forked from laruence/taint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
php_taint.h
210 lines (185 loc) · 6.84 KB
/
php_taint.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
/*
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
| Copyright (c) 1997-2012 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| [email protected] so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Author: Xinchen Hui <[email protected]> |
+----------------------------------------------------------------------+
*/
/* $Id$ */
#ifndef PHP_TAINT_H
#define PHP_TAINT_H
extern zend_module_entry taint_module_entry;
#define phpext_taint_ptr &taint_module_entry
#ifdef PHP_WIN32
#define PHP_TAINT_API __declspec(dllexport)
#else
#define PHP_TAINT_API
#endif
#ifdef ZTS
#include "TSRM.h"
#endif
#define PHP_TAINT_VERSION "1.3.0-dev"
#define PHP_TAINT_MAGIC_LENGTH sizeof(unsigned)
#define PHP_TAINT_MAGIC_NONE 0x00000000
#define PHP_TAINT_MAGIC_POSSIBLE 0x6A8FCE84
#define PHP_TAINT_MAGIC_UNTAINT 0x2C5E7F2D
#if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 4)
# define TAINT_OP1_TYPE(n) ((n)->op1.op_type)
# define TAINT_OP2_TYPE(n) ((n)->op2.op_type)
# define TAINT_OP1_NODE_PTR(n) (&(n)->op1)
# define TAINT_OP2_NODE_PTR(n) (&(n)->op2)
# define TAINT_OP1_VAR(n) ((n)->op1.u.var)
# define TAINT_OP2_VAR(n) ((n)->op2.u.var)
# define TAINT_RESULT_VAR(n) ((n)->result.u.var)
# define TAINT_OP1_CONSTANT_PTR(n) (&(n)->op1.u.constant)
# define TAINT_OP2_CONSTANT_PTR(n) (&(n)->op2.u.constant)
# define TAINT_GET_ZVAL_PTR_CV_2ND_ARG(t) (execute_data->Ts)
# define TAINT_RETURN_VALUE_USED(n) (!((&(n)->result)->u.EA.type & EXT_TYPE_UNUSED))
# define TAINT_OP_LINENUM(n) ((n).u.opline_num)
# define TAINT_AI_SET_PTR(ai, val) \
(ai).ptr = (val); \
(ai).ptr_ptr = &((ai).ptr);
#else
# define TAINT_OP1_TYPE(n) ((n)->op1_type)
# define TAINT_OP2_TYPE(n) ((n)->op2_type)
# define TAINT_OP1_NODE_PTR(n) ((n)->op1.var)
# define TAINT_OP2_NODE_PTR(n) ((n)->op2.var)
# define TAINT_OP1_VAR(n) ((n)->op1.var)
# define TAINT_OP2_VAR(n) ((n)->op2.var)
# define TAINT_RESULT_VAR(n) ((n)->result.var)
# define TAINT_OP1_CONSTANT_PTR(n) ((n)->op1.zv)
# define TAINT_OP2_CONSTANT_PTR(n) ((n)->op2.zv)
# define TAINT_GET_ZVAL_PTR_CV_2ND_ARG(t) (t)
# define TAINT_RETURN_VALUE_USED(n) (!((n)->result_type & EXT_TYPE_UNUSED))
# define TAINT_OP_LINENUM(n) ((n).opline_num)
# define TAINT_AI_SET_PTR(t, val) do { \
temp_variable *__t = (t); \
__t->var.ptr = (val); \
__t->var.ptr_ptr = &__t->var.ptr; \
} while (0)
#endif
#if (PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 3)
# define TAINT_ARG_PUSH(v) zend_ptr_stack_push(&EG(argument_stack), v TSRMLS_CC)
#else
# define TAINT_ARG_PUSH(v) zend_vm_stack_push(v TSRMLS_CC)
#endif
#ifndef Z_SET_ISREF_PP
# define Z_SET_ISREF_PP(n) ((*n)->is_ref = 1)
#endif
#ifndef Z_UNSET_ISREF_PP
# define Z_UNSET_ISREF_PP(n) ((*n)->is_ref = 0)
#endif
#ifndef Z_REFCOUNT_PP
# define Z_REFCOUNT_PP(n) ((*n)->refcount)
#endif
#ifndef INIT_PZVAL_COPY
#define INIT_PZVAL_COPY(z,v) \
(z)->value = (v)->value; \
Z_TYPE_P(z) = Z_TYPE_P(v); \
(z)->refcount = 1; \
(z)->is_ref = 0;
#endif
#ifndef MAKE_REAL_ZVAL_PTR
#define MAKE_REAL_ZVAL_PTR(val) \
do { \
zval *_tmp; \
ALLOC_ZVAL(_tmp); \
INIT_PZVAL_COPY(_tmp, (val)); \
(val) = _tmp; \
} while (0)
#endif
#define TAINT_T(offset) (*(temp_variable *)((char *) execute_data->Ts + offset))
#define TAINT_TS(offset) (*(temp_variable *)((char *)Ts + offset))
#define TAINT_CV(i) (EG(current_execute_data)->CVs[i])
#define TAINT_PZVAL_LOCK(z, f) taint_pzval_lock_func(z, f);
#define TAINT_PZVAL_UNLOCK(z, f) taint_pzval_unlock_func(z, f, 1)
#define TAINT_PZVAL_UNLOCK_FREE(z) taint_pzval_unlock_free_func(z)
#define TAINT_CV_OF(i) (EG(current_execute_data)->CVs[i])
#define TAINT_CV_DEF_OF(i) (EG(active_op_array)->vars[i])
#define TAINT_TMP_FREE(z) (zval*)(((zend_uintptr_t)(z)) | 1L)
#define TAINT_AI_USE_PTR(ai) \
if ((ai).ptr_ptr) { \
(ai).ptr = *((ai).ptr_ptr); \
(ai).ptr_ptr = &((ai).ptr); \
} else { \
(ai).ptr = NULL; \
}
#define TAINT_FREE_OP(should_free) \
if (should_free.var) { \
if ((zend_uintptr_t)should_free.var & 1L) { \
zval_dtor((zval*)((zend_uintptr_t)should_free.var & ~1L)); \
} else { \
zval_ptr_dtor(&should_free.var); \
} \
}
#define TAINT_FREE_OP_VAR_PTR(should_free) \
if (should_free.var) { \
zval_ptr_dtor(&should_free.var); \
}
#define PHP_TAINT_MARK(zv, mark) *((unsigned *)(Z_STRVAL_P(zv) + Z_STRLEN_P(zv) + 1)) = (mark)
#define PHP_TAINT_POSSIBLE(zv) (*(unsigned *)(Z_STRVAL_P(zv) + Z_STRLEN_P(zv) + 1) == PHP_TAINT_MAGIC_POSSIBLE)
#define PHP_TAINT_UNTAINT(zv) (*(unsigned *)(Z_STRVAL_P(zv) + Z_STRLEN_P(zv) + 1) == PHP_TAINT_MAGIC_UNTAINT)
#if ((PHP_MAJOR_VERSION == 5) && (PHP_MINOR_VERSION < 3))
# define Z_ADDREF_P ZVAL_ADDREF
# define Z_REFCOUNT_P ZVAL_REFCOUNT
# define Z_DELREF_P ZVAL_DELREF
# define Z_SET_REFCOUNT_P(pz, rc) (pz)->refcount = rc
# define Z_UNSET_ISREF_P(pz) (pz)->is_ref = 0
# define Z_ISREF_P(pz) (pz)->is_ref
#endif
typedef struct _taint_free_op {
zval* var;
int is_ref;
int type;
} taint_free_op;
PHP_MINIT_FUNCTION(taint);
PHP_MSHUTDOWN_FUNCTION(taint);
PHP_RINIT_FUNCTION(taint);
PHP_RSHUTDOWN_FUNCTION(taint);
PHP_MINFO_FUNCTION(taint);
PHP_FUNCTION(taint);
PHP_FUNCTION(untaint);
PHP_FUNCTION(is_tainted);
PHP_FUNCTION(taint_strval);
PHP_FUNCTION(taint_sprintf);
PHP_FUNCTION(taint_vsprintf);
PHP_FUNCTION(taint_explode);
PHP_FUNCTION(taint_implode);
PHP_FUNCTION(taint_trim);
PHP_FUNCTION(taint_rtrim);
PHP_FUNCTION(taint_ltrim);
PHP_FUNCTION(taint_strstr);
PHP_FUNCTION(taint_substr);
PHP_FUNCTION(taint_str_replace);
PHP_FUNCTION(taint_str_pad);
PHP_FUNCTION(taint_strtolower);
PHP_FUNCTION(taint_strtoupper);
typedef void (*php_func)(INTERNAL_FUNCTION_PARAMETERS);
ZEND_BEGIN_MODULE_GLOBALS(taint)
zend_bool enable;
int error_level;
ZEND_END_MODULE_GLOBALS(taint)
#ifdef ZTS
#define TAINT_G(v) TSRMG(taint_globals_id, zend_taint_globals *, v)
#else
#define TAINT_G(v) (taint_globals.v)
#endif
#endif /* PHP_TAINT_H */
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: noet sw=4 ts=4 fdm=marker
* vim<600: noet sw=4 ts=4
*/