1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | http://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Bob Weinand <bwoebi@php.net> |
14 +----------------------------------------------------------------------+
15 */
16
17 #include "phpdbg_wait.h"
18 #include "phpdbg_prompt.h"
19 #include "ext/standard/php_var.h"
20 #include "ext/standard/basic_functions.h"
21
ZEND_EXTERN_MODULE_GLOBALS(phpdbg)22 ZEND_EXTERN_MODULE_GLOBALS(phpdbg)
23
24 static void phpdbg_rebuild_http_globals_array(int type, const char *name) {
25 zval *zvp;
26 if (Z_TYPE(PG(http_globals)[type]) != IS_UNDEF) {
27 zval_ptr_dtor_nogc(&PG(http_globals)[type]);
28 }
29 if ((zvp = zend_hash_str_find(&EG(symbol_table), name, strlen(name)))) {
30 Z_ADDREF_P(zvp);
31 PG(http_globals)[type] = *zvp;
32 }
33 }
34
35
phpdbg_dearm_autoglobals(zend_auto_global * auto_global)36 static int phpdbg_dearm_autoglobals(zend_auto_global *auto_global) {
37 if (zend_string_equals_literal(auto_global->name, "GLOBALS")) {
38 auto_global->armed = 0;
39 }
40
41 return ZEND_HASH_APPLY_KEEP;
42 }
43
44 typedef struct {
45 HashTable *ht[2];
46 HashPosition pos[2];
47 } phpdbg_intersect_ptr;
48
phpdbg_array_data_compare(Bucket * f,Bucket * s)49 static int phpdbg_array_data_compare(Bucket *f, Bucket *s) {
50 int result;
51 zval *first, *second;
52
53 first = &f->val;
54 second = &s->val;
55
56 result = string_compare_function(first, second);
57
58 if (result < 0) {
59 return -1;
60 } else if (result > 0) {
61 return 1;
62 }
63
64 return 0;
65 }
66
phpdbg_array_intersect_init(phpdbg_intersect_ptr * info,HashTable * ht1,HashTable * ht2)67 static void phpdbg_array_intersect_init(phpdbg_intersect_ptr *info, HashTable *ht1, HashTable *ht2) {
68 info->ht[0] = ht1;
69 info->ht[1] = ht2;
70
71 zend_hash_sort(info->ht[0], phpdbg_array_data_compare, 0);
72 zend_hash_sort(info->ht[1], phpdbg_array_data_compare, 0);
73
74 zend_hash_internal_pointer_reset_ex(info->ht[0], &info->pos[0]);
75 zend_hash_internal_pointer_reset_ex(info->ht[1], &info->pos[1]);
76 }
77
78 /* -1 => first array, 0 => both arrays equal, 1 => second array */
phpdbg_array_intersect(phpdbg_intersect_ptr * info,zval ** ptr)79 static int phpdbg_array_intersect(phpdbg_intersect_ptr *info, zval **ptr) {
80 int ret;
81 zval *zvp[2];
82 int invalid = !info->ht[0] + !info->ht[1];
83
84 if (invalid > 0) {
85 invalid = !info->ht[0];
86
87 if (!(*ptr = zend_hash_get_current_data_ex(info->ht[invalid], &info->pos[invalid]))) {
88 return 0;
89 }
90
91 zend_hash_move_forward_ex(info->ht[invalid], &info->pos[invalid]);
92
93 return invalid ? 1 : -1;
94 }
95
96 if (!(zvp[0] = zend_hash_get_current_data_ex(info->ht[0], &info->pos[0]))) {
97 info->ht[0] = NULL;
98 return phpdbg_array_intersect(info, ptr);
99 }
100 if (!(zvp[1] = zend_hash_get_current_data_ex(info->ht[1], &info->pos[1]))) {
101 info->ht[1] = NULL;
102 return phpdbg_array_intersect(info, ptr);
103 }
104
105 ret = zend_binary_zval_strcmp(zvp[0], zvp[1]);
106
107 if (ret <= 0) {
108 *ptr = zvp[0];
109 zend_hash_move_forward_ex(info->ht[0], &info->pos[0]);
110 }
111 if (ret >= 0) {
112 *ptr = zvp[1];
113 zend_hash_move_forward_ex(info->ht[1], &info->pos[1]);
114 }
115
116 return ret;
117 }
118
phpdbg_webdata_decompress(char * msg,int len)119 void phpdbg_webdata_decompress(char *msg, int len) {
120 zval *free_zv = NULL;
121 zval zv, *zvp;
122 HashTable *ht;
123 php_unserialize_data_t var_hash;
124
125 PHP_VAR_UNSERIALIZE_INIT(var_hash);
126 if (!php_var_unserialize(&zv, (const unsigned char **) &msg, (unsigned char *) msg + len, &var_hash)) {
127 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
128 phpdbg_error("wait", "type=\"invaliddata\" import=\"fail\"", "Malformed serialized was sent to this socket, arborting");
129 return;
130 }
131 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
132
133 ht = Z_ARRVAL(zv);
134
135 /* Reapply symbol table */
136 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("GLOBALS"))) && Z_TYPE_P(zvp) == IS_ARRAY) {
137 {
138 zval *srv;
139 if ((srv = zend_hash_str_find(Z_ARRVAL_P(zvp), ZEND_STRL("_SERVER"))) && Z_TYPE_P(srv) == IS_ARRAY) {
140 zval *script;
141 if ((script = zend_hash_str_find(Z_ARRVAL_P(srv), ZEND_STRL("SCRIPT_FILENAME"))) && Z_TYPE_P(script) == IS_STRING) {
142 phpdbg_param_t param;
143 param.str = Z_STRVAL_P(script);
144 PHPDBG_COMMAND_HANDLER(exec)(¶m);
145 }
146 }
147 }
148
149 PG(auto_globals_jit) = 0;
150 zend_hash_apply(CG(auto_globals), (apply_func_t) phpdbg_dearm_autoglobals);
151
152 zend_hash_clean(&EG(symbol_table));
153 EG(symbol_table) = *Z_ARR_P(zvp);
154
155 /* Rebuild cookies, env vars etc. from GLOBALS (PG(http_globals)) */
156 phpdbg_rebuild_http_globals_array(TRACK_VARS_POST, "_POST");
157 phpdbg_rebuild_http_globals_array(TRACK_VARS_GET, "_GET");
158 phpdbg_rebuild_http_globals_array(TRACK_VARS_COOKIE, "_COOKIE");
159 phpdbg_rebuild_http_globals_array(TRACK_VARS_SERVER, "_SERVER");
160 phpdbg_rebuild_http_globals_array(TRACK_VARS_ENV, "_ENV");
161 phpdbg_rebuild_http_globals_array(TRACK_VARS_FILES, "_FILES");
162
163 Z_ADDREF_P(zvp);
164 free_zv = zvp;
165 }
166
167 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("input"))) && Z_TYPE_P(zvp) == IS_STRING) {
168 if (SG(request_info).request_body) {
169 php_stream_close(SG(request_info).request_body);
170 }
171 SG(request_info).request_body = php_stream_temp_create_ex(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE, PG(upload_tmp_dir));
172 php_stream_truncate_set_size(SG(request_info).request_body, 0);
173 php_stream_write(SG(request_info).request_body, Z_STRVAL_P(zvp), Z_STRLEN_P(zvp));
174 }
175
176 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("cwd"))) && Z_TYPE_P(zvp) == IS_STRING) {
177 if (VCWD_CHDIR(Z_STRVAL_P(zvp)) == SUCCESS) {
178 if (BG(CurrentStatFile) && !IS_ABSOLUTE_PATH(BG(CurrentStatFile), strlen(BG(CurrentStatFile)))) {
179 efree(BG(CurrentStatFile));
180 BG(CurrentStatFile) = NULL;
181 }
182 if (BG(CurrentLStatFile) && !IS_ABSOLUTE_PATH(BG(CurrentLStatFile), strlen(BG(CurrentLStatFile)))) {
183 efree(BG(CurrentLStatFile));
184 BG(CurrentLStatFile) = NULL;
185 }
186 }
187 }
188
189 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("sapi_name"))) && (Z_TYPE_P(zvp) == IS_STRING || Z_TYPE_P(zvp) == IS_NULL)) {
190 if (PHPDBG_G(sapi_name_ptr)) {
191 free(PHPDBG_G(sapi_name_ptr));
192 }
193 if (Z_TYPE_P(zvp) == IS_STRING) {
194 PHPDBG_G(sapi_name_ptr) = sapi_module.name = strdup(Z_STRVAL_P(zvp));
195 } else {
196 PHPDBG_G(sapi_name_ptr) = sapi_module.name = NULL;
197 }
198 }
199
200 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("modules"))) && Z_TYPE_P(zvp) == IS_ARRAY) {
201 phpdbg_intersect_ptr pos;
202 zval *module;
203 zend_module_entry *mod;
204 HashTable zv_registry;
205
206 /* intersect modules, unregister modules loaded "too much", announce not yet registered modules (phpdbg_notice) */
207
208 zend_hash_init(&zv_registry, zend_hash_num_elements(&module_registry), 0, ZVAL_PTR_DTOR, 0);
209 ZEND_HASH_FOREACH_PTR(&module_registry, mod) {
210 if (mod->name) {
211 zval value;
212 ZVAL_NEW_STR(&value, zend_string_init(mod->name, strlen(mod->name), 0));
213 zend_hash_next_index_insert(&zv_registry, &value);
214 }
215 } ZEND_HASH_FOREACH_END();
216
217 phpdbg_array_intersect_init(&pos, &zv_registry, Z_ARRVAL_P(zvp));
218 do {
219 int mode = phpdbg_array_intersect(&pos, &module);
220 if (mode < 0) {
221 // loaded module, but not needed
222 if (strcmp(PHPDBG_NAME, Z_STRVAL_P(module))) {
223 zend_hash_del(&module_registry, Z_STR_P(module));
224 }
225 } else if (mode > 0) {
226 // not loaded module
227 if (!sapi_module.name || strcmp(sapi_module.name, Z_STRVAL_P(module))) {
228 phpdbg_notice("wait", "missingmodule=\"%.*s\"", "The module %.*s isn't present in " PHPDBG_NAME ", you still can load via dl /path/to/module/%.*s.so", (int) Z_STRLEN_P(module), Z_STRVAL_P(module), (int) Z_STRLEN_P(module), Z_STRVAL_P(module));
229 }
230 }
231 } while (module);
232
233 zend_hash_clean(&zv_registry);
234 }
235
236 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("extensions"))) && Z_TYPE_P(zvp) == IS_ARRAY) {
237 zend_extension *extension;
238 zend_llist_position pos;
239 zval *name = NULL;
240 zend_string *strkey = NULL;
241
242 extension = (zend_extension *) zend_llist_get_first_ex(&zend_extensions, &pos);
243 while (extension) {
244 extension = (zend_extension *) zend_llist_get_next_ex(&zend_extensions, &pos);
245 if (extension == NULL){
246 break;
247 }
248
249 ZEND_HASH_FOREACH_STR_KEY_PTR(Z_ARRVAL_P(zvp), strkey, name) {
250 if (Z_TYPE_P(name) == IS_STRING && !zend_binary_strcmp(extension->name, strlen(extension->name), Z_STRVAL_P(name), Z_STRLEN_P(name))) {
251 break;
252 }
253 name = NULL;
254 strkey = NULL;
255 } ZEND_HASH_FOREACH_END();
256
257 if (name) {
258 /* sigh, breaking the encapsulation, there aren't any functions manipulating the llist at the place of the zend_llist_position */
259 zend_llist_element *elm = pos;
260 if (elm->prev) {
261 elm->prev->next = elm->next;
262 } else {
263 zend_extensions.head = elm->next;
264 }
265 if (elm->next) {
266 elm->next->prev = elm->prev;
267 } else {
268 zend_extensions.tail = elm->prev;
269 }
270 #if ZEND_EXTENSIONS_SUPPORT
271 if (extension->shutdown) {
272 extension->shutdown(extension);
273 }
274 #endif
275 if (zend_extensions.dtor) {
276 zend_extensions.dtor(elm->data);
277 }
278 pefree(elm, zend_extensions.persistent);
279 zend_extensions.count--;
280 } else {
281 ZEND_ASSERT(strkey);
282 zend_hash_del(Z_ARRVAL_P(zvp), strkey);
283 }
284 }
285
286 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(zvp), name) {
287 if (Z_TYPE_P(name) == IS_STRING) {
288 phpdbg_notice("wait", "missingextension=\"%.*s\"", "The Zend extension %.*s isn't present in " PHPDBG_NAME ", you still can load via dl /path/to/extension.so", (int) Z_STRLEN_P(name), Z_STRVAL_P(name));
289 }
290 } ZEND_HASH_FOREACH_END();
291 }
292
293 zend_ini_deactivate();
294
295 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("systemini"))) && Z_TYPE_P(zvp) == IS_ARRAY) {
296 zval *ini_entry;
297 zend_ini_entry *original_ini;
298 zend_string *key;
299
300 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zvp), key, ini_entry) {
301 if (key && Z_TYPE_P(ini_entry) == IS_STRING) {
302 if ((original_ini = zend_hash_find_ptr(EG(ini_directives), key))) {
303 if (!original_ini->on_modify || original_ini->on_modify(original_ini, Z_STR_P(ini_entry), original_ini->mh_arg1, original_ini->mh_arg2, original_ini->mh_arg3, ZEND_INI_STAGE_ACTIVATE) == SUCCESS) {
304 if (original_ini->modified && original_ini->orig_value != original_ini->value) {
305 efree(original_ini->value);
306 }
307 original_ini->value = Z_STR_P(ini_entry);
308 Z_ADDREF_P(ini_entry); /* don't free the string */
309 }
310 }
311 }
312 } ZEND_HASH_FOREACH_END();
313 }
314
315 if ((zvp = zend_hash_str_find(ht, ZEND_STRL("userini"))) && Z_TYPE_P(zvp) == IS_ARRAY) {
316 zval *ini_entry;
317 zend_string *key;
318
319 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zvp), key, ini_entry) {
320 if (key && Z_TYPE_P(ini_entry) == IS_STRING) {
321 zend_alter_ini_entry_ex(key, Z_STR_P(ini_entry), ZEND_INI_PERDIR, ZEND_INI_STAGE_HTACCESS, 1);
322 }
323 } ZEND_HASH_FOREACH_END();
324 }
325
326 zval_ptr_dtor(&zv);
327 if (free_zv) {
328 /* separate freeing to not dtor the symtable too, just the container zval... */
329 efree(free_zv);
330 }
331
332 /* Reapply raw input */
333 /* ??? */
334 }
335
PHPDBG_COMMAND(wait)336 PHPDBG_COMMAND(wait) /* {{{ */
337 {
338 #ifndef PHP_WIN32
339 struct sockaddr_un local, remote;
340 int rlen, sr, sl;
341 unlink(PHPDBG_G(socket_path));
342 if (PHPDBG_G(socket_server_fd) == -1) {
343 int len;
344 PHPDBG_G(socket_server_fd) = sl = socket(AF_UNIX, SOCK_STREAM, 0);
345 if (sl == -1) {
346 phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to open a socket to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
347 return FAILURE;
348 }
349
350 local.sun_family = AF_UNIX;
351 if (strlcpy(local.sun_path, PHPDBG_G(socket_path), sizeof(local.sun_path)) > sizeof(local.sun_path)) {
352 phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Socket at %s defined by phpdbg.path ini setting is too long", PHPDBG_G(socket_path));
353 return FAILURE;
354 }
355 len = strlen(local.sun_path) + sizeof(local.sun_family);
356 if (bind(sl, (struct sockaddr *)&local, len) == -1) {
357 phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to connect to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
358 return FAILURE;
359 }
360
361 chmod(PHPDBG_G(socket_path), 0666);
362
363 listen(sl, 2);
364 } else {
365 sl = PHPDBG_G(socket_server_fd);
366 }
367
368 rlen = sizeof(remote);
369 sr = accept(sl, (struct sockaddr *) &remote, (socklen_t *) &rlen);
370 if (sr == -1) {
371 phpdbg_error("wait", "type=\"nosocket\" import=\"fail\"", "Unable to create a connection to UNIX domain socket at %s defined by phpdbg.path ini setting", PHPDBG_G(socket_path));
372 close(PHPDBG_G(socket_server_fd));
373 return FAILURE;
374 }
375
376 unsigned char msglen_buf[4];
377 int needed = 4;
378
379 do {
380 needed -= recv(sr, &msglen_buf[4 - needed], needed, 0);
381 } while (needed > 0);
382
383 uint32_t msglen = (msglen_buf[3] << 24)
384 | (msglen_buf[2] << 16)
385 | (msglen_buf[1] << 8)
386 | (msglen_buf[0] << 0);
387 char *data = emalloc(msglen);
388 needed = msglen;
389
390 do {
391 needed -= recv(sr, &(data[msglen - needed]), needed, 0);
392 } while (needed > 0);
393
394 phpdbg_webdata_decompress(data, msglen);
395
396 if (PHPDBG_G(socket_fd) != -1) {
397 close(PHPDBG_G(socket_fd));
398 }
399 PHPDBG_G(socket_fd) = sr;
400
401 efree(data);
402
403 phpdbg_notice("wait", "import=\"success\"", "Successfully imported request data, stopped before executing");
404 #endif
405
406 return SUCCESS;
407 } /* }}} */
408