------------------------------+
*/
#ifndef PHP_RUNKIT_SANDBOX_H
#define PHP_RUNKIT_SANDBOX_H
// FIXME reintroduce and fix compilation errors
#if 0
/* {{{ php_runkit_sandbox_has_property_int */
inline static int php_runkit_sandbox_has_property_int(int has_set_exists, zval *member) {
zval **tmpzval;
int result = 0;
if (zend_hash_find(&EG(symbol_table), Z_STRVAL_P(member), Z_STRLEN_P(member) + 1, (void*)&tmpzval) == SUCCESS) {
switch (has_set_exists) {
case 0:
result = (Z_TYPE_PP(tmpzval) != IS_NULL);
break;
case 1:
switch (Z_TYPE_PP(tmpzval)) {
case IS_FALSE: case IS_TRUE: case IS_LONG: case IS_RESOURCE:
result = (Z_LVAL_PP(tmpzval) != 0);
break;
case IS_DOUBLE:
result = (Z_DVAL_PP(tmpzval) != 0);
break;
case IS_STRING:
result = (Z_STRLEN_PP(tmpzval) > 1 || (Z_STRLEN_PP(tmpzval) == 1 && Z_STRVAL_PP(tmpzval)[0] != '0'));
break;
case IS_ARRAY:
result = zend_hash_num_elements(Z_ARRVAL_PP(tmpzval)) > 0;
break;
case IS_OBJECT:
/* TODO: Use ZE2 logic for this rather than ZE1 logic */
result = zend_hash_num_elements(Z_OBJPROP_PP(tmpzval)) > 0;
break;
case IS_NULL:
default:
result = 0;
}
break;
case 2:
result = 1;
break;
}
} else {
result = 0;
}
return result;
}
/* }}} */
/* {{{ php_runkit_sandbox_include_or_eval_int */
inline static zend_op_array *php_runkit_sandbox_include_or_eval_int(zval *return_value, zval *zcode, int type, int once, int *already_included) {
zend_op_array *op_array = NULL;
if (type == ZEND_EVAL) {
/* eval() */
char *eval_desc = zend_make_compiled_string_description("Runkit_Sandbox Eval Code");
op_array = compile_string(zcode, eval_desc);
efree(eval_desc);
} else if (!once) {
/* include() & require() */
op_array = compile_filename(type, zcode);
} else {
/* include_once() & require_once() */
int dummy = 1;
zend_file_handle file_handle;
if (SUCCESS == zend_stream_open(Z_STRVAL_P(zcode), &file_handle)) {
if (!file_handle.opened_path) {
file_handle.opened_path = estrndup(Z_STRVAL_P(zcode), Z_STRLEN_P(zcode));
}
if (zend_hash_add(&EG(included_files), file_handle.opened_path, strlen(file_handle.opened_path)+1, (void*)&dummy, sizeof(int), NULL)==SUCCESS) {
op_array = zend_compile_file(&file_handle, type);
zend_destroy_file_handle(&file_handle);
} else {
RUNKIT_FILE_HANDLE_DTOR(&file_handle);
RETVAL_TRUE;
*already_included = 1;
}
}
}
return op_array;
}
/* }}} */
/* {{{ php_runkit_sandbox_call_int */
inline static void php_runkit_sandbox_call_int(zval *func_name, char **pname, zval **pretval, zval *args, zval *return_value, void *prior_context) {
HashPosition pos;
int i;
zval **tmpzval;
int argc = zend_hash_num_elements(Z_ARRVAL_P(args));
zval ***sandbox_args = safe_emalloc(sizeof(zval**), argc, 0);
for(zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(args), &pos), i = 0;
(zend_hash_get_current_data_ex(Z_ARRVAL_P(args), (void*)&tmpzval, &pos) == SUCCESS) && (i < argc);
zend_hash_move_forward_ex(Z_ARRVAL_P(args), &pos), i++) {
sandbox_args[i] = emalloc(sizeof(zval*));
MAKE_STD_ZVAL(*sandbox_args[i]);
**sandbox_args[i] = **tmpzval;
if (Z_TYPE_P(*sandbox_args[i]) == IS_OBJECT && zend_get_class_entry(*sandbox_args[i], prior_context) == zend_ce_closure) {
zend_closure *closure;
zend_object *bucket;
bucket = php_runkit_zend_object_store_get_obj(*sandbox_args[i], prior_context);
closure = (zend_closure *) bucket->bucket.obj.object;
(*sandbox_args[i])->value.obj.handle = zend_objects_store_put(closure, NULL, NULL, bucket->bucket.obj.clone);
} else
PHP_SANDBOX_CROSS_SCOPE_ZVAL_COPY_CTOR(*sandbox_args[i]);
}
/* Shouldn't be necessary */
argc = i;
/* Note: If this function is disabled by disable_functions or disable_classes,
* The user will get a confusing error message about (null)() being disabled for security reasons on line 0
* This will be fixable with a properly set EG(function_state_ptr)....just not yet
*/
if (call_user_function_ex(EG(function_table), NULL, func_name, pretval, argc, sandbox_args, 0, NULL) == SUCCESS) {
if (*pretval) {
*return_value = **pretval;
} else {
RETVAL_TRUE;
}
} else {
php_error_docref1(NULL, *pname, E_WARNING, "Unable to call function");
RETVAL_FALSE;
}
if (*pname) {
efree(*pname);
*pname = NULL;
}
for(i = 0; i < argc; i++) {
if (Z_TYPE_P(*sandbox_args[i]) == IS_OBJECT && zend_get_class_entry(*sandbox_args[i]) == zend_ce_closure) {
zend_object_store_bucket *bucket = php_runkit_zend_object_store_get_obj(*sandbox_args[i]);
zend_objects_store_del_ref(*sandbox_args[i]);
zval_ptr_dtor(sandbox_args[i]);
bucket->bucket.obj.object = NULL;
}
zval_ptr_dtor(sandbox_args[i]);
efree(sandbox_args[i]);
}
efree(sandbox_args);
}
/* }}} */
/* {{{ php_runkit_sandbox_return_property_value */
inline static zval *php_runkit_sandbox_return_property_value(int prop_found, zval *retval) {
if (prop_found) {
zval *return_value;
ALLOC_ZVAL(return_value);
*return_value = *retval;
/* ZE expects refcount == 0 for unowned values */
INIT_PZVAL(return_value);
PHP_SANDBOX_CROSS_SCOPE_ZVAL_COPY_CTOR(return_value);
return_value->RUNKIT_REFCOUNT--;
return return_value;
} else {
return EG(uninitialized_zval_ptr);
}
}
/* }}} */
#endif // #if 0
#endif