From 756ee95605ab0677bfd20e0d1f0ba1053b2075d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Schl=C3=BCter?= Date: Sun, 23 Feb 2014 14:18:24 +0100 Subject: [PATCH 1/4] We can't dereference dbh if it is NULL --- ext/pdo_mysql/pdo_mysql.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ext/pdo_mysql/pdo_mysql.c b/ext/pdo_mysql/pdo_mysql.c index 95f2840fcb5..697e7c0b588 100644 --- a/ext/pdo_mysql/pdo_mysql.c +++ b/ext/pdo_mysql/pdo_mysql.c @@ -64,7 +64,12 @@ static MYSQLND * pdo_mysql_convert_zv_to_mysqlnd(zval * zv TSRMLS_DC) if (Z_TYPE_P(zv) == IS_OBJECT && instanceof_function(Z_OBJCE_P(zv), php_pdo_get_dbh_ce() TSRMLS_CC)) { pdo_dbh_t * dbh = zend_object_store_get_object(zv TSRMLS_CC); - if (!dbh || dbh->driver != &pdo_mysql_driver) { + if (!dbh) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to retrieve handle from object store"); + return NULL; + } + + if (dbh->driver != &pdo_mysql_driver) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Provided PDO instance is not using MySQL but %s", dbh->driver->driver_name); return NULL; } From 3f258e6b46f1f74c672f68a23b2b0905b435aa5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Schl=C3=BCter?= Date: Sun, 23 Feb 2014 14:55:29 +0100 Subject: [PATCH 2/4] Make sure value is initialized --- Zend/zend_highlight.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c index 5ea55155c26..a38441b39a9 100644 --- a/Zend/zend_highlight.c +++ b/Zend/zend_highlight.c @@ -57,7 +57,7 @@ ZEND_API void zend_html_putc(char c) ZEND_API void zend_html_puts(const char *s, uint len TSRMLS_DC) { const unsigned char *ptr = (const unsigned char*)s, *end = ptr + len; - unsigned char *filtered; + unsigned char *filtered = NULL; size_t filtered_len; if (LANG_SCNG(output_filter)) { From a97ae8bc06dfd5e89932fa49f7a09acf5e555e6c Mon Sep 17 00:00:00 2001 From: Paul Annesley Date: Wed, 19 Feb 2014 11:48:40 -0800 Subject: [PATCH 3/4] add clear_env option to FPM config This makes it possible to leave the envoronment as is on startup and pass all the variables to the workers. The default value of clear_env is "yes", preserving previous behaviour. Patch by Paul Annesley. --- sapi/fpm/fpm/fpm_conf.c | 3 +++ sapi/fpm/fpm/fpm_conf.h | 1 + sapi/fpm/fpm/fpm_env.c | 4 +++- sapi/fpm/php-fpm.conf.in | 9 +++++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c index 20adf91df44..ae7908642c4 100644 --- a/sapi/fpm/fpm/fpm_conf.c +++ b/sapi/fpm/fpm/fpm_conf.c @@ -148,6 +148,7 @@ static struct ini_value_parser_s ini_fpm_pool_options[] = { { "chroot", &fpm_conf_set_string, WPO(chroot) }, { "chdir", &fpm_conf_set_string, WPO(chdir) }, { "catch_workers_output", &fpm_conf_set_boolean, WPO(catch_workers_output) }, + { "clear_env", &fpm_conf_set_boolean, WPO(clear_env) }, { "security.limit_extensions", &fpm_conf_set_string, WPO(security_limit_extensions) }, #ifdef HAVE_APPARMOR { "apparmor_hat", &fpm_conf_set_string, WPO(apparmor_hat) }, @@ -606,6 +607,7 @@ static void *fpm_worker_pool_config_alloc() /* {{{ */ wp->config->listen_backlog = FPM_BACKLOG_DEFAULT; wp->config->pm_process_idle_timeout = 10; /* 10s by default */ wp->config->process_priority = 64; /* 64 means unset */ + wp->config->clear_env = 1; if (!fpm_worker_all_pools) { fpm_worker_all_pools = wp; @@ -1606,6 +1608,7 @@ static void fpm_conf_dump() /* {{{ */ zlog(ZLOG_NOTICE, "\tchroot = %s", STR2STR(wp->config->chroot)); zlog(ZLOG_NOTICE, "\tchdir = %s", STR2STR(wp->config->chdir)); zlog(ZLOG_NOTICE, "\tcatch_workers_output = %s", BOOL2STR(wp->config->catch_workers_output)); + zlog(ZLOG_NOTICE, "\tclear_env = %s", BOOL2STR(wp->config->clear_env)); zlog(ZLOG_NOTICE, "\tsecurity.limit_extensions = %s", wp->config->security_limit_extensions); for (kv = wp->config->env; kv; kv = kv->next) { diff --git a/sapi/fpm/fpm/fpm_conf.h b/sapi/fpm/fpm/fpm_conf.h index 4b297490422..12fabe28053 100644 --- a/sapi/fpm/fpm/fpm_conf.h +++ b/sapi/fpm/fpm/fpm_conf.h @@ -83,6 +83,7 @@ struct fpm_worker_pool_config_s { char *chroot; char *chdir; int catch_workers_output; + int clear_env; char *security_limit_extensions; struct key_value_s *env; struct key_value_s *php_admin_values; diff --git a/sapi/fpm/fpm/fpm_env.c b/sapi/fpm/fpm/fpm_env.c index 6b64fedfec4..2ff0bdc0e4b 100644 --- a/sapi/fpm/fpm/fpm_env.c +++ b/sapi/fpm/fpm/fpm_env.c @@ -143,7 +143,9 @@ int fpm_env_init_child(struct fpm_worker_pool_s *wp) /* {{{ */ fpm_env_setproctitle(title); efree(title); - clearenv(); + if (wp->config->clear_env) { + clearenv(); + } for (kv = wp->config->env; kv; kv = kv->next) { setenv(kv->key, kv->value, 1); diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in index 9002a2933bb..ab03736bebb 100644 --- a/sapi/fpm/php-fpm.conf.in +++ b/sapi/fpm/php-fpm.conf.in @@ -475,6 +475,15 @@ pm.max_spare_servers = 3 ; Default Value: no ;catch_workers_output = yes +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to From c6a4a7cad6ee80176047cbd874788235838f5c8b Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Mon, 24 Feb 2014 10:12:18 +0100 Subject: [PATCH 4/4] fixed macro --- TSRM/tsrm_config_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TSRM/tsrm_config_common.h b/TSRM/tsrm_config_common.h index 83b6b9b02c2..eba9c134885 100644 --- a/TSRM/tsrm_config_common.h +++ b/TSRM/tsrm_config_common.h @@ -2,7 +2,7 @@ #define TSRM_CONFIG_COMMON_H #ifndef __CYGWIN__ -# if WINNT|WIN32 +# ifdef _WIN32 # define TSRM_WIN32 # endif #endif