1 /*
2 +----------------------------------------------------------------------+
3 | Zend OPcache |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andi Gutmans <andi@php.net> |
16 | Zeev Suraski <zeev@php.net> |
17 | Stanislav Malyshev <stas@zend.com> |
18 | Dmitry Stogov <dmitry@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 #include "main/php.h"
23 #include "main/fopen_wrappers.h"
24 #include "ZendAccelerator.h"
25 #include "zend_accelerator_blacklist.h"
26
27 #ifdef ZEND_WIN32
28 # define REGEX_MODE (REG_EXTENDED|REG_NOSUB|REG_ICASE)
29 #else
30 # define REGEX_MODE (REG_EXTENDED|REG_NOSUB)
31 #endif
32
33 #ifdef HAVE_GLOB
34 #ifdef PHP_WIN32
35 #include "win32/glob.h"
36 #else
37 #include <glob.h>
38 #endif
39 #endif
40
41 #include "ext/pcre/php_pcre.h"
42
43 #define ZEND_BLACKLIST_BLOCK_SIZE 32
44
45 struct _zend_regexp_list {
46 pcre2_code *re;
47 zend_regexp_list *next;
48 };
49
50 zend_blacklist accel_blacklist;
51
zend_accel_blacklist_init(zend_blacklist * blacklist)52 void zend_accel_blacklist_init(zend_blacklist *blacklist)
53 {
54 blacklist->pos = 0;
55 blacklist->size = ZEND_BLACKLIST_BLOCK_SIZE;
56
57 if (blacklist->entries != NULL) {
58 zend_accel_blacklist_shutdown(blacklist);
59 }
60
61 blacklist->entries = (zend_blacklist_entry *) calloc(sizeof(zend_blacklist_entry), blacklist->size);
62 if (!blacklist->entries) {
63 zend_accel_error(ACCEL_LOG_FATAL, "Blacklist initialization: no memory\n");
64 return;
65 }
66 blacklist->regexp_list = NULL;
67 }
68
blacklist_report_regexp_error(const char * pcre_error,int pcre_error_offset)69 static void blacklist_report_regexp_error(const char *pcre_error, int pcre_error_offset)
70 {
71 zend_accel_error(ACCEL_LOG_ERROR, "Blacklist compilation failed (offset: %d), %s\n", pcre_error_offset, pcre_error);
72 }
73
zend_accel_blacklist_update_regexp(zend_blacklist * blacklist)74 static void zend_accel_blacklist_update_regexp(zend_blacklist *blacklist)
75 {
76 PCRE2_UCHAR pcre_error[128];
77 int i, errnumber;
78 PCRE2_SIZE pcre_error_offset;
79 zend_regexp_list **regexp_list_it, *it;
80 char regexp[12*1024], *p, *end, *c, *backtrack = NULL;
81 pcre2_compile_context *cctx = php_pcre_cctx();
82
83 if (blacklist->pos == 0) {
84 /* we have no blacklist to talk about */
85 return;
86 }
87
88 regexp_list_it = &(blacklist->regexp_list);
89
90 regexp[0] = '^';
91 regexp[1] = '(';
92 p = regexp + 2;
93 end = regexp + sizeof(regexp) - sizeof("[^\\\\]*)\0");
94
95 for (i = 0; i < blacklist->pos; ) {
96 c = blacklist->entries[i].path;
97 if (p + blacklist->entries[i].path_length < end) {
98 while (*c && p < end) {
99 switch (*c) {
100 case '?':
101 c++;
102 #ifdef ZEND_WIN32
103 p[0] = '['; /* * => [^\\] on Win32 */
104 p[1] = '^';
105 p[2] = '\\';
106 p[3] = '\\';
107 p[4] = ']';
108 p += 5;
109 #else
110 p[0] = '['; /* * => [^/] on *nix */
111 p[1] = '^';
112 p[2] = '/';
113 p[3] = ']';
114 p += 4;
115 #endif
116 break;
117 case '*':
118 c++;
119 if (*c == '*') {
120 c++;
121 p[0] = '.'; /* ** => .* */
122 p[1] = '*';
123 p += 2;
124 } else {
125 #ifdef ZEND_WIN32
126 p[0] = '['; /* * => [^\\]* on Win32 */
127 p[1] = '^';
128 p[2] = '\\';
129 p[3] = '\\';
130 p[4] = ']';
131 p[5] = '*';
132 p += 6;
133 #else
134 p[0] = '['; /* * => [^/]* on *nix */
135 p[1] = '^';
136 p[2] = '/';
137 p[3] = ']';
138 p[4] = '*';
139 p += 5;
140 #endif
141 }
142 break;
143 case '^':
144 case '.':
145 case '[':
146 case ']':
147 case '$':
148 case '(':
149 case ')':
150 case '|':
151 case '+':
152 case '{':
153 case '}':
154 case '\\':
155 *p++ = '\\';
156 /* break missing intentionally */
157 default:
158 *p++ = *c++;
159 }
160 }
161 }
162
163 if (*c || i == blacklist->pos - 1) {
164 if (*c) {
165 if (!backtrack) {
166 zend_accel_error(ACCEL_LOG_ERROR, "Too long blacklist entry\n");
167 }
168 p = backtrack;
169 } else {
170 i++;
171 }
172 *p++ = ')';
173
174 it = (zend_regexp_list*)malloc(sizeof(zend_regexp_list));
175 if (!it) {
176 zend_accel_error(ACCEL_LOG_ERROR, "malloc() failed\n");
177 return;
178 }
179 it->next = NULL;
180
181 if ((it->re = pcre2_compile((PCRE2_SPTR)regexp, p - regexp, PCRE2_NO_AUTO_CAPTURE, &errnumber, &pcre_error_offset, cctx)) == NULL) {
182 free(it);
183 pcre2_get_error_message(errnumber, pcre_error, sizeof(pcre_error));
184 blacklist_report_regexp_error((char *)pcre_error, pcre_error_offset);
185 return;
186 }
187 #ifdef HAVE_PCRE_JIT_SUPPORT
188 if (PCRE_G(jit)) {
189 if (0 > pcre2_jit_compile(it->re, PCRE2_JIT_COMPLETE)) {
190 /* Don't return here, even JIT could fail to compile, the pattern is still usable. */
191 pcre2_get_error_message(errnumber, pcre_error, sizeof(pcre_error));
192 zend_accel_error(ACCEL_LOG_WARNING, "Blacklist JIT compilation failed, %s\n", pcre_error);
193 }
194 }
195 #endif
196 /* prepare for the next iteration */
197 p = regexp + 2;
198 *regexp_list_it = it;
199 regexp_list_it = &it->next;
200 } else {
201 backtrack = p;
202 *p++ = '|';
203 i++;
204 }
205 }
206 }
207
zend_accel_blacklist_shutdown(zend_blacklist * blacklist)208 void zend_accel_blacklist_shutdown(zend_blacklist *blacklist)
209 {
210 zend_blacklist_entry *p = blacklist->entries, *end = blacklist->entries + blacklist->pos;
211
212 while (p<end) {
213 free(p->path);
214 p++;
215 }
216 free(blacklist->entries);
217 blacklist->entries = NULL;
218 if (blacklist->regexp_list) {
219 zend_regexp_list *temp, *it = blacklist->regexp_list;
220 while (it) {
221 pcre2_code_free(it->re);
222 temp = it;
223 it = it->next;
224 free(temp);
225 }
226 }
227 }
228
zend_accel_blacklist_allocate(zend_blacklist * blacklist)229 static inline void zend_accel_blacklist_allocate(zend_blacklist *blacklist)
230 {
231 if (blacklist->pos == blacklist->size) {
232 blacklist->size += ZEND_BLACKLIST_BLOCK_SIZE;
233 blacklist->entries = (zend_blacklist_entry *) realloc(blacklist->entries, sizeof(zend_blacklist_entry)*blacklist->size);
234 }
235 }
236
zend_accel_blacklist_loadone(zend_blacklist * blacklist,char * filename)237 static void zend_accel_blacklist_loadone(zend_blacklist *blacklist, char *filename)
238 {
239 char buf[MAXPATHLEN + 1], real_path[MAXPATHLEN + 1], *blacklist_path = NULL;
240 FILE *fp;
241 int path_length, blacklist_path_length;
242
243 if ((fp = fopen(filename, "r")) == NULL) {
244 zend_accel_error(ACCEL_LOG_WARNING, "Cannot load blacklist file: %s\n", filename);
245 return;
246 }
247
248 zend_accel_error(ACCEL_LOG_DEBUG,"Loading blacklist file: '%s'", filename);
249
250 if (VCWD_REALPATH(filename, buf)) {
251 blacklist_path_length = zend_dirname(buf, strlen(buf));
252 blacklist_path = zend_strndup(buf, blacklist_path_length);
253 }
254
255 memset(buf, 0, sizeof(buf));
256 memset(real_path, 0, sizeof(real_path));
257
258 while (fgets(buf, MAXPATHLEN, fp) != NULL) {
259 char *path_dup, *pbuf;
260 path_length = strlen(buf);
261 if (path_length > 0 && buf[path_length - 1] == '\n') {
262 buf[--path_length] = 0;
263 if (path_length > 0 && buf[path_length - 1] == '\r') {
264 buf[--path_length] = 0;
265 }
266 }
267
268 /* Strip ctrl-m prefix */
269 pbuf = &buf[0];
270 while (*pbuf == '\r') {
271 *pbuf++ = 0;
272 path_length--;
273 }
274
275 /* strip \" */
276 if (pbuf[0] == '\"' && pbuf[path_length - 1]== '\"') {
277 *pbuf++ = 0;
278 path_length -= 2;
279 }
280
281 if (path_length == 0) {
282 continue;
283 }
284
285 /* skip comments */
286 if (pbuf[0]==';') {
287 continue;
288 }
289
290 path_dup = zend_strndup(pbuf, path_length);
291 if (blacklist_path) {
292 expand_filepath_ex(path_dup, real_path, blacklist_path, blacklist_path_length);
293 } else {
294 expand_filepath(path_dup, real_path);
295 }
296 path_length = strlen(real_path);
297
298 free(path_dup);
299
300 zend_accel_blacklist_allocate(blacklist);
301 blacklist->entries[blacklist->pos].path_length = path_length;
302 blacklist->entries[blacklist->pos].path = (char *)malloc(path_length + 1);
303 if (!blacklist->entries[blacklist->pos].path) {
304 zend_accel_error(ACCEL_LOG_ERROR, "malloc() failed\n");
305 fclose(fp);
306 return;
307 }
308 blacklist->entries[blacklist->pos].id = blacklist->pos;
309 memcpy(blacklist->entries[blacklist->pos].path, real_path, path_length + 1);
310 blacklist->pos++;
311 }
312 fclose(fp);
313 if (blacklist_path) {
314 free(blacklist_path);
315 }
316 }
317
zend_accel_blacklist_load(zend_blacklist * blacklist,char * filename)318 void zend_accel_blacklist_load(zend_blacklist *blacklist, char *filename)
319 {
320 #ifdef HAVE_GLOB
321 glob_t globbuf;
322 int ret;
323 unsigned int i;
324
325 memset(&globbuf, 0, sizeof(glob_t));
326
327 ret = glob(filename, 0, NULL, &globbuf);
328 #ifdef GLOB_NOMATCH
329 if (ret == GLOB_NOMATCH || !globbuf.gl_pathc) {
330 #else
331 if (!globbuf.gl_pathc) {
332 #endif
333 zend_accel_error(ACCEL_LOG_WARNING, "No blacklist file found matching: %s\n", filename);
334 } else {
335 for(i=0 ; i<globbuf.gl_pathc; i++) {
336 zend_accel_blacklist_loadone(blacklist, globbuf.gl_pathv[i]);
337 }
338 globfree(&globbuf);
339 }
340 #else
341 zend_accel_blacklist_loadone(blacklist, filename);
342 #endif
343 zend_accel_blacklist_update_regexp(blacklist);
344 }
345
346 zend_bool zend_accel_blacklist_is_blacklisted(zend_blacklist *blacklist, char *verify_path, size_t verify_path_len)
347 {
348 int ret = 0;
349 zend_regexp_list *regexp_list_it = blacklist->regexp_list;
350 pcre2_match_context *mctx = php_pcre_mctx();
351
352 if (regexp_list_it == NULL) {
353 return 0;
354 }
355 while (regexp_list_it != NULL) {
356 pcre2_match_data *match_data = php_pcre_create_match_data(0, regexp_list_it->re);
357 if (!match_data) {
358 /* Alloc failed, but next one could still come through and match. */
359 continue;
360 }
361 int rc = pcre2_match(regexp_list_it->re, (PCRE2_SPTR)verify_path, verify_path_len, 0, 0, match_data, mctx);
362 if (rc >= 0) {
363 ret = 1;
364 php_pcre_free_match_data(match_data);
365 break;
366 }
367 php_pcre_free_match_data(match_data);
368 regexp_list_it = regexp_list_it->next;
369 }
370 return ret;
371 }
372
373 void zend_accel_blacklist_apply(zend_blacklist *blacklist, blacklist_apply_func_arg_t func, void *argument)
374 {
375 int i;
376
377 for (i = 0; i < blacklist->pos; i++) {
378 func(&blacklist->entries[i], argument);
379 }
380 }
381
