import explicit_bzero + strlc* functions update

since 1999 algorithms have changed and register k/w not necessary anymore.
2026-03-24 00:02:20 +01:00 · 2016-10-15 14:53:38 +01:00
parent 2bd34885da
commit 2464dbd5f3
8 changed files with 92 additions and 32 deletions
--- a/Zend/zend_portability.h
+++ b/Zend/zend_portability.h
@@ -435,7 +435,7 @@ char *alloca();
 #ifdef ZEND_WIN32
 #define ZEND_SECURE_ZERO(var, size) RtlSecureZeroMemory((var), (size))
 #else
-#define ZEND_SECURE_ZERO(var, size) memset((var), 0, (size))
+#define ZEND_SECURE_ZERO(var, size) explicit_bzero((var), (size))
 #endif

 /* This check should only be used on network socket, not file descriptors */
--- a/configure.in
+++ b/configure.in
@@ -768,7 +768,7 @@ if test "$ac_cv_func_sync_fetch_and_add" = yes; then
  AC_DEFINE(HAVE_SYNC_FETCH_AND_ADD,1,[Define if you have the __sync_fetch_and_add function])
 fi

-AC_REPLACE_FUNCS(strlcat strlcpy getopt)
+AC_REPLACE_FUNCS(strlcat strlcpy explicit_bzero getopt)
 AC_FUNC_UTIME_NULL
 AC_FUNC_ALLOCA
 dnl PHP_AC_BROKEN_SPRINTF
@@ -1479,7 +1479,7 @@ PHP_ADD_SOURCES(TSRM, TSRM.c tsrm_strtok_r.c, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=
 PHP_ADD_SOURCES(main, main.c snprintf.c spprintf.c php_sprintf.c \
       fopen_wrappers.c alloca.c  php_scandir.c \
       php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
-       strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
+       strlcat.c explicit_bzero.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
       network.c php_open_temporary_file.c \
       output.c getopt.c, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1)

--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -129,12 +129,12 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch

 			crypt_res = php_sha512_crypt_r(password, salt, output, PHP_MAX_SALT_LEN);
 			if (!crypt_res) {
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return NULL;
 			} else {
 				result = zend_string_init(output, strlen(output), 0);
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return result;
 			}
@@ -144,12 +144,12 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch

 			crypt_res = php_sha256_crypt_r(password, salt, output, PHP_MAX_SALT_LEN);
 			if (!crypt_res) {
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return NULL;
 			} else {
 				result = zend_string_init(output, strlen(output), 0);
-				memset(output, 0, PHP_MAX_SALT_LEN);
+				explicit_bzero(output, PHP_MAX_SALT_LEN);
 				efree(output);
 				return result;
 			}
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -364,7 +364,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 		PHP_MD5Update(&ctx, final, (unsigned int)(pl > 16 ? 16 : pl));

 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	explicit_bzero(final, sizeof(final));

 	/* Then something really weird... */
 	for (i = pwl; i != 0; i >>= 1)
--- a/main/explicit_bzero.c
+++ b/main/explicit_bzero.c
@@ -0,0 +1,43 @@
+/*
+  +----------------------------------------------------------------------+
+  | PHP Version 7                                                        |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 1997-2016 The PHP Group                                |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author:                                                              |
+  +----------------------------------------------------------------------+
+*/
+
+/* $Id$ */
+
+#include "php.h"
+
+#ifndef HAVE_EXPLICIT_BZERO
+
+/*	$OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *dst, size_t siz)
+{
+}
+
+PHPAPI void php_explicit_bzero(void *dst, size_t siz)
+{
+	memset(dst, 0, siz);
+	__explicit_bzero_hook(dst, siz);
+}
+#endif
--- a/main/php.h
+++ b/main/php.h
@@ -136,6 +136,14 @@ END_EXTERN_C()
 #define strlcat php_strlcat
 #endif

+#ifndef HAVE_STRLCAT
+BEGIN_EXTERN_C()
+PHPAPI void php_explicit_bzero(void *dst, size_t siz);
+END_EXTERN_C()
+#undef explicit_bzero
+#define explicit_bzero php_explicit_bzero
+#endif
+
 #ifndef HAVE_STRTOK_R
 BEGIN_EXTERN_C()
 char *strtok_r(char *s, const char *delim, char **last);
--- a/main/strlcat.c
+++ b/main/strlcat.c
@@ -69,29 +69,34 @@ PHPAPI size_t php_strlcat(dst, src, siz)
 	const char *src;
 	size_t siz;
 {
-	register char *d = dst;
-	register const char *s = src;
-	register size_t n = siz;
+	const char *d = dst;
+	const char *s = src;
+	size_t n = siz;
 	size_t dlen;

 	/* Find the end of dst and adjust bytes left but don't go past end */
-	while (*d != '\0' && n-- != 0)
-		d++;
-	dlen = d - dst;
+	while (n-- != 0 && *dst != '\0')
+		dst++;
+	dlen = (uintptr_t)dst - (uintptr_t)d;
 	n = siz - dlen;

-	if (n == 0)
-		return(dlen + strlen(s));
-	while (*s != '\0') {
-		if (n != 1) {
-			*d++ = *s;
+	if (n-- == 0)
+		return(dlen + strlen(src));
+	while (*src != '\0') {
+		if (n != 0) {
+			*dst++ = *src;
 			n--;
 		}
-		s++;
+		src++;
 	}
-	*d = '\0';
+	*dst = '\0';

-	return(dlen + (s - src));	/* count does not include NUL */
+	/*
+	 * Cast pointers to unsigned type before calculation, to avoid signed
+	 * overflow when the string ends where the MSB has changed.
+	 * Return value does not include NUL.
+	 */
+	return(dlen + ((uintptr_t)src - (uintptr_t)s));
 }

 #endif /* !HAVE_STRLCAT */
--- a/main/strlcpy.c
+++ b/main/strlcpy.c
@@ -68,27 +68,31 @@ PHPAPI size_t php_strlcpy(dst, src, siz)
 	const char *src;
 	size_t siz;
 {
-	register char *d = dst;
-	register const char *s = src;
-	register size_t n = siz;
+	const char *s = src;
+	size_t n = siz;

 	/* Copy as many bytes as will fit */
-	if (n != 0 && --n != 0) {
-		do {
-			if ((*d++ = *s++) == 0)
+	if (n != 0) {
+		while (--n != 0) {
+			if ((*dst++ = *src++) == 0)
 				break;
-		} while (--n != 0);
+		}
 	}

 	/* Not enough room in dst, add NUL and traverse rest of src */
 	if (n == 0) {
 		if (siz != 0)
-			*d = '\0';		/* NUL-terminate dst */
-		while (*s++)
+			*dst = '\0';		/* NUL-terminate dst */
+		while (*src++)
 			;
 	}

-	return(s - src - 1);	/* count does not include NUL */
+	/*
+	 * Cast pointers to unsigned type before calculation, to avoid signed
+	 * overflow when the string ends where the MSB has changed.
+	 * Return value does not include NUL.
+	 */
+	return((uintptr_t)src - (uintptr_t)s - 1);
 }

 #endif /* !HAVE_STRLCPY */