[Pkg-php-commits] [php/debian-sid] Add patch to remove PAGE_SIZE assumptions in suhosin code
Raphael Geissert
geissert at debian.org
Wed Feb 10 07:36:21 UTC 2010
---
debian/patches/series | 1 +
debian/patches/suhosin_page_size_fixes.patch | 83 ++++++++++++++++++++++++++
2 files changed, 84 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/suhosin_page_size_fixes.patch
diff --git a/debian/patches/series b/debian/patches/series
index b7fb32c..24e0bbe 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,6 +27,7 @@ libtool2.2.patch
libdb_is_-ldb
page_size_fixes.patch
suhosin.patch
+suhosin_page_size_fixes.patch
fix_broken_upstream_tests.patch
use_embedded_timezonedb.patch
force_libmysqlclient_r.patch
diff --git a/debian/patches/suhosin_page_size_fixes.patch b/debian/patches/suhosin_page_size_fixes.patch
new file mode 100644
index 0000000..1add325
--- /dev/null
+++ b/debian/patches/suhosin_page_size_fixes.patch
@@ -0,0 +1,83 @@
+Description: Don't assume the value of PAGE_SIZE.
+ The len argument of mprotect(2) is rounded up if necessary to result
+ in an integer number of pages. If PAGE_SIZE is lower than the real
+ page size, the call to mprotect(2) marks more memory as non-writeable
+ than desired, leading to all sorts of errors.
+Origin: vendor
+Forwarded: no
+Last-Update: 2010-02-09
+
+Index: php/main/suhosin_patch.c
+===================================================================
+--- php.orig/main/suhosin_patch.c
++++ php/main/suhosin_patch.c
+@@ -21,6 +21,7 @@
+
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <sys/mman.h>
+
+ #if HAVE_UNISTD_H
+ #include <unistd.h>
+@@ -59,19 +60,7 @@ int suhosin_patch_globals_id;
+ struct _suhosin_patch_globals suhosin_patch_globals;
+ #endif
+
+-/* hack that needs to be fixed */
+-#ifndef PAGE_SIZE
+-#define PAGE_SIZE 4096
+-#endif
+-
+-#ifdef ZEND_WIN32
+-__declspec(align(PAGE_SIZE))
+-#endif
+-char suhosin_config[PAGE_SIZE]
+-#if defined(__GNUC__)
+- __attribute__ ((aligned(PAGE_SIZE)))
+-#endif
+-;
++char *suhosin_config = NULL;
+
+ static void php_security_log(int loglevel, char *fmt, ...);
+
+@@ -135,7 +124,7 @@ static void suhosin_read_configuration_f
+ static void suhosin_write_protect_configuration()
+ {
+ #if defined(__GNUC__)
+- mprotect(suhosin_config, PAGE_SIZE, PROT_READ);
++ mprotect(suhosin_config, sysconf(_SC_PAGESIZE), PROT_READ);
+ #endif
+ }
+
+@@ -148,6 +137,13 @@ PHPAPI void suhosin_startup()
+ #endif
+ zend_suhosin_log = php_security_log;
+
++ if (!suhosin_config) {
++ suhosin_config = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
++ if (suhosin_config == MAP_FAILED) {
++ perror("suhosin");
++ _exit(1);
++ }
++ }
+ if (!SUHOSIN_CONFIG(SUHOSIN_CONFIG_SET)) {
+ suhosin_read_configuration_from_environment();
+ suhosin_write_protect_configuration();
+Index: php/main/suhosin_patch.h
+===================================================================
+--- php.orig/main/suhosin_patch.h
++++ php/main/suhosin_patch.h
+@@ -44,12 +44,7 @@
+ #include <mach/vm_param.h>
+ #endif
+
+-/* hack that needs to be fixed */
+-#ifndef PAGE_SIZE
+-#define PAGE_SIZE 4096
+-#endif
+-
+-extern char suhosin_config[PAGE_SIZE];
++extern char *suhosin_config;
+
+ #endif
+
--
1.6.3.3
More information about the Pkg-php-commits
mailing list