xref: /PHP-7.2/main/fastcgi.c (revision 8f564e53)
1 /*
2    +----------------------------------------------------------------------+
3    | PHP Version 7                                                        |
4    +----------------------------------------------------------------------+
5    | Copyright (c) 1997-2018 The PHP Group                                |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 3.01 of the PHP license,      |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.php.net/license/3_01.txt                                  |
11    | If you did not receive a copy of the PHP license and are unable to   |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@php.net so we can mail you a copy immediately.               |
14    +----------------------------------------------------------------------+
15    | Authors: Dmitry Stogov <dmitry@zend.com>                             |
16    +----------------------------------------------------------------------+
17 */
18 
19 /* $Id$ */
20 
21 #include "php.h"
22 #include "php_network.h"
23 
24 #include <string.h>
25 #include <stdlib.h>
26 #include <stdio.h>
27 #include <stdarg.h>
28 #include <errno.h>
29 
30 #ifndef MAXFQDNLEN
31 #define MAXFQDNLEN 255
32 #endif
33 
34 #ifdef _WIN32
35 
36 #include <windows.h>
37 
38 typedef unsigned int in_addr_t;
39 
40 struct sockaddr_un {
41 	short   sun_family;
42 	char    sun_path[MAXPATHLEN];
43 };
44 
45 static HANDLE fcgi_accept_mutex = INVALID_HANDLE_VALUE;
46 static int is_impersonate = 0;
47 
48 #define FCGI_LOCK(fd) \
49 	if (fcgi_accept_mutex != INVALID_HANDLE_VALUE) { \
50 		DWORD ret; \
51 		while ((ret = WaitForSingleObject(fcgi_accept_mutex, 1000)) == WAIT_TIMEOUT) { \
52 			if (in_shutdown) return -1; \
53 		} \
54 		if (ret == WAIT_FAILED) { \
55 			fprintf(stderr, "WaitForSingleObject() failed\n"); \
56 			return -1; \
57 		} \
58 	}
59 
60 #define FCGI_UNLOCK(fd) \
61 	if (fcgi_accept_mutex != INVALID_HANDLE_VALUE) { \
62 		ReleaseMutex(fcgi_accept_mutex); \
63 	}
64 
65 #else
66 
67 # include <sys/types.h>
68 # include <sys/stat.h>
69 # include <unistd.h>
70 # include <fcntl.h>
71 # include <sys/socket.h>
72 # include <sys/un.h>
73 # include <netinet/in.h>
74 # include <netinet/tcp.h>
75 # include <arpa/inet.h>
76 # include <netdb.h>
77 # include <signal.h>
78 
79 # if defined(HAVE_POLL_H) && defined(HAVE_POLL)
80 #  include <poll.h>
81 # elif defined(HAVE_SYS_POLL_H) && defined(HAVE_POLL)
82 #  include <sys/poll.h>
83 # endif
84 # if defined(HAVE_SYS_SELECT_H)
85 #  include <sys/select.h>
86 # endif
87 
88 #ifndef INADDR_NONE
89 #define INADDR_NONE ((unsigned long) -1)
90 #endif
91 
92 # ifndef HAVE_SOCKLEN_T
93 	typedef unsigned int socklen_t;
94 # endif
95 
96 # ifdef USE_LOCKING
97 #  define FCGI_LOCK(fd)								\
98 	do {											\
99 		struct flock lock;							\
100 		lock.l_type = F_WRLCK;						\
101 		lock.l_start = 0;							\
102 		lock.l_whence = SEEK_SET;					\
103 		lock.l_len = 0;								\
104 		if (fcntl(fd, F_SETLKW, &lock) != -1) {		\
105 			break;									\
106 		} else if (errno != EINTR || in_shutdown) {	\
107 			return -1;								\
108 		}											\
109 	} while (1)
110 
111 #  define FCGI_UNLOCK(fd)							\
112 	do {											\
113 		int orig_errno = errno;						\
114 		while (1) {									\
115 			struct flock lock;						\
116 			lock.l_type = F_UNLCK;					\
117 			lock.l_start = 0;						\
118 			lock.l_whence = SEEK_SET;				\
119 			lock.l_len = 0;							\
120 			if (fcntl(fd, F_SETLK, &lock) != -1) {	\
121 				break;								\
122 			} else if (errno != EINTR) {			\
123 				return -1;							\
124 			}										\
125 		}											\
126 		errno = orig_errno;							\
127 	} while (0)
128 # else
129 #  define FCGI_LOCK(fd)
130 #  define FCGI_UNLOCK(fd)
131 # endif
132 
133 #endif
134 
135 #include "fastcgi.h"
136 
137 typedef struct _fcgi_header {
138 	unsigned char version;
139 	unsigned char type;
140 	unsigned char requestIdB1;
141 	unsigned char requestIdB0;
142 	unsigned char contentLengthB1;
143 	unsigned char contentLengthB0;
144 	unsigned char paddingLength;
145 	unsigned char reserved;
146 } fcgi_header;
147 
148 typedef struct _fcgi_begin_request {
149 	unsigned char roleB1;
150 	unsigned char roleB0;
151 	unsigned char flags;
152 	unsigned char reserved[5];
153 } fcgi_begin_request;
154 
155 typedef struct _fcgi_begin_request_rec {
156 	fcgi_header hdr;
157 	fcgi_begin_request body;
158 } fcgi_begin_request_rec;
159 
160 typedef struct _fcgi_end_request {
161     unsigned char appStatusB3;
162     unsigned char appStatusB2;
163     unsigned char appStatusB1;
164     unsigned char appStatusB0;
165     unsigned char protocolStatus;
166     unsigned char reserved[3];
167 } fcgi_end_request;
168 
169 typedef struct _fcgi_end_request_rec {
170 	fcgi_header hdr;
171 	fcgi_end_request body;
172 } fcgi_end_request_rec;
173 
174 typedef struct _fcgi_hash_bucket {
175 	unsigned int              hash_value;
176 	unsigned int              var_len;
177 	char                     *var;
178 	unsigned int              val_len;
179 	char                     *val;
180 	struct _fcgi_hash_bucket *next;
181 	struct _fcgi_hash_bucket *list_next;
182 } fcgi_hash_bucket;
183 
184 typedef struct _fcgi_hash_buckets {
185 	unsigned int	           idx;
186 	struct _fcgi_hash_buckets *next;
187 	struct _fcgi_hash_bucket   data[FCGI_HASH_TABLE_SIZE];
188 } fcgi_hash_buckets;
189 
190 typedef struct _fcgi_data_seg {
191 	char                  *pos;
192 	char                  *end;
193 	struct _fcgi_data_seg *next;
194 	char                   data[1];
195 } fcgi_data_seg;
196 
197 typedef struct _fcgi_hash {
198 	fcgi_hash_bucket  *hash_table[FCGI_HASH_TABLE_SIZE];
199 	fcgi_hash_bucket  *list;
200 	fcgi_hash_buckets *buckets;
201 	fcgi_data_seg     *data;
202 } fcgi_hash;
203 
204 typedef struct _fcgi_req_hook 	fcgi_req_hook;
205 
206 struct _fcgi_req_hook {
207 	void(*on_accept)();
208 	void(*on_read)();
209 	void(*on_close)();
210 };
211 
212 struct _fcgi_request {
213 	int            listen_socket;
214 	int            tcp;
215 	int            fd;
216 	int            id;
217 	int            keep;
218 #ifdef TCP_NODELAY
219 	int            nodelay;
220 #endif
221 	int            ended;
222 	int            in_len;
223 	int            in_pad;
224 
225 	fcgi_header   *out_hdr;
226 
227 	unsigned char *out_pos;
228 	unsigned char  out_buf[1024*8];
229 	unsigned char  reserved[sizeof(fcgi_end_request_rec)];
230 
231 	fcgi_req_hook  hook;
232 
233 	int            has_env;
234 	fcgi_hash      env;
235 };
236 
237 /* maybe it's better to use weak name instead */
238 #ifndef HAVE_ATTRIBUTE_WEAK
239 static fcgi_logger fcgi_log;
240 #endif
241 
242 typedef union _sa_t {
243 	struct sockaddr     sa;
244 	struct sockaddr_un  sa_unix;
245 	struct sockaddr_in  sa_inet;
246 	struct sockaddr_in6 sa_inet6;
247 } sa_t;
248 
249 static HashTable fcgi_mgmt_vars;
250 
251 static int is_initialized = 0;
252 static int is_fastcgi = 0;
253 static int in_shutdown = 0;
254 static sa_t *allowed_clients = NULL;
255 static sa_t client_sa;
256 
257 /* hash table */
fcgi_hash_init(fcgi_hash * h)258 static void fcgi_hash_init(fcgi_hash *h)
259 {
260 	memset(h->hash_table, 0, sizeof(h->hash_table));
261 	h->list = NULL;
262 	h->buckets = (fcgi_hash_buckets*)malloc(sizeof(fcgi_hash_buckets));
263 	h->buckets->idx = 0;
264 	h->buckets->next = NULL;
265 	h->data = (fcgi_data_seg*)malloc(sizeof(fcgi_data_seg) - 1 + FCGI_HASH_SEG_SIZE);
266 	h->data->pos = h->data->data;
267 	h->data->end = h->data->pos + FCGI_HASH_SEG_SIZE;
268 	h->data->next = NULL;
269 }
270 
fcgi_hash_destroy(fcgi_hash * h)271 static void fcgi_hash_destroy(fcgi_hash *h)
272 {
273 	fcgi_hash_buckets *b;
274 	fcgi_data_seg *p;
275 
276 	b = h->buckets;
277 	while (b) {
278 		fcgi_hash_buckets *q = b;
279 		b = b->next;
280 		free(q);
281 	}
282 	p = h->data;
283 	while (p) {
284 		fcgi_data_seg *q = p;
285 		p = p->next;
286 		free(q);
287 	}
288 }
289 
fcgi_hash_clean(fcgi_hash * h)290 static void fcgi_hash_clean(fcgi_hash *h)
291 {
292 	memset(h->hash_table, 0, sizeof(h->hash_table));
293 	h->list = NULL;
294 	/* delete all bucket blocks except the first one */
295 	while (h->buckets->next) {
296 		fcgi_hash_buckets *q = h->buckets;
297 
298 		h->buckets = h->buckets->next;
299 		free(q);
300 	}
301 	h->buckets->idx = 0;
302 	/* delete all data segments except the first one */
303 	while (h->data->next) {
304 		fcgi_data_seg *q = h->data;
305 
306 		h->data = h->data->next;
307 		free(q);
308 	}
309 	h->data->pos = h->data->data;
310 }
311 
fcgi_hash_strndup(fcgi_hash * h,char * str,unsigned int str_len)312 static inline char* fcgi_hash_strndup(fcgi_hash *h, char *str, unsigned int str_len)
313 {
314 	char *ret;
315 
316 	if (UNEXPECTED(h->data->pos + str_len + 1 >= h->data->end)) {
317 		unsigned int seg_size = (str_len + 1 > FCGI_HASH_SEG_SIZE) ? str_len + 1 : FCGI_HASH_SEG_SIZE;
318 		fcgi_data_seg *p = (fcgi_data_seg*)malloc(sizeof(fcgi_data_seg) - 1 + seg_size);
319 
320 		p->pos = p->data;
321 		p->end = p->pos + seg_size;
322 		p->next = h->data;
323 		h->data = p;
324 	}
325 	ret = h->data->pos;
326 	memcpy(ret, str, str_len);
327 	ret[str_len] = 0;
328 	h->data->pos += str_len + 1;
329 	return ret;
330 }
331 
fcgi_hash_set(fcgi_hash * h,unsigned int hash_value,char * var,unsigned int var_len,char * val,unsigned int val_len)332 static char* fcgi_hash_set(fcgi_hash *h, unsigned int hash_value, char *var, unsigned int var_len, char *val, unsigned int val_len)
333 {
334 	unsigned int      idx = hash_value & FCGI_HASH_TABLE_MASK;
335 	fcgi_hash_bucket *p = h->hash_table[idx];
336 
337 	while (UNEXPECTED(p != NULL)) {
338 		if (UNEXPECTED(p->hash_value == hash_value) &&
339 		    p->var_len == var_len &&
340 		    memcmp(p->var, var, var_len) == 0) {
341 
342 			p->val_len = val_len;
343 			p->val = fcgi_hash_strndup(h, val, val_len);
344 			return p->val;
345 		}
346 		p = p->next;
347 	}
348 
349 	if (UNEXPECTED(h->buckets->idx >= FCGI_HASH_TABLE_SIZE)) {
350 		fcgi_hash_buckets *b = (fcgi_hash_buckets*)malloc(sizeof(fcgi_hash_buckets));
351 		b->idx = 0;
352 		b->next = h->buckets;
353 		h->buckets = b;
354 	}
355 	p = h->buckets->data + h->buckets->idx;
356 	h->buckets->idx++;
357 	p->next = h->hash_table[idx];
358 	h->hash_table[idx] = p;
359 	p->list_next = h->list;
360 	h->list = p;
361 	p->hash_value = hash_value;
362 	p->var_len = var_len;
363 	p->var = fcgi_hash_strndup(h, var, var_len);
364 	p->val_len = val_len;
365 	p->val = fcgi_hash_strndup(h, val, val_len);
366 	return p->val;
367 }
368 
fcgi_hash_del(fcgi_hash * h,unsigned int hash_value,char * var,unsigned int var_len)369 static void fcgi_hash_del(fcgi_hash *h, unsigned int hash_value, char *var, unsigned int var_len)
370 {
371 	unsigned int      idx = hash_value & FCGI_HASH_TABLE_MASK;
372 	fcgi_hash_bucket **p = &h->hash_table[idx];
373 
374 	while (*p != NULL) {
375 		if ((*p)->hash_value == hash_value &&
376 		    (*p)->var_len == var_len &&
377 		    memcmp((*p)->var, var, var_len) == 0) {
378 
379 		    (*p)->val = NULL; /* NULL value means deleted */
380 		    (*p)->val_len = 0;
381 			*p = (*p)->next;
382 		    return;
383 		}
384 		p = &(*p)->next;
385 	}
386 }
387 
fcgi_hash_get(fcgi_hash * h,unsigned int hash_value,char * var,unsigned int var_len,unsigned int * val_len)388 static char *fcgi_hash_get(fcgi_hash *h, unsigned int hash_value, char *var, unsigned int var_len, unsigned int *val_len)
389 {
390 	unsigned int      idx = hash_value & FCGI_HASH_TABLE_MASK;
391 	fcgi_hash_bucket *p = h->hash_table[idx];
392 
393 	while (p != NULL) {
394 		if (p->hash_value == hash_value &&
395 		    p->var_len == var_len &&
396 		    memcmp(p->var, var, var_len) == 0) {
397 		    *val_len = p->val_len;
398 		    return p->val;
399 		}
400 		p = p->next;
401 	}
402 	return NULL;
403 }
404 
fcgi_hash_apply(fcgi_hash * h,fcgi_apply_func func,void * arg)405 static void fcgi_hash_apply(fcgi_hash *h, fcgi_apply_func func, void *arg)
406 {
407 	fcgi_hash_bucket *p	= h->list;
408 
409 	while (p) {
410 		if (EXPECTED(p->val != NULL)) {
411 			func(p->var, p->var_len, p->val, p->val_len, arg);
412 		}
413 		p = p->list_next;
414 	}
415 }
416 
417 #ifdef _WIN32
418 
fcgi_shutdown_thread(LPVOID arg)419 static DWORD WINAPI fcgi_shutdown_thread(LPVOID arg)
420 {
421 	HANDLE shutdown_event = (HANDLE) arg;
422 	WaitForSingleObject(shutdown_event, INFINITE);
423 	in_shutdown = 1;
424 	return 0;
425 }
426 
427 #else
428 
fcgi_signal_handler(int signo)429 static void fcgi_signal_handler(int signo)
430 {
431 	if (signo == SIGUSR1 || signo == SIGTERM) {
432 		in_shutdown = 1;
433 	}
434 }
435 
fcgi_setup_signals(void)436 static void fcgi_setup_signals(void)
437 {
438 	struct sigaction new_sa, old_sa;
439 
440 	sigemptyset(&new_sa.sa_mask);
441 	new_sa.sa_flags = 0;
442 	new_sa.sa_handler = fcgi_signal_handler;
443 	sigaction(SIGUSR1, &new_sa, NULL);
444 	sigaction(SIGTERM, &new_sa, NULL);
445 	sigaction(SIGPIPE, NULL, &old_sa);
446 	if (old_sa.sa_handler == SIG_DFL) {
447 		sigaction(SIGPIPE, &new_sa, NULL);
448 	}
449 }
450 #endif
451 
fcgi_set_in_shutdown(int new_value)452 void fcgi_set_in_shutdown(int new_value)
453 {
454 	in_shutdown = new_value;
455 }
456 
fcgi_in_shutdown(void)457 int fcgi_in_shutdown(void)
458 {
459 	return in_shutdown;
460 }
461 
fcgi_terminate(void)462 void fcgi_terminate(void)
463 {
464 	in_shutdown = 1;
465 }
466 
fcgi_request_set_keep(fcgi_request * req,int new_value)467 void fcgi_request_set_keep(fcgi_request *req, int new_value)
468 {
469 	req->keep = new_value;
470 }
471 
472 #ifndef HAVE_ATTRIBUTE_WEAK
fcgi_set_logger(fcgi_logger lg)473 void fcgi_set_logger(fcgi_logger lg) {
474 	fcgi_log = lg;
475 }
476 #else
fcgi_log(int type,const char * format,...)477 void __attribute__((weak)) fcgi_log(int type, const char *format, ...) {
478 	va_list ap;
479 
480 	va_start(ap, format);
481 	vfprintf(stderr, format, ap);
482 	va_end(ap);
483 }
484 #endif
485 
fcgi_init(void)486 int fcgi_init(void)
487 {
488 	if (!is_initialized) {
489 #ifndef _WIN32
490 		sa_t sa;
491 		socklen_t len = sizeof(sa);
492 #endif
493 		zend_hash_init(&fcgi_mgmt_vars, 8, NULL, fcgi_free_mgmt_var_cb, 1);
494 		fcgi_set_mgmt_var("FCGI_MPXS_CONNS", sizeof("FCGI_MPXS_CONNS")-1, "0", sizeof("0")-1);
495 
496 		is_initialized = 1;
497 #ifdef _WIN32
498 # if 0
499 		/* TODO: Support for TCP sockets */
500 		WSADATA wsaData;
501 
502 		if (WSAStartup(MAKEWORD(2,0), &wsaData)) {
503 			fprintf(stderr, "Error starting Windows Sockets.  Error: %d", WSAGetLastError());
504 			return 0;
505 		}
506 # endif
507 		if ((GetStdHandle(STD_OUTPUT_HANDLE) == INVALID_HANDLE_VALUE) &&
508 		    (GetStdHandle(STD_ERROR_HANDLE)  == INVALID_HANDLE_VALUE) &&
509 		    (GetStdHandle(STD_INPUT_HANDLE)  != INVALID_HANDLE_VALUE)) {
510 			char *str;
511 			DWORD pipe_mode = PIPE_READMODE_BYTE | PIPE_WAIT;
512 			HANDLE pipe = GetStdHandle(STD_INPUT_HANDLE);
513 
514 			SetNamedPipeHandleState(pipe, &pipe_mode, NULL, NULL);
515 
516 			str = getenv("_FCGI_SHUTDOWN_EVENT_");
517 			if (str != NULL) {
518 				zend_long ev;
519 				HANDLE shutdown_event;
520 
521 				ZEND_ATOL(ev, str);
522 				shutdown_event = (HANDLE) ev;
523 				if (!CreateThread(NULL, 0, fcgi_shutdown_thread,
524 				                  shutdown_event, 0, NULL)) {
525 					return -1;
526 				}
527 			}
528 			str = getenv("_FCGI_MUTEX_");
529 			if (str != NULL) {
530 				zend_long mt;
531 				ZEND_ATOL(mt, str);
532 				fcgi_accept_mutex = (HANDLE) mt;
533 			}
534 			return is_fastcgi = 1;
535 		} else {
536 			return is_fastcgi = 0;
537 		}
538 #else
539 		errno = 0;
540 		if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) {
541 			fcgi_setup_signals();
542 			return is_fastcgi = 1;
543 		} else {
544 			return is_fastcgi = 0;
545 		}
546 #endif
547 	}
548 	return is_fastcgi;
549 }
550 
551 
fcgi_is_fastcgi(void)552 int fcgi_is_fastcgi(void)
553 {
554 	if (!is_initialized) {
555 		return fcgi_init();
556 	} else {
557 		return is_fastcgi;
558 	}
559 }
560 
fcgi_shutdown(void)561 void fcgi_shutdown(void)
562 {
563 	if (is_initialized) {
564 		zend_hash_destroy(&fcgi_mgmt_vars);
565 	}
566 	is_fastcgi = 0;
567 	if (allowed_clients) {
568 		free(allowed_clients);
569 	}
570 }
571 
572 #ifdef _WIN32
573 /* Do some black magic with the NT security API.
574  * We prepare a DACL (Discretionary Access Control List) so that
575  * we, the creator, are allowed all access, while "Everyone Else"
576  * is only allowed to read and write to the pipe.
577  * This avoids security issues on shared hosts where a luser messes
578  * with the lower-level pipe settings and screws up the FastCGI service.
579  */
prepare_named_pipe_acl(PSECURITY_DESCRIPTOR sd,LPSECURITY_ATTRIBUTES sa)580 static PACL prepare_named_pipe_acl(PSECURITY_DESCRIPTOR sd, LPSECURITY_ATTRIBUTES sa)
581 {
582 	DWORD req_acl_size;
583 	char everyone_buf[32], owner_buf[32];
584 	PSID sid_everyone, sid_owner;
585 	SID_IDENTIFIER_AUTHORITY
586 		siaWorld = SECURITY_WORLD_SID_AUTHORITY,
587 		siaCreator = SECURITY_CREATOR_SID_AUTHORITY;
588 	PACL acl;
589 
590 	sid_everyone = (PSID)&everyone_buf;
591 	sid_owner = (PSID)&owner_buf;
592 
593 	req_acl_size = sizeof(ACL) +
594 		(2 * ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetSidLengthRequired(1)));
595 
596 	acl = malloc(req_acl_size);
597 
598 	if (acl == NULL) {
599 		return NULL;
600 	}
601 
602 	if (!InitializeSid(sid_everyone, &siaWorld, 1)) {
603 		goto out_fail;
604 	}
605 	*GetSidSubAuthority(sid_everyone, 0) = SECURITY_WORLD_RID;
606 
607 	if (!InitializeSid(sid_owner, &siaCreator, 1)) {
608 		goto out_fail;
609 	}
610 	*GetSidSubAuthority(sid_owner, 0) = SECURITY_CREATOR_OWNER_RID;
611 
612 	if (!InitializeAcl(acl, req_acl_size, ACL_REVISION)) {
613 		goto out_fail;
614 	}
615 
616 	if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_GENERIC_READ | FILE_GENERIC_WRITE, sid_everyone)) {
617 		goto out_fail;
618 	}
619 
620 	if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_ALL_ACCESS, sid_owner)) {
621 		goto out_fail;
622 	}
623 
624 	if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) {
625 		goto out_fail;
626 	}
627 
628 	if (!SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)) {
629 		goto out_fail;
630 	}
631 
632 	sa->lpSecurityDescriptor = sd;
633 
634 	return acl;
635 
636 out_fail:
637 	free(acl);
638 	return NULL;
639 }
640 #endif
641 
is_port_number(const char * bindpath)642 static int is_port_number(const char *bindpath)
643 {
644 	while (*bindpath) {
645 		if (*bindpath < '0' || *bindpath > '9') {
646 			return 0;
647 		}
648 		bindpath++;
649 	}
650 	return 1;
651 }
652 
fcgi_listen(const char * path,int backlog)653 int fcgi_listen(const char *path, int backlog)
654 {
655 	char     *s;
656 	int       tcp = 0;
657 	char      host[MAXPATHLEN];
658 	short     port = 0;
659 	int       listen_socket;
660 	sa_t      sa;
661 	socklen_t sock_len;
662 #ifdef SO_REUSEADDR
663 # ifdef _WIN32
664 	BOOL reuse = 1;
665 # else
666 	int reuse = 1;
667 # endif
668 #endif
669 
670 	if ((s = strchr(path, ':'))) {
671 		port = atoi(s+1);
672 		if (port != 0 && (s-path) < MAXPATHLEN) {
673 			strncpy(host, path, s-path);
674 			host[s-path] = '\0';
675 			tcp = 1;
676 		}
677 	} else if (is_port_number(path)) {
678 		port = atoi(path);
679 		if (port != 0) {
680 			host[0] = '\0';
681 			tcp = 1;
682 		}
683 	}
684 
685 	/* Prepare socket address */
686 	if (tcp) {
687 		memset(&sa.sa_inet, 0, sizeof(sa.sa_inet));
688 		sa.sa_inet.sin_family = AF_INET;
689 		sa.sa_inet.sin_port = htons(port);
690 		sock_len = sizeof(sa.sa_inet);
691 
692 		if (!*host || !strncmp(host, "*", sizeof("*")-1)) {
693 			sa.sa_inet.sin_addr.s_addr = htonl(INADDR_ANY);
694 		} else {
695 			sa.sa_inet.sin_addr.s_addr = inet_addr(host);
696 			if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
697 				struct hostent *hep;
698 
699 				if(strlen(host) > MAXFQDNLEN) {
700 					hep = NULL;
701 				} else {
702 					hep = php_network_gethostbyname(host);
703 				}
704 				if (!hep || hep->h_addrtype != AF_INET || !hep->h_addr_list[0]) {
705 					fcgi_log(FCGI_ERROR, "Cannot resolve host name '%s'!\n", host);
706 					return -1;
707 				} else if (hep->h_addr_list[1]) {
708 					fcgi_log(FCGI_ERROR, "Host '%s' has multiple addresses. You must choose one explicitly!\n", host);
709 					return -1;
710 				}
711 				sa.sa_inet.sin_addr.s_addr = ((struct in_addr*)hep->h_addr_list[0])->s_addr;
712 			}
713 		}
714 	} else {
715 #ifdef _WIN32
716 		SECURITY_DESCRIPTOR  sd;
717 		SECURITY_ATTRIBUTES  saw;
718 		PACL                 acl;
719 		HANDLE namedPipe;
720 
721 		memset(&sa, 0, sizeof(saw));
722 		saw.nLength = sizeof(saw);
723 		saw.bInheritHandle = FALSE;
724 		acl = prepare_named_pipe_acl(&sd, &saw);
725 
726 		namedPipe = CreateNamedPipe(path,
727 			PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
728 			PIPE_TYPE_BYTE | PIPE_WAIT | PIPE_READMODE_BYTE,
729 			PIPE_UNLIMITED_INSTANCES,
730 			8192, 8192, 0, &saw);
731 		if (namedPipe == INVALID_HANDLE_VALUE) {
732 			return -1;
733 		}
734 		listen_socket = _open_osfhandle((intptr_t)namedPipe, 0);
735 		if (!is_initialized) {
736 			fcgi_init();
737 		}
738 		is_fastcgi = 1;
739 		return listen_socket;
740 
741 #else
742 		int path_len = strlen(path);
743 
744 		if (path_len >= (int)sizeof(sa.sa_unix.sun_path)) {
745 			fcgi_log(FCGI_ERROR, "Listening socket's path name is too long.\n");
746 			return -1;
747 		}
748 
749 		memset(&sa.sa_unix, 0, sizeof(sa.sa_unix));
750 		sa.sa_unix.sun_family = AF_UNIX;
751 		memcpy(sa.sa_unix.sun_path, path, path_len + 1);
752 		sock_len = (size_t)(((struct sockaddr_un *)0)->sun_path)	+ path_len;
753 #ifdef HAVE_SOCKADDR_UN_SUN_LEN
754 		sa.sa_unix.sun_len = sock_len;
755 #endif
756 		unlink(path);
757 #endif
758 	}
759 
760 	/* Create, bind socket and start listen on it */
761 	if ((listen_socket = socket(sa.sa.sa_family, SOCK_STREAM, 0)) < 0 ||
762 #ifdef SO_REUSEADDR
763 	    setsockopt(listen_socket, SOL_SOCKET, SO_REUSEADDR, (char*)&reuse, sizeof(reuse)) < 0 ||
764 #endif
765 	    bind(listen_socket, (struct sockaddr *) &sa, sock_len) < 0 ||
766 	    listen(listen_socket, backlog) < 0) {
767 		close(listen_socket);
768 		fcgi_log(FCGI_ERROR, "Cannot bind/listen socket - [%d] %s.\n",errno, strerror(errno));
769 		return -1;
770 	}
771 
772 	if (!tcp) {
773 		chmod(path, 0777);
774 	} else {
775 		char *ip = getenv("FCGI_WEB_SERVER_ADDRS");
776 		char *cur, *end;
777 		int n;
778 
779 		if (ip) {
780 			ip = strdup(ip);
781 			cur = ip;
782 			n = 0;
783 			while (*cur) {
784 				if (*cur == ',') n++;
785 				cur++;
786 			}
787 			allowed_clients = malloc(sizeof(sa_t) * (n+2));
788 			n = 0;
789 			cur = ip;
790 			while (cur) {
791 				end = strchr(cur, ',');
792 				if (end) {
793 					*end = 0;
794 					end++;
795 				}
796 				if (inet_pton(AF_INET, cur, &allowed_clients[n].sa_inet.sin_addr)>0) {
797 					allowed_clients[n].sa.sa_family = AF_INET;
798 					n++;
799 #ifdef HAVE_IPV6
800 				} else if (inet_pton(AF_INET6, cur, &allowed_clients[n].sa_inet6.sin6_addr)>0) {
801 					allowed_clients[n].sa.sa_family = AF_INET6;
802 					n++;
803 #endif
804 				} else {
805 					fcgi_log(FCGI_ERROR, "Wrong IP address '%s' in listen.allowed_clients", cur);
806 				}
807 				cur = end;
808 			}
809 			allowed_clients[n].sa.sa_family = 0;
810 			free(ip);
811 			if (!n) {
812 				fcgi_log(FCGI_ERROR, "There are no allowed addresses");
813 				/* don't clear allowed_clients as it will create an "open for all" security issue */
814 			}
815 		}
816 	}
817 
818 	if (!is_initialized) {
819 		fcgi_init();
820 	}
821 	is_fastcgi = 1;
822 
823 #ifdef _WIN32
824 	if (tcp) {
825 		listen_socket = _open_osfhandle((intptr_t)listen_socket, 0);
826 	}
827 #else
828 	fcgi_setup_signals();
829 #endif
830 	return listen_socket;
831 }
832 
fcgi_set_allowed_clients(char * ip)833 void fcgi_set_allowed_clients(char *ip)
834 {
835 	char *cur, *end;
836 	int n;
837 
838 	if (ip) {
839 		ip = strdup(ip);
840 		cur = ip;
841 		n = 0;
842 		while (*cur) {
843 			if (*cur == ',') n++;
844 			cur++;
845 		}
846 		if (allowed_clients) free(allowed_clients);
847 		allowed_clients = malloc(sizeof(sa_t) * (n+2));
848 		n = 0;
849 		cur = ip;
850 		while (cur) {
851 			end = strchr(cur, ',');
852 			if (end) {
853 				*end = 0;
854 				end++;
855 			}
856 			if (inet_pton(AF_INET, cur, &allowed_clients[n].sa_inet.sin_addr)>0) {
857 				allowed_clients[n].sa.sa_family = AF_INET;
858 				n++;
859 #ifdef HAVE_IPV6
860 			} else if (inet_pton(AF_INET6, cur, &allowed_clients[n].sa_inet6.sin6_addr)>0) {
861 				allowed_clients[n].sa.sa_family = AF_INET6;
862 				n++;
863 #endif
864 			} else {
865 				fcgi_log(FCGI_ERROR, "Wrong IP address '%s' in listen.allowed_clients", cur);
866 			}
867 			cur = end;
868 		}
869 		allowed_clients[n].sa.sa_family = 0;
870 		free(ip);
871 		if (!n) {
872 			fcgi_log(FCGI_ERROR, "There are no allowed addresses");
873 			/* don't clear allowed_clients as it will create an "open for all" security issue */
874 		}
875 	}
876 }
877 
fcgi_hook_dummy()878 static void fcgi_hook_dummy() {
879 	return;
880 }
881 
fcgi_init_request(int listen_socket,void (* on_accept)(),void (* on_read)(),void (* on_close)())882 fcgi_request *fcgi_init_request(int listen_socket, void(*on_accept)(), void(*on_read)(), void(*on_close)())
883 {
884 	fcgi_request *req = calloc(1, sizeof(fcgi_request));
885 	req->listen_socket = listen_socket;
886 	req->fd = -1;
887 	req->id = -1;
888 
889 	/*
890 	req->in_len = 0;
891 	req->in_pad = 0;
892 
893 	req->out_hdr = NULL;
894 
895 #ifdef TCP_NODELAY
896 	req->nodelay = 0;
897 #endif
898 
899 	req->env = NULL;
900 	req->has_env = 0;
901 
902 	*/
903 	req->out_pos = req->out_buf;
904 	req->hook.on_accept = on_accept ? on_accept : fcgi_hook_dummy;
905 	req->hook.on_read = on_read ? on_read : fcgi_hook_dummy;
906 	req->hook.on_close = on_close ? on_close : fcgi_hook_dummy;
907 
908 #ifdef _WIN32
909 	req->tcp = !GetNamedPipeInfo((HANDLE)_get_osfhandle(req->listen_socket), NULL, NULL, NULL, NULL);
910 #endif
911 
912 	fcgi_hash_init(&req->env);
913 
914 	return req;
915 }
916 
fcgi_destroy_request(fcgi_request * req)917 void fcgi_destroy_request(fcgi_request *req) {
918 	fcgi_hash_destroy(&req->env);
919 	free(req);
920 }
921 
safe_write(fcgi_request * req,const void * buf,size_t count)922 static inline ssize_t safe_write(fcgi_request *req, const void *buf, size_t count)
923 {
924 	int    ret;
925 	size_t n = 0;
926 
927 	do {
928 #ifdef _WIN32
929 		size_t tmp;
930 #endif
931 		errno = 0;
932 #ifdef _WIN32
933 		tmp = count - n;
934 
935 		if (!req->tcp) {
936 			unsigned int out_len = tmp > UINT_MAX ? UINT_MAX : (unsigned int)tmp;
937 
938 			ret = write(req->fd, ((char*)buf)+n, out_len);
939 		} else {
940 			int out_len = tmp > INT_MAX ? INT_MAX : (int)tmp;
941 
942 			ret = send(req->fd, ((char*)buf)+n, out_len, 0);
943 			if (ret <= 0) {
944 				errno = WSAGetLastError();
945 			}
946 		}
947 #else
948 		ret = write(req->fd, ((char*)buf)+n, count-n);
949 #endif
950 		if (ret > 0) {
951 			n += ret;
952 		} else if (ret <= 0 && errno != 0 && errno != EINTR) {
953 			return ret;
954 		}
955 	} while (n != count);
956 	return n;
957 }
958 
safe_read(fcgi_request * req,const void * buf,size_t count)959 static inline ssize_t safe_read(fcgi_request *req, const void *buf, size_t count)
960 {
961 	int    ret;
962 	size_t n = 0;
963 
964 	do {
965 #ifdef _WIN32
966 		size_t tmp;
967 #endif
968 		errno = 0;
969 #ifdef _WIN32
970 		tmp = count - n;
971 
972 		if (!req->tcp) {
973 			unsigned int in_len = tmp > UINT_MAX ? UINT_MAX : (unsigned int)tmp;
974 
975 			ret = read(req->fd, ((char*)buf)+n, in_len);
976 		} else {
977 			int in_len = tmp > INT_MAX ? INT_MAX : (int)tmp;
978 
979 			ret = recv(req->fd, ((char*)buf)+n, in_len, 0);
980 			if (ret <= 0) {
981 				errno = WSAGetLastError();
982 			}
983 		}
984 #else
985 		ret = read(req->fd, ((char*)buf)+n, count-n);
986 #endif
987 		if (ret > 0) {
988 			n += ret;
989 		} else if (ret == 0 && errno == 0) {
990 			return n;
991 		} else if (ret <= 0 && errno != 0 && errno != EINTR) {
992 			return ret;
993 		}
994 	} while (n != count);
995 	return n;
996 }
997 
fcgi_make_header(fcgi_header * hdr,fcgi_request_type type,int req_id,int len)998 static inline int fcgi_make_header(fcgi_header *hdr, fcgi_request_type type, int req_id, int len)
999 {
1000 	int pad = ((len + 7) & ~7) - len;
1001 
1002 	hdr->contentLengthB0 = (unsigned char)(len & 0xff);
1003 	hdr->contentLengthB1 = (unsigned char)((len >> 8) & 0xff);
1004 	hdr->paddingLength = (unsigned char)pad;
1005 	hdr->requestIdB0 = (unsigned char)(req_id & 0xff);
1006 	hdr->requestIdB1 = (unsigned char)((req_id >> 8) & 0xff);
1007 	hdr->reserved = 0;
1008 	hdr->type = type;
1009 	hdr->version = FCGI_VERSION_1;
1010 	if (pad) {
1011 		memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad);
1012 	}
1013 	return pad;
1014 }
1015 
fcgi_get_params(fcgi_request * req,unsigned char * p,unsigned char * end)1016 static int fcgi_get_params(fcgi_request *req, unsigned char *p, unsigned char *end)
1017 {
1018 	unsigned int name_len, val_len;
1019 
1020 	while (p < end) {
1021 		name_len = *p++;
1022 		if (UNEXPECTED(name_len >= 128)) {
1023 			if (UNEXPECTED(p + 3 >= end)) return 0;
1024 			name_len = ((name_len & 0x7f) << 24);
1025 			name_len |= (*p++ << 16);
1026 			name_len |= (*p++ << 8);
1027 			name_len |= *p++;
1028 		}
1029 		if (UNEXPECTED(p >= end)) return 0;
1030 		val_len = *p++;
1031 		if (UNEXPECTED(val_len >= 128)) {
1032 			if (UNEXPECTED(p + 3 >= end)) return 0;
1033 			val_len = ((val_len & 0x7f) << 24);
1034 			val_len |= (*p++ << 16);
1035 			val_len |= (*p++ << 8);
1036 			val_len |= *p++;
1037 		}
1038 		if (UNEXPECTED(name_len + val_len > (unsigned int) (end - p))) {
1039 			/* Malformated request */
1040 			return 0;
1041 		}
1042 		fcgi_hash_set(&req->env, FCGI_HASH_FUNC(p, name_len), (char*)p, name_len, (char*)p + name_len, val_len);
1043 		p += name_len + val_len;
1044 	}
1045 	return 1;
1046 }
1047 
fcgi_read_request(fcgi_request * req)1048 static int fcgi_read_request(fcgi_request *req)
1049 {
1050 	fcgi_header hdr;
1051 	int len, padding;
1052 	unsigned char buf[FCGI_MAX_LENGTH+8];
1053 
1054 	req->keep = 0;
1055 	req->ended = 0;
1056 	req->in_len = 0;
1057 	req->out_hdr = NULL;
1058 	req->out_pos = req->out_buf;
1059 
1060 	if (req->has_env) {
1061 		fcgi_hash_clean(&req->env);
1062 	} else {
1063 		req->has_env = 1;
1064 	}
1065 
1066 	if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
1067 	    hdr.version < FCGI_VERSION_1) {
1068 		return 0;
1069 	}
1070 
1071 	len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
1072 	padding = hdr.paddingLength;
1073 
1074 	while (hdr.type == FCGI_STDIN && len == 0) {
1075 		if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
1076 		    hdr.version < FCGI_VERSION_1) {
1077 			return 0;
1078 		}
1079 
1080 		len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
1081 		padding = hdr.paddingLength;
1082 	}
1083 
1084 	if (len + padding > FCGI_MAX_LENGTH) {
1085 		return 0;
1086 	}
1087 
1088 	req->id = (hdr.requestIdB1 << 8) + hdr.requestIdB0;
1089 
1090 	if (hdr.type == FCGI_BEGIN_REQUEST && len == sizeof(fcgi_begin_request)) {
1091 		fcgi_begin_request *b;
1092 
1093 		if (safe_read(req, buf, len+padding) != len+padding) {
1094 			return 0;
1095 		}
1096 
1097 		b = (fcgi_begin_request*)buf;
1098 		req->keep = (b->flags & FCGI_KEEP_CONN);
1099 #ifdef TCP_NODELAY
1100 		if (req->keep && req->tcp && !req->nodelay) {
1101 # ifdef _WIN32
1102 			BOOL on = 1;
1103 # else
1104 			int on = 1;
1105 # endif
1106 
1107 			setsockopt(req->fd, IPPROTO_TCP, TCP_NODELAY, (char*)&on, sizeof(on));
1108 			req->nodelay = 1;
1109 		}
1110 #endif
1111 		switch ((b->roleB1 << 8) + b->roleB0) {
1112 			case FCGI_RESPONDER:
1113 				fcgi_hash_set(&req->env, FCGI_HASH_FUNC("FCGI_ROLE", sizeof("FCGI_ROLE")-1), "FCGI_ROLE", sizeof("FCGI_ROLE")-1, "RESPONDER", sizeof("RESPONDER")-1);
1114 				break;
1115 			case FCGI_AUTHORIZER:
1116 				fcgi_hash_set(&req->env, FCGI_HASH_FUNC("FCGI_ROLE", sizeof("FCGI_ROLE")-1), "FCGI_ROLE", sizeof("FCGI_ROLE")-1, "AUTHORIZER", sizeof("AUTHORIZER")-1);
1117 				break;
1118 			case FCGI_FILTER:
1119 				fcgi_hash_set(&req->env, FCGI_HASH_FUNC("FCGI_ROLE", sizeof("FCGI_ROLE")-1), "FCGI_ROLE", sizeof("FCGI_ROLE")-1, "FILTER", sizeof("FILTER")-1);
1120 				break;
1121 			default:
1122 				return 0;
1123 		}
1124 
1125 		if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
1126 		    hdr.version < FCGI_VERSION_1) {
1127 			return 0;
1128 		}
1129 
1130 		len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
1131 		padding = hdr.paddingLength;
1132 
1133 		while (hdr.type == FCGI_PARAMS && len > 0) {
1134 			if (len + padding > FCGI_MAX_LENGTH) {
1135 				return 0;
1136 			}
1137 
1138 			if (safe_read(req, buf, len+padding) != len+padding) {
1139 				req->keep = 0;
1140 				return 0;
1141 			}
1142 
1143 			if (!fcgi_get_params(req, buf, buf+len)) {
1144 				req->keep = 0;
1145 				return 0;
1146 			}
1147 
1148 			if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
1149 			    hdr.version < FCGI_VERSION_1) {
1150 				req->keep = 0;
1151 				return 0;
1152 			}
1153 			len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
1154 			padding = hdr.paddingLength;
1155 		}
1156 	} else if (hdr.type == FCGI_GET_VALUES) {
1157 		unsigned char *p = buf + sizeof(fcgi_header);
1158 		zval *value;
1159 		unsigned int zlen;
1160 		fcgi_hash_bucket *q;
1161 
1162 		if (safe_read(req, buf, len+padding) != len+padding) {
1163 			req->keep = 0;
1164 			return 0;
1165 		}
1166 
1167 		if (!fcgi_get_params(req, buf, buf+len)) {
1168 			req->keep = 0;
1169 			return 0;
1170 		}
1171 
1172 		q = req->env.list;
1173 		while (q != NULL) {
1174 			if ((value = zend_hash_str_find(&fcgi_mgmt_vars, q->var, q->var_len)) == NULL) {
1175 				q = q->list_next;
1176 				continue;
1177 			}
1178 			zlen = (unsigned int)Z_STRLEN_P(value);
1179 			if ((p + 4 + 4 + q->var_len + zlen) >= (buf + sizeof(buf))) {
1180 				break;
1181 			}
1182 			if (q->var_len < 0x80) {
1183 				*p++ = q->var_len;
1184 			} else {
1185 				*p++ = ((q->var_len >> 24) & 0xff) | 0x80;
1186 				*p++ = (q->var_len >> 16) & 0xff;
1187 				*p++ = (q->var_len >> 8) & 0xff;
1188 				*p++ = q->var_len & 0xff;
1189 			}
1190 			if (zlen < 0x80) {
1191 				*p++ = zlen;
1192 			} else {
1193 				*p++ = ((zlen >> 24) & 0xff) | 0x80;
1194 				*p++ = (zlen >> 16) & 0xff;
1195 				*p++ = (zlen >> 8) & 0xff;
1196 				*p++ = zlen & 0xff;
1197 			}
1198 			memcpy(p, q->var, q->var_len);
1199 			p += q->var_len;
1200 			memcpy(p, Z_STRVAL_P(value), zlen);
1201 			p += zlen;
1202 			q = q->list_next;
1203 		}
1204 		len = (int)(p - buf - sizeof(fcgi_header));
1205 		len += fcgi_make_header((fcgi_header*)buf, FCGI_GET_VALUES_RESULT, 0, len);
1206 		if (safe_write(req, buf, sizeof(fcgi_header) + len) != (ssize_t)sizeof(fcgi_header)+len) {
1207 			req->keep = 0;
1208 			return 0;
1209 		}
1210 		return 0;
1211 	} else {
1212 		return 0;
1213 	}
1214 
1215 	return 1;
1216 }
1217 
fcgi_read(fcgi_request * req,char * str,int len)1218 int fcgi_read(fcgi_request *req, char *str, int len)
1219 {
1220 	int ret, n, rest;
1221 	fcgi_header hdr;
1222 	unsigned char buf[255];
1223 
1224 	n = 0;
1225 	rest = len;
1226 	while (rest > 0) {
1227 		if (req->in_len == 0) {
1228 			if (safe_read(req, &hdr, sizeof(fcgi_header)) != sizeof(fcgi_header) ||
1229 			    hdr.version < FCGI_VERSION_1 ||
1230 			    hdr.type != FCGI_STDIN) {
1231 				req->keep = 0;
1232 				return 0;
1233 			}
1234 			req->in_len = (hdr.contentLengthB1 << 8) | hdr.contentLengthB0;
1235 			req->in_pad = hdr.paddingLength;
1236 			if (req->in_len == 0) {
1237 				return n;
1238 			}
1239 		}
1240 
1241 		if (req->in_len >= rest) {
1242 			ret = (int)safe_read(req, str, rest);
1243 		} else {
1244 			ret = (int)safe_read(req, str, req->in_len);
1245 		}
1246 		if (ret < 0) {
1247 			req->keep = 0;
1248 			return ret;
1249 		} else if (ret > 0) {
1250 			req->in_len -= ret;
1251 			rest -= ret;
1252 			n += ret;
1253 			str += ret;
1254 			if (req->in_len == 0) {
1255 				if (req->in_pad) {
1256 					if (safe_read(req, buf, req->in_pad) != req->in_pad) {
1257 						req->keep = 0;
1258 						return ret;
1259 					}
1260 				}
1261 			} else {
1262 				return n;
1263 			}
1264 		} else {
1265 			return n;
1266 		}
1267 	}
1268 	return n;
1269 }
1270 
fcgi_close(fcgi_request * req,int force,int destroy)1271 void fcgi_close(fcgi_request *req, int force, int destroy)
1272 {
1273 	if (destroy && req->has_env) {
1274 		fcgi_hash_clean(&req->env);
1275 		req->has_env = 0;
1276 	}
1277 
1278 #ifdef _WIN32
1279 	if (is_impersonate && !req->tcp) {
1280 		RevertToSelf();
1281 	}
1282 #endif
1283 
1284 	if ((force || !req->keep) && req->fd >= 0) {
1285 #ifdef _WIN32
1286 		if (!req->tcp) {
1287 			HANDLE pipe = (HANDLE)_get_osfhandle(req->fd);
1288 
1289 			if (!force) {
1290 				FlushFileBuffers(pipe);
1291 			}
1292 			DisconnectNamedPipe(pipe);
1293 		} else {
1294 			if (!force) {
1295 				char buf[8];
1296 
1297 				shutdown(req->fd, 1);
1298 				/* read any remaining data, it may be omitted */
1299 				while (recv(req->fd, buf, sizeof(buf), 0) > 0) {}
1300 			}
1301 			closesocket(req->fd);
1302 		}
1303 #else
1304 		if (!force) {
1305 			char buf[8];
1306 
1307 			shutdown(req->fd, 1);
1308 			/* read any remaining data, it may be omitted */
1309 			while (recv(req->fd, buf, sizeof(buf), 0) > 0) {}
1310 		}
1311 		close(req->fd);
1312 #endif
1313 #ifdef TCP_NODELAY
1314 		req->nodelay = 0;
1315 #endif
1316 		req->fd = -1;
1317 
1318 		req->hook.on_close();
1319 	}
1320 }
1321 
fcgi_is_closed(fcgi_request * req)1322 int fcgi_is_closed(fcgi_request *req)
1323 {
1324 	return (req->fd < 0);
1325 }
1326 
fcgi_is_allowed()1327 static int fcgi_is_allowed() {
1328 	int i;
1329 
1330 	if (client_sa.sa.sa_family == AF_UNIX) {
1331 		return 1;
1332 	}
1333 	if (!allowed_clients) {
1334 		return 1;
1335 	}
1336 	if (client_sa.sa.sa_family == AF_INET) {
1337 		for (i = 0; allowed_clients[i].sa.sa_family ; i++) {
1338 			if (allowed_clients[i].sa.sa_family == AF_INET
1339 				&& !memcmp(&client_sa.sa_inet.sin_addr, &allowed_clients[i].sa_inet.sin_addr, 4)) {
1340 				return 1;
1341 			}
1342 		}
1343 	}
1344 #ifdef HAVE_IPV6
1345 	if (client_sa.sa.sa_family == AF_INET6) {
1346 		for (i = 0; allowed_clients[i].sa.sa_family ; i++) {
1347 			if (allowed_clients[i].sa.sa_family == AF_INET6
1348 				&& !memcmp(&client_sa.sa_inet6.sin6_addr, &allowed_clients[i].sa_inet6.sin6_addr, 12)) {
1349 				return 1;
1350 			}
1351 #ifdef IN6_IS_ADDR_V4MAPPED
1352 			if (allowed_clients[i].sa.sa_family == AF_INET
1353 			    && IN6_IS_ADDR_V4MAPPED(&client_sa.sa_inet6.sin6_addr)
1354 				&& !memcmp(((char *)&client_sa.sa_inet6.sin6_addr)+12, &allowed_clients[i].sa_inet.sin_addr, 4)) {
1355 				return 1;
1356 			}
1357 #endif
1358 		}
1359 	}
1360 #endif
1361 
1362 	return 0;
1363 }
1364 
fcgi_accept_request(fcgi_request * req)1365 int fcgi_accept_request(fcgi_request *req)
1366 {
1367 #ifdef _WIN32
1368 	HANDLE pipe;
1369 	OVERLAPPED ov;
1370 #endif
1371 
1372 	while (1) {
1373 		if (req->fd < 0) {
1374 			while (1) {
1375 				if (in_shutdown) {
1376 					return -1;
1377 				}
1378 
1379 				req->hook.on_accept();
1380 #ifdef _WIN32
1381 				if (!req->tcp) {
1382 					pipe = (HANDLE)_get_osfhandle(req->listen_socket);
1383 					FCGI_LOCK(req->listen_socket);
1384 					ov.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
1385 					if (!ConnectNamedPipe(pipe, &ov)) {
1386 						errno = GetLastError();
1387 						if (errno == ERROR_IO_PENDING) {
1388 							while (WaitForSingleObject(ov.hEvent, 1000) == WAIT_TIMEOUT) {
1389 								if (in_shutdown) {
1390 									CloseHandle(ov.hEvent);
1391 									FCGI_UNLOCK(req->listen_socket);
1392 									return -1;
1393 								}
1394 							}
1395 						} else if (errno != ERROR_PIPE_CONNECTED) {
1396 						}
1397 					}
1398 					CloseHandle(ov.hEvent);
1399 					req->fd = req->listen_socket;
1400 					FCGI_UNLOCK(req->listen_socket);
1401 				} else {
1402 					SOCKET listen_socket = (SOCKET)_get_osfhandle(req->listen_socket);
1403 #else
1404 				{
1405 					int listen_socket = req->listen_socket;
1406 #endif
1407 					sa_t sa;
1408 					socklen_t len = sizeof(sa);
1409 
1410 					FCGI_LOCK(req->listen_socket);
1411 					req->fd = accept(listen_socket, (struct sockaddr *)&sa, &len);
1412 					FCGI_UNLOCK(req->listen_socket);
1413 
1414 					client_sa = sa;
1415 					if (req->fd >= 0 && !fcgi_is_allowed()) {
1416 						fcgi_log(FCGI_ERROR, "Connection disallowed: IP address '%s' has been dropped.", fcgi_get_last_client_ip());
1417 						closesocket(req->fd);
1418 						req->fd = -1;
1419 						continue;
1420 					}
1421 				}
1422 
1423 #ifdef _WIN32
1424 				if (req->fd < 0 && (in_shutdown || errno != EINTR)) {
1425 #else
1426 				if (req->fd < 0 && (in_shutdown || (errno != EINTR && errno != ECONNABORTED))) {
1427 #endif
1428 					return -1;
1429 				}
1430 
1431 #ifdef _WIN32
1432 				break;
1433 #else
1434 				if (req->fd >= 0) {
1435 #if defined(HAVE_POLL)
1436 					struct pollfd fds;
1437 					int ret;
1438 
1439 					fds.fd = req->fd;
1440 					fds.events = POLLIN;
1441 					fds.revents = 0;
1442 					do {
1443 						errno = 0;
1444 						ret = poll(&fds, 1, 5000);
1445 					} while (ret < 0 && errno == EINTR);
1446 					if (ret > 0 && (fds.revents & POLLIN)) {
1447 						break;
1448 					}
1449 					fcgi_close(req, 1, 0);
1450 #else
1451 					if (req->fd < FD_SETSIZE) {
1452 						struct timeval tv = {5,0};
1453 						fd_set set;
1454 						int ret;
1455 
1456 						FD_ZERO(&set);
1457 						FD_SET(req->fd, &set);
1458 						do {
1459 							errno = 0;
1460 							ret = select(req->fd + 1, &set, NULL, NULL, &tv) >= 0;
1461 						} while (ret < 0 && errno == EINTR);
1462 						if (ret > 0 && FD_ISSET(req->fd, &set)) {
1463 							break;
1464 						}
1465 						fcgi_close(req, 1, 0);
1466 					} else {
1467 						fcgi_log(FCGI_ERROR, "Too many open file descriptors. FD_SETSIZE limit exceeded.");
1468 						fcgi_close(req, 1, 0);
1469 					}
1470 #endif
1471 				}
1472 #endif
1473 			}
1474 		} else if (in_shutdown) {
1475 			return -1;
1476 		}
1477 		req->hook.on_read();
1478 		if (fcgi_read_request(req)) {
1479 #ifdef _WIN32
1480 			if (is_impersonate && !req->tcp) {
1481 				pipe = (HANDLE)_get_osfhandle(req->fd);
1482 				if (!ImpersonateNamedPipeClient(pipe)) {
1483 					fcgi_close(req, 1, 1);
1484 					continue;
1485 				}
1486 			}
1487 #endif
1488 			return req->fd;
1489 		} else {
1490 			fcgi_close(req, 1, 1);
1491 		}
1492 	}
1493 }
1494 
1495 static inline fcgi_header* open_packet(fcgi_request *req, fcgi_request_type type)
1496 {
1497 	req->out_hdr = (fcgi_header*) req->out_pos;
1498 	req->out_hdr->type = type;
1499 	req->out_pos += sizeof(fcgi_header);
1500 	return req->out_hdr;
1501 }
1502 
1503 static inline void close_packet(fcgi_request *req)
1504 {
1505 	if (req->out_hdr) {
1506 		int len = (int)(req->out_pos - ((unsigned char*)req->out_hdr + sizeof(fcgi_header)));
1507 
1508 		req->out_pos += fcgi_make_header(req->out_hdr, (fcgi_request_type)req->out_hdr->type, req->id, len);
1509 		req->out_hdr = NULL;
1510 	}
1511 }
1512 
1513 int fcgi_flush(fcgi_request *req, int end)
1514 {
1515 	int len;
1516 
1517 	close_packet(req);
1518 
1519 	len = (int)(req->out_pos - req->out_buf);
1520 
1521 	if (end) {
1522 		fcgi_end_request_rec *rec = (fcgi_end_request_rec*)(req->out_pos);
1523 
1524 		fcgi_make_header(&rec->hdr, FCGI_END_REQUEST, req->id, sizeof(fcgi_end_request));
1525 		rec->body.appStatusB3 = 0;
1526 		rec->body.appStatusB2 = 0;
1527 		rec->body.appStatusB1 = 0;
1528 		rec->body.appStatusB0 = 0;
1529 		rec->body.protocolStatus = FCGI_REQUEST_COMPLETE;
1530 		len += sizeof(fcgi_end_request_rec);
1531 	}
1532 
1533 	if (safe_write(req, req->out_buf, len) != len) {
1534 		req->keep = 0;
1535 		req->out_pos = req->out_buf;
1536 		return 0;
1537 	}
1538 
1539 	req->out_pos = req->out_buf;
1540 	return 1;
1541 }
1542 
1543 int fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len)
1544 {
1545 	int limit, rest;
1546 
1547 	if (len <= 0) {
1548 		return 0;
1549 	}
1550 
1551 	if (req->out_hdr && req->out_hdr->type != type) {
1552 		close_packet(req);
1553 	}
1554 #if 0
1555 	/* Unoptimized, but clear version */
1556 	rest = len;
1557 	while (rest > 0) {
1558 		limit = sizeof(req->out_buf) - (req->out_pos - req->out_buf);
1559 
1560 		if (!req->out_hdr) {
1561 			if (limit < sizeof(fcgi_header)) {
1562 				if (!fcgi_flush(req, 0)) {
1563 					return -1;
1564 				}
1565 			}
1566 			open_packet(req, type);
1567 		}
1568 		limit = sizeof(req->out_buf) - (req->out_pos - req->out_buf);
1569 		if (rest < limit) {
1570 			memcpy(req->out_pos, str, rest);
1571 			req->out_pos += rest;
1572 			return len;
1573 		} else {
1574 			memcpy(req->out_pos, str, limit);
1575 			req->out_pos += limit;
1576 			rest -= limit;
1577 			str += limit;
1578 			if (!fcgi_flush(req, 0)) {
1579 				return -1;
1580 			}
1581 		}
1582 	}
1583 #else
1584 	/* Optimized version */
1585 	limit = (int)(sizeof(req->out_buf) - (req->out_pos - req->out_buf));
1586 	if (!req->out_hdr) {
1587 		limit -= sizeof(fcgi_header);
1588 		if (limit < 0) limit = 0;
1589 	}
1590 
1591 	if (len < limit) {
1592 		if (!req->out_hdr) {
1593 			open_packet(req, type);
1594 		}
1595 		memcpy(req->out_pos, str, len);
1596 		req->out_pos += len;
1597 	} else if (len - limit < (int)(sizeof(req->out_buf) - sizeof(fcgi_header))) {
1598 		if (!req->out_hdr) {
1599 			open_packet(req, type);
1600 		}
1601 		if (limit > 0) {
1602 			memcpy(req->out_pos, str, limit);
1603 			req->out_pos += limit;
1604 		}
1605 		if (!fcgi_flush(req, 0)) {
1606 			return -1;
1607 		}
1608 		if (len > limit) {
1609 			open_packet(req, type);
1610 			memcpy(req->out_pos, str + limit, len - limit);
1611 			req->out_pos += len - limit;
1612 		}
1613 	} else {
1614 		int pos = 0;
1615 		int pad;
1616 
1617 		close_packet(req);
1618 		while ((len - pos) > 0xffff) {
1619 			open_packet(req, type);
1620 			fcgi_make_header(req->out_hdr, type, req->id, 0xfff8);
1621 			req->out_hdr = NULL;
1622 			if (!fcgi_flush(req, 0)) {
1623 				return -1;
1624 			}
1625 			if (safe_write(req, str + pos, 0xfff8) != 0xfff8) {
1626 				req->keep = 0;
1627 				return -1;
1628 			}
1629 			pos += 0xfff8;
1630 		}
1631 
1632 		pad = (((len - pos) + 7) & ~7) - (len - pos);
1633 		rest = pad ? 8 - pad : 0;
1634 
1635 		open_packet(req, type);
1636 		fcgi_make_header(req->out_hdr, type, req->id, (len - pos) - rest);
1637 		req->out_hdr = NULL;
1638 		if (!fcgi_flush(req, 0)) {
1639 			return -1;
1640 		}
1641 		if (safe_write(req, str + pos, (len - pos) - rest) != (len - pos) - rest) {
1642 			req->keep = 0;
1643 			return -1;
1644 		}
1645 		if (pad) {
1646 			open_packet(req, type);
1647 			memcpy(req->out_pos, str + len - rest,  rest);
1648 			req->out_pos += rest;
1649 		}
1650 	}
1651 #endif
1652 	return len;
1653 }
1654 
1655 int fcgi_end(fcgi_request *req) {
1656 	int ret = 1;
1657 	if (!req->ended) {
1658 		ret = fcgi_flush(req, 1);
1659 		req->ended = 1;
1660 	}
1661 	return ret;
1662 }
1663 
1664 int fcgi_finish_request(fcgi_request *req, int force_close)
1665 {
1666 	int ret = 1;
1667 
1668 	if (req->fd >= 0) {
1669 		ret = fcgi_end(req);
1670 		fcgi_close(req, force_close, 1);
1671 	}
1672 	return ret;
1673 }
1674 
1675 int fcgi_has_env(fcgi_request *req)
1676 {
1677 	return req && req->has_env;
1678 }
1679 
1680 char* fcgi_getenv(fcgi_request *req, const char* var, int var_len)
1681 {
1682 	unsigned int val_len;
1683 
1684 	if (!req) return NULL;
1685 
1686 	return fcgi_hash_get(&req->env, FCGI_HASH_FUNC(var, var_len), (char*)var, var_len, &val_len);
1687 }
1688 
1689 char* fcgi_quick_getenv(fcgi_request *req, const char* var, int var_len, unsigned int hash_value)
1690 {
1691 	unsigned int val_len;
1692 
1693 	return fcgi_hash_get(&req->env, hash_value, (char*)var, var_len, &val_len);
1694 }
1695 
1696 char* fcgi_putenv(fcgi_request *req, char* var, int var_len, char* val)
1697 {
1698 	if (!req) return NULL;
1699 	if (val == NULL) {
1700 		fcgi_hash_del(&req->env, FCGI_HASH_FUNC(var, var_len), var, var_len);
1701 		return NULL;
1702 	} else {
1703 		return fcgi_hash_set(&req->env, FCGI_HASH_FUNC(var, var_len), var, var_len, val, (unsigned int)strlen(val));
1704 	}
1705 }
1706 
1707 char* fcgi_quick_putenv(fcgi_request *req, char* var, int var_len, unsigned int hash_value, char* val)
1708 {
1709 	if (val == NULL) {
1710 		fcgi_hash_del(&req->env, hash_value, var, var_len);
1711 		return NULL;
1712 	} else {
1713 		return fcgi_hash_set(&req->env, hash_value, var, var_len, val, (unsigned int)strlen(val));
1714 	}
1715 }
1716 
1717 void fcgi_loadenv(fcgi_request *req, fcgi_apply_func func, zval *array)
1718 {
1719 	fcgi_hash_apply(&req->env, func, array);
1720 }
1721 
1722 #ifdef _WIN32
1723 void fcgi_impersonate(void)
1724 {
1725 	char *os_name;
1726 
1727 	os_name = getenv("OS");
1728 	if (os_name && stricmp(os_name, "Windows_NT") == 0) {
1729 		is_impersonate = 1;
1730 	}
1731 }
1732 #endif
1733 
1734 void fcgi_set_mgmt_var(const char * name, size_t name_len, const char * value, size_t value_len)
1735 {
1736 	zval zvalue;
1737 	ZVAL_NEW_STR(&zvalue, zend_string_init(value, value_len, 1));
1738 	zend_hash_str_add(&fcgi_mgmt_vars, name, name_len, &zvalue);
1739 }
1740 
1741 void fcgi_free_mgmt_var_cb(zval *zv)
1742 {
1743 	pefree(Z_STR_P(zv), 1);
1744 }
1745 
1746 const char *fcgi_get_last_client_ip()
1747 {
1748 	static char str[INET6_ADDRSTRLEN];
1749 
1750 	/* Ipv4 */
1751 	if (client_sa.sa.sa_family == AF_INET) {
1752 		return inet_ntop(client_sa.sa.sa_family, &client_sa.sa_inet.sin_addr, str, INET6_ADDRSTRLEN);
1753 	}
1754 #ifdef HAVE_IPV6
1755 #ifdef IN6_IS_ADDR_V4MAPPED
1756 	/* Ipv4-Mapped-Ipv6 */
1757 	if (client_sa.sa.sa_family == AF_INET6
1758 		&& IN6_IS_ADDR_V4MAPPED(&client_sa.sa_inet6.sin6_addr)) {
1759 		return inet_ntop(AF_INET, ((char *)&client_sa.sa_inet6.sin6_addr)+12, str, INET6_ADDRSTRLEN);
1760 	}
1761 #endif
1762 	/* Ipv6 */
1763 	if (client_sa.sa.sa_family == AF_INET6) {
1764 		return inet_ntop(client_sa.sa.sa_family, &client_sa.sa_inet6.sin6_addr, str, INET6_ADDRSTRLEN);
1765 	}
1766 #endif
1767 	/* Unix socket */
1768 	return NULL;
1769 }
1770 
1771 /*
1772  * Local variables:
1773  * tab-width: 4
1774  * c-basic-offset: 4
1775  * End:
1776  * vim600: sw=4 ts=4 fdm=marker
1777  * vim<600: sw=4 ts=4
1778  */
1779