clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-01 23:06:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.php.net/php-src

Browse Source
This commit is contained in:
Andrey Hristov 2012-10-16 15:06:22 +02:00
commit 54cbf5315c
24 changed files with 1105 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@ -3,6 +3,8 @@ PHP NEWS
?? ??? 201?, PHP 5.5.0
- General improvements:
. Add simplified password hashing API
(https://wiki.php.net/rfc/password_hash). (Anthony Ferrara)
. Add generators and coroutines (https://wiki.php.net/rfc/generators).
(Nikita Popov)
. Support list in foreach (https://wiki.php.net/rfc/foreachlist). (Laruence)
@ -84,4 +86,8 @@ PHP NEWS
- Zip:
. Upgraded libzip to 0.10.1 (Anatoliy)
- Fileinfo:
. Fixed bug #63248 (Load multiple magic files from a directory under Windows).
(Anatoliy)
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>

26
ext/fileinfo/config.w32
View File

@ -4,22 +4,16 @@
ARG_ENABLE("fileinfo", "fileinfo support", "no");
if (PHP_FILEINFO != 'no') {
if (CHECK_HEADER_ADD_INCLUDE("dirent.h", "CFLAGS_FILEINFO") &&
CHECK_LIB("dirent_a.lib", "fileinfo", PHP_FILEINFO)) {
LIBMAGIC_SOURCES=" apprentice.c apptype.c ascmagic.c \
cdf.c cdf_time.c compress.c \
encoding.c fsmagic.c funcs.c \
is_tar.c magic.c print.c \
readcdf.c readelf.c softmagic.c";
LIBMAGIC_SOURCES=" apprentice.c apptype.c ascmagic.c \
cdf.c cdf_time.c compress.c \
encoding.c fsmagic.c funcs.c \
is_tar.c magic.c print.c \
readcdf.c readelf.c softmagic.c";
if (VCVERS < 1500) {
ADD_FLAG('CFLAGS', '/Zm1000');
}
if (VCVERS < 1500) {
ADD_FLAG('CFLAGS', '/Zm1000');
}
EXTENSION('fileinfo', 'fileinfo.c', true, "/I" + configure_module_dirname + "/libmagic /I" + configure_module_dirname);
ADD_SOURCES(configure_module_dirname + '\\libmagic', LIBMAGIC_SOURCES, "fileinfo");
} else {
WARNING("fileinfo not enabled; libraries and headers not found");
PHP_FILEINFO = "no";
}
EXTENSION('fileinfo', 'fileinfo.c', true, "/I" + configure_module_dirname + "/libmagic /I" + configure_module_dirname);
ADD_SOURCES(configure_module_dirname + '\\libmagic', LIBMAGIC_SOURCES, "fileinfo");
}

181
ext/fileinfo/libmagic.patch
View File

@ -1,6 +1,6 @@
diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
--- libmagic.origin/apprentice.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/apprentice.c 2012-09-11 11:36:51.000000000 +0800
--- libmagic.origin/apprentice.c Sat Dec 17 18:17:18 2011
+++ libmagic/apprentice.c Tue Oct 16 10:21:49 2012
@@ -29,6 +29,8 @@
* apprentice - make one pass through /etc/magic, learning its secrets.
*/
@ -10,7 +10,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
#include "file.h"
#ifndef lint
@@ -36,18 +38,34 @@
@@ -36,18 +38,31 @@
#endif /* lint */
#include "magic.h"
@ -43,13 +43,11 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
-#ifdef QUICK
-#include <sys/mman.h>
-#endif
+#ifndef PHP_WIN32
#include <dirent.h>
+#endif
-#include <dirent.h>
#define EATAB {while (isascii((unsigned char) *l) && \
isspace((unsigned char) *l)) ++l;}
@@ -112,12 +130,10 @@
@@ -112,12 +127,10 @@
private int parse_strength(struct magic_set *, struct magic_entry *, const char *);
private int parse_apple(struct magic_set *, struct magic_entry *, const char *);
@ -62,7 +60,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
private struct {
const char *name;
size_t len;
@@ -131,38 +147,7 @@
@@ -131,38 +144,7 @@
{ NULL, 0, NULL }
};
@ -102,7 +100,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
static const struct type_tbl_s {
const char name[16];
@@ -218,6 +203,10 @@
@@ -218,6 +200,10 @@
# undef XX_NULL
};
@ -113,7 +111,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
private int
get_type(const char *l, const char **t)
{
@@ -275,15 +264,17 @@
@@ -275,15 +261,17 @@
if (rv != 0)
return -1;
rv = apprentice_compile(ms, &magic, &nmagic, fn);
@ -136,7 +134,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
if (rv != 0)
return -1;
}
@@ -295,11 +286,7 @@
@@ -295,11 +283,7 @@
return -1;
}
@ -149,7 +147,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
ml->magic = magic;
ml->nmagic = nmagic;
@@ -318,7 +305,6 @@
@@ -318,7 +302,6 @@
}
return 0;
@ -157,7 +155,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
}
protected void
@@ -327,22 +313,18 @@
@@ -327,22 +310,18 @@
if (p == NULL)
return;
switch (type) {
@ -186,7 +184,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
default:
abort();
}
@@ -355,23 +337,27 @@
@@ -355,23 +334,27 @@
char *p, *mfn;
int file_err, errs = -1;
struct mlist *mlist;
@ -223,7 +221,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
mlist->next = mlist->prev = mlist;
while (fn) {
@@ -385,13 +371,13 @@
@@ -385,13 +368,13 @@
fn = p;
}
if (errs == -1) {
@ -240,7 +238,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
return mlist;
}
@@ -524,6 +510,7 @@
@@ -524,6 +507,7 @@
abort();
}
@ -248,7 +246,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
/*
* Magic entries with no description get a bonus because they depend
* on subsequent magic entries to print something.
@@ -539,8 +526,8 @@
@@ -539,8 +523,8 @@
private int
apprentice_sort(const void *a, const void *b)
{
@ -259,7 +257,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
size_t sa = apprentice_magic_strength(ma->mp);
size_t sb = apprentice_magic_strength(mb->mp);
if (sa == sb)
@@ -671,12 +658,22 @@
@@ -671,12 +655,22 @@
load_1(struct magic_set *ms, int action, const char *fn, int *errs,
struct magic_entry **marray, uint32_t *marraycount)
{
@ -286,7 +284,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
if (errno != ENOENT)
file_error(ms, errno, "cannot read magic file `%s'",
fn);
@@ -684,9 +681,12 @@
@@ -684,9 +678,12 @@
return;
}
@ -302,7 +300,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
if (len == 0) /* null line, garbage, etc */
continue;
if (line[len - 1] == '\n') {
@@ -736,8 +736,7 @@
@@ -736,8 +733,7 @@
break;
}
}
@ -312,7 +310,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
}
/*
@@ -754,23 +753,19 @@
@@ -754,23 +750,21 @@
apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
const char *fn, int action)
{
@ -325,8 +323,12 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
+ size_t files = 0, maxfiles = 0;
+ char **filearr = NULL;
struct stat st;
DIR *dir;
struct dirent *d;
- DIR *dir;
- struct dirent *d;
+ php_stream *dir;
+ php_stream_dirent d;
+
+ TSRMLS_FETCH();
ms->flags |= MAGIC_CHECK; /* Enable checks for parsed files */
@ -341,28 +343,33 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
marraycount = 0;
/* print silly verbose header for USG compat. */
@@ -778,14 +773,18 @@
@@ -778,22 +772,26 @@
(void)fprintf(stderr, "%s\n", usg_hdr);
/* load directory or file */
- if (stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) {
- dir = opendir(fn);
+ /* FIXME: Read file names and sort them to prevent
+ non-determinism. See Debian bug #488562. */
+ if (php_sys_stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) {
+ int mflen;
+ char mfn[MAXPATHLEN];
dir = opendir(fn);
+ int mflen;
+ char mfn[MAXPATHLEN];
+
+ dir = php_stream_opendir(fn, REPORT_ERRORS, NULL);
if (!dir) {
errs++;
goto out;
}
while ((d = readdir(dir)) != NULL) {
- while ((d = readdir(dir)) != NULL) {
- if (asprintf(&mfn, "%s/%s", fn, d->d_name) < 0) {
+ if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d->d_name)) < 0) {
+ while (php_stream_readdir(dir, &d)) {
+ if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d.d_name)) < 0) {
file_oomem(ms,
strlen(fn) + strlen(d->d_name) + 2);
- strlen(fn) + strlen(d->d_name) + 2);
+ strlen(fn) + strlen(d.d_name) + 2);
errs++;
@@ -793,7 +792,6 @@
- closedir(dir);
+ php_stream_closedir(dir);
goto out;
}
if (stat(mfn, &st) == -1 || !S_ISREG(st.st_mode)) {
@ -375,7 +382,8 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
realloc(filearr, mlen))) == NULL) {
file_oomem(ms, mlen);
- free(mfn);
closedir(dir);
- closedir(dir);
+ php_stream_closedir(dir);
errs++;
goto out;
}
@ -383,7 +391,8 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
- filearr[files++] = mfn;
+ filearr[files++] = estrndup(mfn, (mflen > sizeof(mfn) - 1)? sizeof(mfn) - 1: mflen);
}
closedir(dir);
- closedir(dir);
+ php_stream_closedir(dir);
qsort(filearr, files, sizeof(*filearr), cmpstrp);
for (i = 0; i < files; i++) {
load_1(ms, action, filearr[i], &errs, &marray,
@ -512,7 +521,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
m->mimetype[0] = '\0'; /* initialise MIME type to none */
if (m->cont_level == 0)
++(*nmentryp); /* make room for next */
@@ -2195,56 +2180,69 @@
@@ -2195,56 +2180,79 @@
/*
* handle a compiled file.
@ -543,6 +552,16 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
+ ret = 3;
+ goto internal_loaded;
+ }
+
+#ifdef PHP_WIN32
+ /* Don't bother on windows with php_stream_open_wrapper,
+ return to give apprentice_load() a chance. */
+ if (php_stream_stat_path_ex(fn, 0, &st, NULL) == SUCCESS) {
+ if (st.sb.st_mode & S_IFDIR) {
+ goto error2;
+ }
+ }
+#endif
dbname = mkdbname(ms, fn, 0);
if (dbname == NULL)
@ -605,7 +624,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
ptr = (uint32_t *)(void *)*magicp;
if (*ptr != MAGICNO) {
if (swap4(*ptr) != MAGICNO) {
@@ -2259,35 +2257,55 @@
@@ -2259,35 +2267,55 @@
else
version = ptr[1];
if (version != VERSIONNO) {
@ -677,7 +696,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
return -1;
}
@@ -2301,42 +2319,49 @@
@@ -2301,42 +2329,49 @@
apprentice_compile(struct magic_set *ms, struct magic **magicp,
uint32_t *nmagicp, const char *fn)
{
@ -738,7 +757,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
return rv;
}
@@ -2349,6 +2374,7 @@
@@ -2349,6 +2384,7 @@
{
const char *p, *q;
char *buf;
@ -746,7 +765,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
if (strip) {
if ((p = strrchr(fn, '/')) != NULL)
@@ -2370,14 +2396,14 @@
@@ -2370,14 +2406,14 @@
q++;
/* Compatibility with old code that looked in .mime */
if (ms->flags & MAGIC_MIME) {
@ -765,7 +784,7 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
/* Compatibility with old code that looked in .mime */
if (strstr(p, ".mime") != NULL)
@@ -2467,7 +2493,7 @@
@@ -2467,7 +2503,7 @@
m->offset = swap4((uint32_t)m->offset);
m->in_offset = swap4((uint32_t)m->in_offset);
m->lineno = swap4((uint32_t)m->lineno);
@ -775,8 +794,8 @@ diff -u libmagic.origin/apprentice.c libmagic/apprentice.c
m->str_flags = swap4(m->str_flags);
}
diff -u libmagic.origin/ascmagic.c libmagic/ascmagic.c
--- libmagic.origin/ascmagic.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/ascmagic.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/ascmagic.c Sat Dec 17 18:17:18 2011
+++ libmagic/ascmagic.c Tue Apr 10 09:46:33 2012
@@ -139,10 +139,8 @@
/* malloc size is a conservative overestimate; could be
improved, or at least realloced after conversion. */
@ -801,8 +820,8 @@ diff -u libmagic.origin/ascmagic.c libmagic/ascmagic.c
return rv;
}
diff -u libmagic.origin/cdf.c libmagic/cdf.c
--- libmagic.origin/cdf.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/cdf.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/cdf.c Mon Feb 20 23:35:29 2012
+++ libmagic/cdf.c Tue Apr 10 09:46:33 2012
@@ -43,7 +43,17 @@
#include <err.h>
#endif
@ -865,8 +884,8 @@ diff -u libmagic.origin/cdf.c libmagic/cdf.c
(void)fprintf(stderr, "timestamp %s\n", buf);
} else {
diff -u libmagic.origin/cdf.h libmagic/cdf.h
--- libmagic.origin/cdf.h 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/cdf.h 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/cdf.h Fri Feb 17 06:28:31 2012
+++ libmagic/cdf.h Tue Apr 10 09:46:34 2012
@@ -35,7 +35,7 @@
#ifndef _H_CDF_
#define _H_CDF_
@ -903,8 +922,8 @@ diff -u libmagic.origin/cdf.h libmagic/cdf.h
void cdf_swap_header(cdf_header_t *);
void cdf_unpack_header(cdf_header_t *, char *);
diff -u libmagic.origin/cdf_time.c libmagic/cdf_time.c
--- libmagic.origin/cdf_time.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/cdf_time.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/cdf_time.c Tue Dec 13 14:48:41 2011
+++ libmagic/cdf_time.c Tue Apr 10 09:46:34 2012
@@ -96,7 +96,7 @@
}
@ -962,8 +981,8 @@ diff -u libmagic.origin/cdf_time.c libmagic/cdf_time.c
static const char *ref = "Sat Apr 23 01:30:00 1977";
char *p, *q;
diff -u libmagic.origin/compress.c libmagic/compress.c
--- libmagic.origin/compress.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/compress.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/compress.c Sat Dec 17 18:17:18 2011
+++ libmagic/compress.c Tue Apr 10 09:46:34 2012
@@ -32,6 +32,7 @@
* uncompress(method, old, n, newch) - uncompress old into new,
* using method, return sizeof new
@ -1124,10 +1143,9 @@ diff -u libmagic.origin/compress.c libmagic/compress.c
}
-#endif
+#endif /* if PHP_FILEINFO_UNCOMPRESS */
Only in libmagic: diff
diff -u libmagic.origin/file.h libmagic/file.h
--- libmagic.origin/file.h 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/file.h 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/file.h Tue Sep 20 17:30:14 2011
+++ libmagic/file.h Mon Apr 23 17:58:54 2012
@@ -33,11 +33,9 @@
#ifndef __file_h__
#define __file_h__
@ -1285,22 +1303,24 @@ diff -u libmagic.origin/file.h libmagic/file.h
size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_GETLINE
@@ -500,4 +487,12 @@
#define FILE_RCSID(id)
@@ -498,6 +485,14 @@
#endif
#else
#define FILE_RCSID(id)
+#endif
+
+#ifdef PHP_WIN32
+#define FINFO_LSEEK_FUNC _lseek
+#define FINFO_READ_FUNC _read
+#else
+#define FINFO_LSEEK_FUNC lseek
+#define FINFO_READ_FUNC read
+#endif
+
#endif
#endif /* __file_h__ */
diff -u libmagic.origin/fsmagic.c libmagic/fsmagic.c
--- libmagic.origin/fsmagic.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/fsmagic.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/fsmagic.c Tue Aug 23 10:57:10 2011
+++ libmagic/fsmagic.c Tue Apr 10 09:46:34 2012
@@ -59,27 +59,21 @@
# define minor(dev) ((dev) & 0xff)
#endif
@ -1511,10 +1531,10 @@ diff -u libmagic.origin/fsmagic.c libmagic/fsmagic.c
-#else
- if (file_printf(ms, "block special") == -1)
- return -1;
-#endif
#endif
- }
- return 1;
#endif
-#endif
- /* TODO add code to handle V7 MUX and Blit MUX files */
+
#ifdef S_IFIFO
@ -1624,8 +1644,8 @@ diff -u libmagic.origin/fsmagic.c libmagic/fsmagic.c
/*
diff -u libmagic.origin/funcs.c libmagic/funcs.c
--- libmagic.origin/funcs.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/funcs.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/funcs.c Sat Dec 17 18:17:18 2011
+++ libmagic/funcs.c Mon Apr 23 17:58:54 2012
@@ -41,52 +41,42 @@
#if defined(HAVE_WCTYPE_H)
#include <wctype.h>
@ -1920,8 +1940,8 @@ diff -u libmagic.origin/funcs.c libmagic/funcs.c
}
+
diff -u libmagic.origin/magic.c libmagic/magic.c
--- libmagic.origin/magic.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/magic.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/magic.c Thu May 26 03:27:59 2011
+++ libmagic/magic.c Tue Apr 10 09:46:34 2012
@@ -25,11 +25,6 @@
* SUCH DAMAGE.
*/
@ -2298,8 +2318,8 @@ diff -u libmagic.origin/magic.c libmagic/magic.c
public const char *
magic_error(struct magic_set *ms)
diff -u libmagic.origin/magic.h libmagic/magic.h
--- libmagic.origin/magic.h 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/magic.h 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/magic.h Sun Dec 18 15:54:43 2011
+++ libmagic/magic.h Tue Apr 10 09:46:34 2012
@@ -85,6 +85,7 @@
const char *magic_getpath(const char *, int);
@ -2317,9 +2337,9 @@ diff -u libmagic.origin/magic.h libmagic/magic.h
int magic_errno(magic_t);
diff -u libmagic.origin/print.c libmagic/print.c
--- libmagic.origin/print.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/print.c 2012-09-11 11:33:55.000000000 +0800
@@ -29,6 +29,9 @@
--- libmagic.origin/print.c Tue Sep 20 17:28:09 2011
+++ libmagic/print.c Tue Oct 16 10:13:39 2012
@@ -29,12 +29,16 @@
* print.c - debugging printout routines
*/
@ -2329,7 +2349,14 @@ diff -u libmagic.origin/print.c libmagic/print.c
#include "file.h"
#ifndef lint
@@ -46,174 +49,21 @@
FILE_RCSID("@(#)$File: print.c,v 1.71 2011/09/20 15:28:09 christos Exp $")
#endif /* lint */
+#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
@@ -45,174 +49,21 @@
#define SZOF(a) (sizeof(a) / sizeof(a[0]))
@ -2512,8 +2539,8 @@ diff -u libmagic.origin/print.c libmagic/print.c
protected const char *
diff -u libmagic.origin/readcdf.c libmagic/readcdf.c
--- libmagic.origin/readcdf.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/readcdf.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/readcdf.c Mon Feb 20 21:04:58 2012
+++ libmagic/readcdf.c Tue Apr 10 09:46:34 2012
@@ -30,7 +30,11 @@
#endif
@ -2560,8 +2587,8 @@ diff -u libmagic.origin/readcdf.c libmagic/readcdf.c
if ((ec = strchr(c, '\n')) != NULL)
*ec = '\0';
diff -u libmagic.origin/readelf.c libmagic/readelf.c
--- libmagic.origin/readelf.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/readelf.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/readelf.c Tue Aug 23 10:57:10 2011
+++ libmagic/readelf.c Tue Apr 10 09:46:34 2012
@@ -49,7 +49,7 @@
off_t, int *, int);
private int doshn(struct magic_set *, int, int, int, off_t, int, size_t,
@ -2717,8 +2744,8 @@ diff -u libmagic.origin/readelf.c libmagic/readelf.c
if (fstat(fd, &st) == -1) {
diff -u libmagic.origin/softmagic.c libmagic/softmagic.c
--- libmagic.origin/softmagic.c 2012-09-11 11:09:26.000000000 +0800
+++ libmagic/softmagic.c 2012-09-11 11:33:55.000000000 +0800
--- libmagic.origin/softmagic.c Sat Dec 17 18:17:18 2011
+++ libmagic/softmagic.c Fri May 25 09:59:25 2012
@@ -41,6 +41,11 @@
#include <stdlib.h>
#include <time.h>

38
ext/fileinfo/libmagic/apprentice.c
View File

@ -63,9 +63,6 @@ FILE_RCSID("@(#)$File: apprentice.c,v 1.173 2011/12/08 12:38:24 rrt Exp $")
#include <assert.h>
#include <ctype.h>
#include <fcntl.h>
#ifndef PHP_WIN32
#include <dirent.h>
#endif
#define EATAB {while (isascii((unsigned char) *l) && \
isspace((unsigned char) *l)) ++l;}
@ -759,8 +756,10 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
size_t files = 0, maxfiles = 0;
char **filearr = NULL;
struct stat st;
DIR *dir;
struct dirent *d;
php_stream *dir;
php_stream_dirent d;
TSRMLS_FETCH();
ms->flags |= MAGIC_CHECK; /* Enable checks for parsed files */
@ -776,19 +775,20 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
/* FIXME: Read file names and sort them to prevent
non-determinism. See Debian bug #488562. */
if (php_sys_stat(fn, &st) == 0 && S_ISDIR(st.st_mode)) {
int mflen;
char mfn[MAXPATHLEN];
dir = opendir(fn);
int mflen;
char mfn[MAXPATHLEN];
dir = php_stream_opendir(fn, REPORT_ERRORS, NULL);
if (!dir) {
errs++;
goto out;
}
while ((d = readdir(dir)) != NULL) {
if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d->d_name)) < 0) {
while (php_stream_readdir(dir, &d)) {
if ((mflen = snprintf(mfn, sizeof(mfn), "%s/%s", fn, d.d_name)) < 0) {
file_oomem(ms,
strlen(fn) + strlen(d->d_name) + 2);
strlen(fn) + strlen(d.d_name) + 2);
errs++;
closedir(dir);
php_stream_closedir(dir);
goto out;
}
if (stat(mfn, &st) == -1 || !S_ISREG(st.st_mode)) {
@ -801,14 +801,14 @@ apprentice_load(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
if ((filearr = CAST(char **,
realloc(filearr, mlen))) == NULL) {
file_oomem(ms, mlen);
closedir(dir);
php_stream_closedir(dir);
errs++;
goto out;
}
}
filearr[files++] = estrndup(mfn, (mflen > sizeof(mfn) - 1)? sizeof(mfn) - 1: mflen);
}
closedir(dir);
php_stream_closedir(dir);
qsort(filearr, files, sizeof(*filearr), cmpstrp);
for (i = 0; i < files; i++) {
load_1(ms, action, filearr[i], &errs, &marray,
@ -2206,6 +2206,16 @@ apprentice_map(struct magic_set *ms, struct magic **magicp, uint32_t *nmagicp,
goto internal_loaded;
}
#ifdef PHP_WIN32
/* Don't bother on windows with php_stream_open_wrapper,
return to give apprentice_load() a chance. */
if (php_stream_stat_path_ex(fn, 0, &st, NULL) == SUCCESS) {
if (st.sb.st_mode & S_IFDIR) {
goto error2;
}
}
#endif
dbname = mkdbname(ms, fn, 0);
if (dbname == NULL)
goto error2;

4
ext/mysqli/tests/bug51647.phpt
View File

@ -24,12 +24,12 @@ if ($res = $link->query('SHOW VARIABLES LIKE "have_ssl"')) {
die(sprintf("skip Failed to test for MySQL SSL support, [%d] %s", $link->errno, $link->error));
}
}
if (empty($row))
die(sprintf("skip Failed to test for MySQL SSL support, [%d] %s", $link->errno, $link->error));
if ($row[1] == 'NO')
if (($row[1] == 'NO') || ($row[1] == 'DISABLED'))
die(sprintf("skip MySQL has no SSL support, [%d] %s", $link->errno, $link->error));
$link->close();

4
ext/mysqli/tests/bug55283.phpt
View File

@ -29,7 +29,7 @@ if ($res = $link->query('SHOW VARIABLES LIKE "have_ssl"')) {
if (empty($row))
die(sprintf("skip Failed to test for MySQL SSL support, [%d] %s", $link->errno, $link->error));
if ($row[1] == 'NO')
if (($row[1] == 'NO') || ($row[1] == 'DISABLED'))
die(sprintf("skip MySQL has no SSL support, [%d] %s", $link->errno, $link->error));
$link->close();
@ -41,7 +41,7 @@ $link->close();
$flags = MYSQLI_CLIENT_SSL;
$link = mysqli_init();
mysqli_ssl_set($link, null, null, null, null, "RC4-MD5");
if (my_mysqli_real_connect($link, 'p:' . $host, $user, $passwd, $db, $port, null, $flags)) {

2
ext/mysqli/tests/mysqli_pam_sha256_public_key_option_invalid.phpt
View File

@ -182,5 +182,7 @@ Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
[300 + 002] [1045] %s
Warning: mysqli::real_connect(%sest_sha256_wrong_%d): failed to open stream: No such file or directory in %s on line %d
Warning: mysqli::real_connect(): (HY000/1045): %s in %s on line %d
[400 + 002] [1045] %s
done!

24
ext/standard/basic_functions.c
View File

@ -1854,6 +1854,25 @@ ZEND_END_ARG_INFO()
ZEND_BEGIN_ARG_INFO(arginfo_getlastmod, 0)
ZEND_END_ARG_INFO()
/* }}} */
/* {{{ password.c */
ZEND_BEGIN_ARG_INFO_EX(arginfo_password_hash, 0, 0, 2)
ZEND_ARG_INFO(0, password)
ZEND_ARG_INFO(0, algo)
ZEND_ARG_INFO(0, options)
ZEND_END_ARG_INFO()
ZEND_BEGIN_ARG_INFO_EX(arginfo_password_get_info, 0, 0, 1)
ZEND_ARG_INFO(0, hash)
ZEND_END_ARG_INFO()
ZEND_BEGIN_ARG_INFO_EX(arginfo_password_needs_rehash, 0, 0, 2)
ZEND_ARG_INFO(0, hash)
ZEND_ARG_INFO(0, algo)
ZEND_ARG_INFO(0, options)
ZEND_END_ARG_INFO()
ZEND_BEGIN_ARG_INFO_EX(arginfo_password_verify, 0, 0, 2)
ZEND_ARG_INFO(0, password)
ZEND_ARG_INFO(0, hash)
ZEND_END_ARG_INFO()
/* }}} */
/* {{{ proc_open.c */
#ifdef PHP_CAN_SUPPORT_PROC_OPEN
ZEND_BEGIN_ARG_INFO_EX(arginfo_proc_terminate, 0, 0, 1)
@ -2864,6 +2883,10 @@ const zend_function_entry basic_functions[] = { /* {{{ */
PHP_FE(base64_decode, arginfo_base64_decode)
PHP_FE(base64_encode, arginfo_base64_encode)
PHP_FE(password_hash, arginfo_password_hash)
PHP_FE(password_get_info, arginfo_password_get_info)
PHP_FE(password_needs_rehash, arginfo_password_needs_rehash)
PHP_FE(password_verify, arginfo_password_verify)
PHP_FE(convert_uuencode, arginfo_convert_uuencode)
PHP_FE(convert_uudecode, arginfo_convert_uudecode)
@ -3614,6 +3637,7 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
BASIC_MINIT_SUBMODULE(browscap)
BASIC_MINIT_SUBMODULE(standard_filters)
BASIC_MINIT_SUBMODULE(user_filters)
BASIC_MINIT_SUBMODULE(password)
#if defined(HAVE_LOCALECONV) && defined(ZTS)
BASIC_MINIT_SUBMODULE(localeconv)

2
ext/standard/config.m4
View File

@ -580,7 +580,7 @@ PHP_NEW_EXTENSION(standard, array.c base64.c basic_functions.c browscap.c crc32.
incomplete_class.c url_scanner_ex.c ftp_fopen_wrapper.c \
http_fopen_wrapper.c php_fopen_wrapper.c credits.c css.c \
var_unserializer.c ftok.c sha1.c user_filters.c uuencode.c \
filters.c proc_open.c streamsfuncs.c http.c)
filters.c proc_open.c streamsfuncs.c http.c password.c)
PHP_ADD_MAKEFILE_FRAGMENT
PHP_INSTALL_HEADERS([ext/standard/])

2
ext/standard/config.w32
View File

@ -19,7 +19,7 @@ EXTENSION("standard", "array.c base64.c basic_functions.c browscap.c \
versioning.c assert.c strnatcmp.c levenshtein.c incomplete_class.c \
url_scanner_ex.c ftp_fopen_wrapper.c http_fopen_wrapper.c \
php_fopen_wrapper.c credits.c css.c var_unserializer.c ftok.c sha1.c \
user_filters.c uuencode.c filters.c proc_open.c \
user_filters.c uuencode.c filters.c proc_open.c password.c \
streamsfuncs.c http.c flock_compat.c", false /* never shared */);
PHP_INSTALL_HEADERS("", "ext/standard");
if (PHP_MBREGEX != "no") {

235
ext/standard/crypt.c
View File

@ -145,14 +145,121 @@ static void php_to64(char *s, long v, int n) /* {{{ */
}
/* }}} */
PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt, int salt_len, char **result)
{
char *crypt_res;
/* Windows (win32/crypt) has a stripped down version of libxcrypt and
a CryptoApi md5_crypt implementation */
#if PHP_USE_PHP_CRYPT_R
{
struct php_crypt_extended_data buffer;
if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') {
char output[MD5_HASH_MAX_LEN], *out;
out = php_md5_crypt_r(password, salt, output);
if (out) {
*result = estrdup(out);
return SUCCESS;
}
return FAILURE;
} else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') {
char *output;
output = emalloc(PHP_MAX_SALT_LEN);
crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN);
if (!crypt_res) {
memset(output, 0, PHP_MAX_SALT_LEN);
efree(output);
return FAILURE;
} else {
*result = estrdup(output);
memset(output, 0, PHP_MAX_SALT_LEN);
efree(output);
return SUCCESS;
}
} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
char *output;
output = emalloc(PHP_MAX_SALT_LEN);
crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN);
if (!crypt_res) {
memset(output, 0, PHP_MAX_SALT_LEN);
efree(output);
return FAILURE;
} else {
*result = estrdup(output);
memset(output, 0, PHP_MAX_SALT_LEN);
efree(output);
return SUCCESS;
}
} else if (
salt[0] == '$' &&
salt[1] == '2' &&
salt[2] >= 'a' && salt[2] <= 'z' &&
salt[3] == '$' &&
salt[4] >= '0' && salt[4] <= '3' &&
salt[5] >= '0' && salt[5] <= '9' &&
salt[6] == '$') {
char output[PHP_MAX_SALT_LEN + 1];
memset(output, 0, PHP_MAX_SALT_LEN + 1);
crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output));
if (!crypt_res) {
memset(output, 0, PHP_MAX_SALT_LEN + 1);
return FAILURE;
} else {
*result = estrdup(output);
memset(output, 0, PHP_MAX_SALT_LEN + 1);
return SUCCESS;
}
} else {
memset(&buffer, 0, sizeof(buffer));
_crypt_extended_init_r();
crypt_res = _crypt_extended_r(password, salt, &buffer);
if (!crypt_res) {
return FAILURE;
} else {
*result = estrdup(crypt_res);
return SUCCESS;
}
}
}
#else
# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE))
{
# if defined(CRYPT_R_STRUCT_CRYPT_DATA)
struct crypt_data buffer;
memset(&buffer, 0, sizeof(buffer));
# elif defined(CRYPT_R_CRYPTD)
CRYPTD buffer;
# else
# error Data struct used by crypt_r() is unknown. Please report.
# endif
crypt_res = crypt_r(password, salt, &buffer);
if (!crypt_res) {
return FAILURE;
} else {
*result = estrdup(crypt_res);
return SUCCESS;
}
}
# endif
#endif
}
/* }}} */
/* {{{ proto string crypt(string str [, string salt])
Hash a string */
PHP_FUNCTION(crypt)
{
char salt[PHP_MAX_SALT_LEN + 1];
char *str, *salt_in = NULL;
char *str, *salt_in = NULL, *result = NULL;
int str_len, salt_in_len = 0;
char *crypt_res;
salt[0] = salt[PHP_MAX_SALT_LEN] = '\0';
/* This will produce suitable results if people depend on DES-encryption
@ -182,128 +289,16 @@ PHP_FUNCTION(crypt)
} else {
salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len);
}
salt[salt_in_len] = '\0';
/* Windows (win32/crypt) has a stripped down version of libxcrypt and
a CryptoApi md5_crypt implementation */
#if PHP_USE_PHP_CRYPT_R
{
struct php_crypt_extended_data buffer;
if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') {
char output[MD5_HASH_MAX_LEN];
RETURN_STRING(php_md5_crypt_r(str, salt, output), 1);
} else if (salt[0]=='$' && salt[1]=='6' && salt[2]=='$') {
const char sha512_salt_prefix[] = "$6$";
const char sha512_rounds_prefix[] = "rounds=";
char *output;
int needed = (sizeof(sha512_salt_prefix) - 1
+ sizeof(sha512_rounds_prefix) + 9 + 1
+ salt_in_len + 1 + 86 + 1);
output = emalloc(needed);
salt[salt_in_len] = '\0';
crypt_res = php_sha512_crypt_r(str, salt, output, needed);
if (!crypt_res) {
if (salt[0]=='*' && salt[1]=='0') {
RETVAL_STRING("*1", 1);
} else {
RETVAL_STRING("*0", 1);
}
} else {
RETVAL_STRING(output, 1);
}
memset(output, 0, needed);
efree(output);
} else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') {
const char sha256_salt_prefix[] = "$5$";
const char sha256_rounds_prefix[] = "rounds=";
char *output;
int needed = (sizeof(sha256_salt_prefix) - 1
+ sizeof(sha256_rounds_prefix) + 9 + 1
+ salt_in_len + 1 + 43 + 1);
output = emalloc(needed);
salt[salt_in_len] = '\0';
crypt_res = php_sha256_crypt_r(str, salt, output, needed);
if (!crypt_res) {
if (salt[0]=='*' && salt[1]=='0') {
RETVAL_STRING("*1", 1);
} else {
RETVAL_STRING("*0", 1);
}
} else {
RETVAL_STRING(output, 1);
}
memset(output, 0, needed);
efree(output);
} else if (
salt[0] == '$' &&
salt[1] == '2' &&
salt[2] >= 'a' && salt[2] <= 'z' &&
salt[3] == '$' &&
salt[4] >= '0' && salt[4] <= '3' &&
salt[5] >= '0' && salt[5] <= '9' &&
salt[6] == '$') {
char output[PHP_MAX_SALT_LEN + 1];
memset(output, 0, PHP_MAX_SALT_LEN + 1);
crypt_res = php_crypt_blowfish_rn(str, salt, output, sizeof(output));
if (!crypt_res) {
if (salt[0]=='*' && salt[1]=='0') {
RETVAL_STRING("*1", 1);
} else {
RETVAL_STRING("*0", 1);
}
} else {
RETVAL_STRING(output, 1);
}
memset(output, 0, PHP_MAX_SALT_LEN + 1);
if (php_crypt(str, str_len, salt, salt_in_len, &result) == FAILURE) {
if (salt[0] == '*' && salt[1] == '0') {
RETURN_STRING("*1", 1);
} else {
memset(&buffer, 0, sizeof(buffer));
_crypt_extended_init_r();
crypt_res = _crypt_extended_r(str, salt, &buffer);
if (!crypt_res) {
if (salt[0]=='*' && salt[1]=='0') {
RETURN_STRING("*1", 1);
} else {
RETURN_STRING("*0", 1);
}
} else {
RETURN_STRING(crypt_res, 1);
}
RETURN_STRING("*0", 1);
}
}
#else
# if defined(HAVE_CRYPT_R) && (defined(_REENTRANT) || defined(_THREAD_SAFE))
{
# if defined(CRYPT_R_STRUCT_CRYPT_DATA)
struct crypt_data buffer;
memset(&buffer, 0, sizeof(buffer));
# elif defined(CRYPT_R_CRYPTD)
CRYPTD buffer;
# else
# error Data struct used by crypt_r() is unknown. Please report.
# endif
crypt_res = crypt_r(str, salt, &buffer);
if (!crypt_res) {
if (salt[0]=='*' && salt[1]=='0') {
RETURN_STRING("*1", 1);
} else {
RETURN_STRING("*0", 1);
}
} else {
RETURN_STRING(crypt_res, 1);
}
}
# endif
#endif
RETURN_STRING(result, 0);
}
/* }}} */
#endif

460
ext/standard/password.c Normal file
View File

@ -0,0 +1,460 @@
/*
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
| Copyright (c) 1997-2012 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Anthony Ferrara <ircmaxell@php.net> |
+----------------------------------------------------------------------+
*/
/* $Id$ */
#include <stdlib.h>
#include "php.h"
#if HAVE_CRYPT
#include "fcntl.h"
#include "php_password.h"
#include "php_rand.h"
#include "php_crypt.h"
#include "base64.h"
#include "zend_interfaces.h"
#include "info.h"
#if PHP_WIN32
#include "win32/winutil.h"
#endif
PHP_MINIT_FUNCTION(password) /* {{{ */
{
REGISTER_LONG_CONSTANT("PASSWORD_DEFAULT", PHP_PASSWORD_DEFAULT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT", PHP_PASSWORD_BCRYPT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("PASSWORD_BCRYPT_DEFAULT_COST", PHP_PASSWORD_BCRYPT_COST, CONST_CS | CONST_PERSISTENT);
return SUCCESS;
}
/* }}} */
static char* php_password_get_algo_name(const php_password_algo algo)
{
switch (algo) {
case PHP_PASSWORD_BCRYPT:
return "bcrypt";
case PHP_PASSWORD_UNKNOWN:
default:
return "unknown";
}
}
static php_password_algo php_password_determine_algo(const char *hash, const size_t len)
{
if (len > 3 && hash[0] == '$' && hash[1] == '2' && hash[2] == 'y' && len == 60) {
return PHP_PASSWORD_BCRYPT;
}
return PHP_PASSWORD_UNKNOWN;
}
static zend_bool php_password_salt_is_alphabet(const char *str, const size_t len) /* {{{ */
{
size_t i = 0;
for (i = 0; i < len; i++) {
if (!((str[i] >= 'A' && str[i] <= 'Z') || (str[i] >= 'a' && str[i] <= 'z') || (str[i] >= '0' && str[i] <= '9') || str[i] == '.' || str[i] == '/')) {
return 0;
}
}
return 1;
}
/* }}} */
static zend_bool php_password_salt_to64(const char *str, const size_t str_len, const size_t out_len, char *ret) /* {{{ */
{
size_t pos = 0;
size_t ret_len = 0;
unsigned char *buffer;
if ((int) str_len < 0) {
return FAILURE;
}
buffer = php_base64_encode((unsigned char*) str, (int) str_len, (int*) &ret_len);
if (ret_len < out_len) {
/* Too short of an encoded string generated */
efree(buffer);
return FAILURE;
}
for (pos = 0; pos < out_len; pos++) {
if (buffer[pos] == '+') {
ret[pos] = '.';
} else if (buffer[pos] == '=') {
efree(buffer);
return FAILURE;
} else {
ret[pos] = buffer[pos];
}
}
efree(buffer);
return SUCCESS;
}
/* }}} */
static zend_bool php_password_make_salt(size_t length, char *ret TSRMLS_DC) /* {{{ */
{
int buffer_valid = 0;
size_t i, raw_length;
char *buffer;
char *result;
if (length > (INT_MAX / 3)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length is too large to safely generate");
return FAILURE;
}
raw_length = length * 3 / 4 + 1;
buffer = (char *) safe_emalloc(raw_length, 1, 1);
#if PHP_WIN32
{
BYTE *iv_b = (BYTE *) buffer;
if (php_win32_get_random_bytes(iv_b, raw_length) == SUCCESS) {
buffer_valid = 1;
}
}
#else
{
int fd, n;
size_t read_bytes = 0;
fd = open("/dev/urandom", O_RDONLY);
if (fd >= 0) {
while (read_bytes < raw_length) {
n = read(fd, buffer + read_bytes, raw_length - read_bytes);
if (n < 0) {
break;
}
read_bytes += (size_t) n;
}
close(fd);
}
if (read_bytes >= raw_length) {
buffer_valid = 1;
}
}
#endif
if (!buffer_valid) {
for (i = 0; i < raw_length; i++) {
buffer[i] ^= (char) (255.0 * php_rand(TSRMLS_C) / RAND_MAX);
}
}
result = safe_emalloc(length, 1, 1);
if (php_password_salt_to64(buffer, raw_length, length, result) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Generated salt too short");
efree(buffer);
efree(result);
return FAILURE;
}
memcpy(ret, result, (int) length);
efree(result);
efree(buffer);
ret[length] = 0;
return SUCCESS;
}
/* }}} */
PHP_FUNCTION(password_get_info)
{
php_password_algo algo;
int hash_len;
char *hash, *algo_name;
zval *options;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &hash, &hash_len) == FAILURE) {
return;
}
if (hash_len < 0 || (size_t) hash_len < 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied password hash too long to safely identify");
RETURN_FALSE;
}
ALLOC_INIT_ZVAL(options);
array_init(options);
algo = php_password_determine_algo(hash, (size_t) hash_len);
algo_name = php_password_get_algo_name(algo);
switch (algo) {
case PHP_PASSWORD_BCRYPT:
{
long cost = PHP_PASSWORD_BCRYPT_COST;
sscanf(hash, "$2y$%ld$", &cost);
add_assoc_long(options, "cost", cost);
}
break;
case PHP_PASSWORD_UNKNOWN:
default:
break;
}
array_init(return_value);
add_assoc_long(return_value, "algo", algo);
add_assoc_string(return_value, "algoName", algo_name, 1);
add_assoc_zval(return_value, "options", options);
}
PHP_FUNCTION(password_needs_rehash)
{
long new_algo = 0;
php_password_algo algo;
int hash_len;
char *hash;
HashTable *options = 0;
zval **option_buffer;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &hash, &hash_len, &new_algo, &options) == FAILURE) {
return;
}
if (hash_len < 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied password hash too long to safely identify");
RETURN_FALSE;
}
algo = php_password_determine_algo(hash, (size_t) hash_len);
if (algo != new_algo) {
RETURN_TRUE;
}
switch (algo) {
case PHP_PASSWORD_BCRYPT:
{
long new_cost = PHP_PASSWORD_BCRYPT_COST, cost = 0;
if (options && zend_symtable_find(options, "cost", sizeof("cost"), (void **) &option_buffer) == SUCCESS) {
if (Z_TYPE_PP(option_buffer) != IS_LONG) {
zval cast_option_buffer;
MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer);
convert_to_long(&cast_option_buffer);
new_cost = Z_LVAL(cast_option_buffer);
zval_dtor(&cast_option_buffer);
} else {
new_cost = Z_LVAL_PP(option_buffer);
}
}
sscanf(hash, "$2y$%ld$", &cost);
if (cost != new_cost) {
RETURN_TRUE;
}
}
break;
case PHP_PASSWORD_UNKNOWN:
default:
break;
}
RETURN_FALSE;
}
/* {{{ proto boolean password_make_salt(string password, string hash)
Verify a hash created using crypt() or password_hash() */
PHP_FUNCTION(password_verify)
{
int status = 0, i;
int password_len, hash_len;
char *ret, *password, *hash;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &password, &password_len, &hash, &hash_len) == FAILURE) {
RETURN_FALSE;
}
if (php_crypt(password, password_len, hash, hash_len, &ret) == FAILURE) {
RETURN_FALSE;
}
if (strlen(ret) != hash_len || hash_len < 13) {
efree(ret);
RETURN_FALSE;
}
/* We're using this method instead of == in order to provide
* resistence towards timing attacks. This is a constant time
* equality check that will always check every byte of both
* values. */
for (i = 0; i < hash_len; i++) {
status |= (ret[i] ^ hash[i]);
}
efree(ret);
RETURN_BOOL(status == 0);
}
/* }}} */
/* {{{ proto string password_hash(string password, int algo, array options = array())
Hash a password */
PHP_FUNCTION(password_hash)
{
char *hash_format, *hash, *salt, *password, *result;
long algo = 0;
int password_len = 0, hash_len;
size_t salt_len = 0, required_salt_len = 0, hash_format_len;
HashTable *options = 0;
zval **option_buffer;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sl|H", &password, &password_len, &algo, &options) == FAILURE) {
return;
}
switch (algo) {
case PHP_PASSWORD_BCRYPT:
{
long cost = PHP_PASSWORD_BCRYPT_COST;
if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) {
if (Z_TYPE_PP(option_buffer) != IS_LONG) {
zval cast_option_buffer;
MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer);
convert_to_long(&cast_option_buffer);
cost = Z_LVAL(cast_option_buffer);
zval_dtor(&cast_option_buffer);
} else {
cost = Z_LVAL_PP(option_buffer);
}
}
if (cost < 4 || cost > 31) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %ld", cost);
RETURN_NULL();
}
required_salt_len = 22;
hash_format = emalloc(8);
sprintf(hash_format, "$2y$%02ld$", cost);
hash_format_len = 7;
}
break;
case PHP_PASSWORD_UNKNOWN:
default:
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown password hashing algorithm: %ld", algo);
RETURN_NULL();
}
if (options && zend_symtable_find(options, "salt", 5, (void**) &option_buffer) == SUCCESS) {
char *buffer;
int buffer_len_int = 0;
size_t buffer_len;
switch (Z_TYPE_PP(option_buffer)) {
case IS_STRING:
buffer = estrndup(Z_STRVAL_PP(option_buffer), Z_STRLEN_PP(option_buffer));
buffer_len_int = Z_STRLEN_PP(option_buffer);
break;
case IS_LONG:
case IS_DOUBLE:
case IS_OBJECT: {
zval cast_option_buffer;
MAKE_COPY_ZVAL(option_buffer, &cast_option_buffer);
convert_to_string(&cast_option_buffer);
if (Z_TYPE(cast_option_buffer) == IS_STRING) {
buffer = estrndup(Z_STRVAL(cast_option_buffer), Z_STRLEN(cast_option_buffer));
buffer_len_int = Z_STRLEN(cast_option_buffer);
zval_dtor(&cast_option_buffer);
break;
}
zval_dtor(&cast_option_buffer);
}
case IS_BOOL:
case IS_NULL:
case IS_RESOURCE:
case IS_ARRAY:
default:
efree(hash_format);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-string salt parameter supplied");
RETURN_NULL();
}
if (buffer_len_int < 0) {
efree(hash_format);
efree(buffer);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Supplied salt is too long");
}
buffer_len = (size_t) buffer_len_int;
if (buffer_len < required_salt_len) {
efree(hash_format);
efree(buffer);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu expecting %lu", (unsigned long) buffer_len, (unsigned long) required_salt_len);
RETURN_NULL();
} else if (0 == php_password_salt_is_alphabet(buffer, buffer_len)) {
salt = safe_emalloc(required_salt_len, 1, 1);
if (php_password_salt_to64(buffer, buffer_len, required_salt_len, salt) == FAILURE) {
efree(hash_format);
efree(buffer);
efree(salt);
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided salt is too short: %lu", (unsigned long) buffer_len);
RETURN_NULL();
}
salt_len = required_salt_len;
} else {
salt = safe_emalloc(required_salt_len, 1, 1);
memcpy(salt, buffer, (int) required_salt_len);
salt_len = required_salt_len;
}
efree(buffer);
} else {
salt = safe_emalloc(required_salt_len, 1, 1);
if (php_password_make_salt(required_salt_len, salt TSRMLS_CC) == FAILURE) {
efree(hash_format);
efree(salt);
RETURN_FALSE;
}
salt_len = required_salt_len;
}
salt[salt_len] = 0;
hash = safe_emalloc(salt_len + hash_format_len, 1, 1);
sprintf(hash, "%s%s", hash_format, salt);
hash[hash_format_len + salt_len] = 0;
efree(hash_format);
efree(salt);
/* This cast is safe, since both values are defined here in code and cannot overflow */
hash_len = (int) (hash_format_len + salt_len);
if (php_crypt(password, password_len, hash, hash_len, &result) == FAILURE) {
efree(hash);
RETURN_FALSE;
}
efree(hash);
if (strlen(result) < 13) {
efree(result);
RETURN_FALSE;
}
RETURN_STRING(result, 0);
}
/* }}} */
#endif /* HAVE_CRYPT */
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: sw=4 ts=4 fdm=marker
* vim<600: sw=4 ts=4
*/

1
ext/standard/php_crypt.h
View File

@ -23,6 +23,7 @@
#ifndef PHP_CRYPT_H
#define PHP_CRYPT_H
PHPAPI int php_crypt(const char *password, const int pass_len, const char *salt, int salt_len, char **result);
PHP_FUNCTION(crypt);
#if HAVE_CRYPT
PHP_MINIT_FUNCTION(crypt);

48
ext/standard/php_password.h Normal file
View File

@ -0,0 +1,48 @@
/*
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
| Copyright (c) 1997-2012 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Anthony Ferrara <ircmaxell@php.net> |
+----------------------------------------------------------------------+
*/
/* $Id$ */
#ifndef PHP_PASSWORD_H
#define PHP_PASSWORD_H
PHP_FUNCTION(password_hash);
PHP_FUNCTION(password_verify);
PHP_FUNCTION(password_needs_rehash);
PHP_FUNCTION(password_get_info);
PHP_MINIT_FUNCTION(password);
#define PHP_PASSWORD_DEFAULT PHP_PASSWORD_BCRYPT
#define PHP_PASSWORD_BCRYPT_COST 10
typedef enum {
PHP_PASSWORD_UNKNOWN,
PHP_PASSWORD_BCRYPT
} php_password_algo;
#endif
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
*/

1
ext/standard/php_standard.h
View File

@ -58,6 +58,7 @@
#include "php_versioning.h"
#include "php_ftok.h"
#include "php_type.h"
#include "php_password.h"
#define phpext_standard_ptr basic_functions_module_ptr
PHP_MINIT_FUNCTION(standard_filters);

39
ext/standard/tests/password/password_bcrypt_errors.phpt Normal file
View File

@ -0,0 +1,39 @@
--TEST--
Test error operation of password_hash() with bcrypt hashing
--FILE--
<?php
//-=-=-=-
var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => 3)));
var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => 32)));
var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => "foo")));
var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => "123456789012345678901")));
var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => 123)));
var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => "foo")));
?>
--EXPECTF--
Warning: password_hash(): Invalid bcrypt cost parameter specified: 3 in %s on line %d
NULL
Warning: password_hash(): Invalid bcrypt cost parameter specified: 32 in %s on line %d
NULL
Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d
NULL
Warning: password_hash(): Provided salt is too short: 21 expecting 22 in %s on line %d
NULL
Warning: password_hash(): Provided salt is too short: 3 expecting 22 in %s on line %d
NULL
Warning: password_hash(): Invalid bcrypt cost parameter specified: 0 in %s on line %d
NULL

58
ext/standard/tests/password/password_get_info.phpt Normal file
View File

@ -0,0 +1,58 @@
--TEST--
Test normal operation of password_get_info()
--FILE--
<?php
//-=-=-=-
// Test Bcrypt
var_dump(password_get_info('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y'));
// Test Bcrypt Cost
var_dump(password_get_info('$2y$11$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y'));
// Test Bcrypt Invalid Length
var_dump(password_get_info('$2y$11$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100'));
// Test Non-Bcrypt
var_dump(password_get_info('$1$rasmusle$rISCgZzpwk3UhDidwXvin0'));
echo "OK!";
?>
--EXPECT--
array(3) {
["algo"]=>
int(1)
["algoName"]=>
string(6) "bcrypt"
["options"]=>
array(1) {
["cost"]=>
int(10)
}
}
array(3) {
["algo"]=>
int(1)
["algoName"]=>
string(6) "bcrypt"
["options"]=>
array(1) {
["cost"]=>
int(11)
}
}
array(3) {
["algo"]=>
int(0)
["algoName"]=>
string(7) "unknown"
["options"]=>
array(0) {
}
}
array(3) {
["algo"]=>
int(0)
["algoName"]=>
string(7) "unknown"
["options"]=>
array(0) {
}
}
OK!

17
ext/standard/tests/password/password_get_info_error.phpt Normal file
View File

@ -0,0 +1,17 @@
--TEST--
Test error operation of password_get_info()
--FILE--
<?php
//-=-=-=-
var_dump(password_get_info());
var_dump(password_get_info(array()));
echo "OK!";
?>
--EXPECTF--
Warning: password_get_info() expects exactly 1 parameter, 0 given in %s on line %d
NULL
Warning: password_get_info() expects parameter 1 to be string, array given in %s on line %d
NULL
OK!

25
ext/standard/tests/password/password_hash.phpt Normal file
View File

@ -0,0 +1,25 @@
--TEST--
Test normal operation of password_hash()
--FILE--
<?php
//-=-=-=-
var_dump(strlen(password_hash("foo", PASSWORD_BCRYPT)));
$hash = password_hash("foo", PASSWORD_BCRYPT);
var_dump($hash === crypt("foo", $hash));
var_dump(password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt")));
var_dump(password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))));
echo "OK!";
?>
--EXPECT--
int(60)
bool(true)
string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi"
string(60) "$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y"
OK!

48
ext/standard/tests/password/password_hash_error.phpt Normal file
View File

@ -0,0 +1,48 @@
--TEST--
Test error operation of password_hash()
--FILE--
<?php
//-=-=-=-
var_dump(password_hash());
var_dump(password_hash("foo"));
var_dump(password_hash("foo", array()));
var_dump(password_hash("foo", 19, new StdClass));
var_dump(password_hash("foo", PASSWORD_BCRYPT, "baz"));
var_dump(password_hash(array(), PASSWORD_BCRYPT));
var_dump(password_hash("123", PASSWORD_BCRYPT, array("salt" => array())));
/* Non-string salt, checking for memory leaks */
var_dump(password_hash('123', PASSWORD_BCRYPT, array('salt' => 1234)));
?>
--EXPECTF--
Warning: password_hash() expects at least 2 parameters, 0 given in %s on line %d
NULL
Warning: password_hash() expects at least 2 parameters, 1 given in %s on line %d
NULL
Warning: password_hash() expects parameter 2 to be long, array given in %s on line %d
NULL
Warning: password_hash(): Unknown password hashing algorithm: 19 in %s on line %d
NULL
Warning: password_hash() expects parameter 3 to be array, string given in %s on line %d
NULL
Warning: password_hash() expects parameter 1 to be string, array given in %s on line %d
NULL
Warning: password_hash(): Non-string salt parameter supplied in %s on line %d
NULL
Warning: password_hash(): Provided salt is too short: 4 expecting 22 in %s on line %d
NULL

45
ext/standard/tests/password/password_needs_rehash.phpt Normal file
View File

@ -0,0 +1,45 @@
--TEST--
Test normal operation of password_needs_rehash()
--FILE--
<?php
//-=-=-=-
// Invalid Hash, always rehash
var_dump(password_needs_rehash('', PASSWORD_BCRYPT));
// Valid, as it's an unknown algorithm
var_dump(password_needs_rehash('', 0));
// Valid with cost the same
var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10)));
// Valid with cost the same, additional params
var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10, 'foo' => 3)));
// Invalid, different (lower) cost
var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 09)));
// Invalid, different (higher) cost
var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11)));
// Valid with cost the default
$cost = str_pad(PASSWORD_BCRYPT_DEFAULT_COST, 2, '0', STR_PAD_LEFT);
var_dump(password_needs_rehash('$2y$'.$cost.'$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT));
// Should Issue Needs Rehash, Since Foo is cast to 0...
var_dump(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 'foo')));
echo "OK!";
?>
--EXPECT--
bool(true)
bool(false)
bool(false)
bool(false)
bool(true)
bool(true)
bool(false)
bool(true)
OK!

33
ext/standard/tests/password/password_needs_rehash_error.phpt Normal file
View File

@ -0,0 +1,33 @@
--TEST--
Test error operation of password_needs_rehash()
--FILE--
<?php
//-=-=-=-
var_dump(password_needs_rehash());
var_dump(password_needs_rehash(''));
var_dump(password_needs_rehash('', "foo"));
var_dump(password_needs_rehash(array(), 1));
var_dump(password_needs_rehash("", 1, "foo"));
echo "OK!";
?>
--EXPECTF--
Warning: password_needs_rehash() expects at least 2 parameters, 0 given in %s on line %d
NULL
Warning: password_needs_rehash() expects at least 2 parameters, 1 given in %s on line %d
NULL
Warning: password_needs_rehash() expects parameter 2 to be long, string given in %s on line %d
NULL
Warning: password_needs_rehash() expects parameter 1 to be string, array given in %s on line %d
NULL
Warning: password_needs_rehash() expects parameter 3 to be array, string given in %s on line %d
NULL
OK!

21
ext/standard/tests/password/password_verify.phpt Normal file
View File

@ -0,0 +1,21 @@
--TEST--
Test normal operation of password_verify)
--FILE--
<?php
//-=-=-=-
var_dump(password_verify(123, 123));
var_dump(password_verify("foo", '$2a$07$usesomesillystringforsalt$'));
var_dump(password_verify('rasmusler', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi'));
var_dump(password_verify('rasmuslerdorf', '$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi'));
echo "OK!";
?>
--EXPECT--
bool(false)
bool(false)
bool(false)
bool(true)
OK!

18
ext/standard/tests/password/password_verify_error.phpt Normal file
View File

@ -0,0 +1,18 @@
--TEST--
Test error operation of password_verify()
--FILE--
<?php
//-=-=-=-
var_dump(password_verify());
var_dump(password_verify("foo"));
?>
--EXPECTF--
Warning: password_verify() expects exactly 2 parameters, 0 given in %s on line %d
bool(false)
Warning: password_verify() expects exactly 2 parameters, 1 given in %s on line %d
bool(false)