diff options
| -rw-r--r-- | Zend/zend_portability.h | 2 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | ext/standard/crypt.c | 8 | ||||
| -rw-r--r-- | ext/standard/php_crypt_r.c | 2 | ||||
| -rw-r--r-- | main/explicit_bzero.c | 43 | ||||
| -rw-r--r-- | main/php.h | 8 | ||||
| -rw-r--r-- | main/strlcat.c | 33 | ||||
| -rw-r--r-- | main/strlcpy.c | 24 |
8 files changed, 92 insertions, 32 deletions
diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h index 298dfb53fa..74e7348bb2 100644 --- a/Zend/zend_portability.h +++ b/Zend/zend_portability.h @@ -435,7 +435,7 @@ char *alloca(); #ifdef ZEND_WIN32 #define ZEND_SECURE_ZERO(var, size) RtlSecureZeroMemory((var), (size)) #else -#define ZEND_SECURE_ZERO(var, size) memset((var), 0, (size)) +#define ZEND_SECURE_ZERO(var, size) explicit_bzero((var), (size)) #endif /* This check should only be used on network socket, not file descriptors */ diff --git a/configure.in b/configure.in index de68932ca1..16ca2fe9e4 100644 --- a/configure.in +++ b/configure.in @@ -768,7 +768,7 @@ if test "$ac_cv_func_sync_fetch_and_add" = yes; then AC_DEFINE(HAVE_SYNC_FETCH_AND_ADD,1,[Define if you have the __sync_fetch_and_add function]) fi -AC_REPLACE_FUNCS(strlcat strlcpy getopt) +AC_REPLACE_FUNCS(strlcat strlcpy explicit_bzero getopt) AC_FUNC_UTIME_NULL AC_FUNC_ALLOCA dnl PHP_AC_BROKEN_SPRINTF @@ -1479,7 +1479,7 @@ PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c, -DZEND_ENABLE_STATIC_TSRMLS_CACHE= PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \ fopen_wrappers.c alloca.c php_scandir.c \ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ - strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ + strlcat.c explicit_bzero.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ network.c php_open_temporary_file.c \ output.c getopt.c, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1) diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index f2f778e764..99af6fb006 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -129,12 +129,12 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); if (!crypt_res) { - memset(output, 0, PHP_MAX_SALT_LEN); + explicit_bzero(output, PHP_MAX_SALT_LEN); efree(output); return NULL; } else { result = zend_string_init(output, strlen(output), 0); - memset(output, 0, PHP_MAX_SALT_LEN); + explicit_bzero(output, PHP_MAX_SALT_LEN); efree(output); return result; } @@ -144,12 +144,12 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN); if (!crypt_res) { - memset(output, 0, PHP_MAX_SALT_LEN); + explicit_bzero(output, PHP_MAX_SALT_LEN); efree(output); return NULL; } else { result = zend_string_init(output, strlen(output), 0); - memset(output, 0, PHP_MAX_SALT_LEN); + explicit_bzero(output, PHP_MAX_SALT_LEN); efree(output); return result; } diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c index 8b97d4a496..27cc82af8b 100644 --- a/ext/standard/php_crypt_r.c +++ b/ext/standard/php_crypt_r.c @@ -364,7 +364,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) PHP_MD5Update(&ctx, final, (unsigned int)(pl > 16 ? 16 : pl)); /* Don't leave anything around in vm they could use. */ - memset(final, 0, sizeof(final)); + explicit_bzero(final, sizeof(final)); /* Then something really weird... */ for (i = pwl; i != 0; i >>= 1) diff --git a/main/explicit_bzero.c b/main/explicit_bzero.c new file mode 100644 index 0000000000..ffe5bec9b3 --- /dev/null +++ b/main/explicit_bzero.c @@ -0,0 +1,43 @@ +/* + +----------------------------------------------------------------------+ + | PHP Version 7 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2016 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: | + +----------------------------------------------------------------------+ +*/ + +/* $Id$ */ + +#include "php.h" + +#ifndef HAVE_EXPLICIT_BZERO + +/* $OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Public domain. + * Written by Matthew Dempsky. + */ + +#include <string.h> + +__attribute__((weak)) void +__explicit_bzero_hook(void *dst, size_t siz) +{ +} + +PHPAPI void php_explicit_bzero(void *dst, size_t siz) +{ + memset(dst, 0, siz); + __explicit_bzero_hook(dst, siz); +} +#endif diff --git a/main/php.h b/main/php.h index 32ab59386f..b9b091d58e 100644 --- a/main/php.h +++ b/main/php.h @@ -136,6 +136,14 @@ END_EXTERN_C() #define strlcat php_strlcat #endif +#ifndef HAVE_STRLCAT +BEGIN_EXTERN_C() +PHPAPI void php_explicit_bzero(void *dst, size_t siz); +END_EXTERN_C() +#undef explicit_bzero +#define explicit_bzero php_explicit_bzero +#endif + #ifndef HAVE_STRTOK_R BEGIN_EXTERN_C() char *strtok_r(char *s, const char *delim, char **last); diff --git a/main/strlcat.c b/main/strlcat.c index 242819ac6f..a885ac304c 100644 --- a/main/strlcat.c +++ b/main/strlcat.c @@ -69,29 +69,34 @@ PHPAPI size_t php_strlcat(dst, src, siz) const char *src; size_t siz; { - register char *d = dst; - register const char *s = src; - register size_t n = siz; + const char *d = dst; + const char *s = src; + size_t n = siz; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ - while (*d != '\0' && n-- != 0) - d++; - dlen = d - dst; + while (n-- != 0 && *dst != '\0') + dst++; + dlen = (uintptr_t)dst - (uintptr_t)d; n = siz - dlen; - if (n == 0) - return(dlen + strlen(s)); - while (*s != '\0') { - if (n != 1) { - *d++ = *s; + if (n-- == 0) + return(dlen + strlen(src)); + while (*src != '\0') { + if (n != 0) { + *dst++ = *src; n--; } - s++; + src++; } - *d = '\0'; + *dst = '\0'; - return(dlen + (s - src)); /* count does not include NUL */ + /* + * Cast pointers to unsigned type before calculation, to avoid signed + * overflow when the string ends where the MSB has changed. + * Return value does not include NUL. + */ + return(dlen + ((uintptr_t)src - (uintptr_t)s)); } #endif /* !HAVE_STRLCAT */ diff --git a/main/strlcpy.c b/main/strlcpy.c index 60d3e9906d..09008664f6 100644 --- a/main/strlcpy.c +++ b/main/strlcpy.c @@ -68,27 +68,31 @@ PHPAPI size_t php_strlcpy(dst, src, siz) const char *src; size_t siz; { - register char *d = dst; - register const char *s = src; - register size_t n = siz; + const char *s = src; + size_t n = siz; /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) + if (n != 0) { + while (--n != 0) { + if ((*dst++ = *src++) == 0) break; - } while (--n != 0); + } } /* Not enough room in dst, add NUL and traverse rest of src */ if (n == 0) { if (siz != 0) - *d = '\0'; /* NUL-terminate dst */ - while (*s++) + *dst = '\0'; /* NUL-terminate dst */ + while (*src++) ; } - return(s - src - 1); /* count does not include NUL */ + /* + * Cast pointers to unsigned type before calculation, to avoid signed + * overflow when the string ends where the MSB has changed. + * Return value does not include NUL. + */ + return((uintptr_t)src - (uintptr_t)s - 1); } #endif /* !HAVE_STRLCPY */ |