Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:29302
Return-Path: <pollita@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 83120 invoked by uid 1010); 8 May 2007 01:37:40 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 83105 invoked from network); 8 May 2007 01:37:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 May 2007 01:37:40 -0000
Authentication-Results: pb1.pair.com header.from=pollita@php.net; sender-id=unknown; domainkeys=good
Authentication-Results: pb1.pair.com smtp.mail=pollita@php.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain php.net from 140.211.166.39 cause and error)
DomainKey-Status: good
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: pollita@php.net
X-Host-Fingerprint: 140.211.166.39 osu1.php.net Linux 2.4/2.6
Received: from [140.211.166.39] ([140.211.166.39:59627] helo=osu1.php.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2B/F2-59486-164DF364 for <internals@lists.php.net>; Mon, 07 May 2007 21:37:38 -0400
X-DomainKeys: Ecelerity dk_sign implementing draft-delany-domainkeys-base-01
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
	s=mx; d=php.net;
	h=From:Subject:To:Date;
	b=q3CMrbkAinU+XwDHFrAC47G4Ax4LvNHqtfo4pqVfGWDPSAQFiaIXznuKIZfJcYDs
	5dOAoD17R2grK16e8tdwcuZ6E/nXsFtBDu0y1QRutQbrtApWrI4OufDJszl5BHNb
Authentication-Results:  osu1.php.net smtp.user=pollita; auth=pass (LOGIN)
X-Host-Fingerprint: 207.126.230.225 unknown  
Received: from [207.126.230.225] ([207.126.230.225:28373] helo=[10.72.106.237])
	by osu1.php.net (ecelerity 2.1.1.11-rc1 r(13363/13364M)) with ESMTPSA (cipher=AES256-SHA) 
	id DF/09-00796-8B5DF364 for <marauder@tiscali.it>; Mon, 07 May 2007 18:43:20 -0700
Message-ID: <463FD459.9050801@php.net>
Date: Mon, 07 May 2007 18:37:29 -0700
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  internals@lists.php.net
CC:  ceo@l-i-e.com, David Santinoli <marauder@tiscali.it>
References: <20070507110833.GA27937@aidi.santinoli.com> <3668.209.254.223.2.1178573428.squirrel@www.l-i-e.com>
In-Reply-To: <3668.209.254.223.2.1178573428.squirrel@www.l-i-e.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [PATCH] Passthrough MD5/SHA1 calculation of uploaded
 files
From: pollita@php.net (Sara Golemon)

Ditto Richard's comments about false-implications of security, but I'd 
also like to add that *IF* folks decide on the whole that this is worth 
adding, it should be done more generically than a setting for md5 and a 
setting for sha1.

e.g.

<input type="hidden" name="__COMPUTE_HASH" value="md5">
or
<input type="hidden" name="__COMPUTE_HASH" value="sha1">
or
<input type="hidden" name="__COMPUTE_HASH" value="whirlpool">

or whatever hash algo you're looking for.  The implementations in 
ext/hash can be used and the resulting code in main/rfc1867.c will wind 
up being simpler (since you'll be using the unified hash API rather than 
the individual md5/sha1 APIs).

If someone (for some reason) has ext/hash disabled (it's 
enabled-by-default since 5.1.2), then they just won't get a hash. 
That's what package requirements and documentation are for.

-Sara

P.S. - Suggestions aside, I'm -1 on it.

Richard Lynch wrote:
> What purpose does this serve, exactly?...
> 
> Seems like anybody who can intercept the upload and send bad file data
> can also send a matching MD5 for the bad data...
> 
> Actually, re-reading the message clarified for me that you're doing
> this only to save the time of whatever it would take to do an MD5 for
> the file after its uploaded.
> 
> Can you PLEASE make 100% certain that this is specifically documented
> to NOT be a "Security Feature" and it is NOT intended to indicate
> secure transmission of the file?
> 
> Cuz I'm betting dollars to donuts that the masses of PHP scripters are
> going to immediately mis-use this for that exact purpose...
> 
> On Mon, May 7, 2007 6:08 am, David Santinoli wrote:
>> Hi,
>>   I'm submitting a patch to perform "on the fly" MD5/SHA1 digest
>> calculation of a file uploaded via the HTTP POST method.  Being
>> not uncommon for applications to require some digest of a freshly
>> uploaded file, doing the math directly in the buffer where the file is
>> being read can save some time.
>>
>> A similar patch was submitted in August 2004 and raised some interest,
>> but never got merged.
>>
>> Digest calculation is triggered by setting the special input fields
>> COMPUTE_MD5 and/or COMPUTE_SHA1 to a non-zero value:
>>
>>   <input type="hidden" name="COMPUTE_SHA1" value="1">
>>
>> (note that these assignments must precede the
>> <input type="file" name=...> field, as in the MAX_FILE_SIZE case.)
>>
>> The result is found in the special variables
>> $_FILES[userfile]["md5"] and $_FILES[userfile]["sha1"].
>> These variables are only defined upon request of the corresponding
>> digest.
>>
>> The patch was produced against the php6 CVS version of rfc1867.c
>> (1.190).
>>
>> Cheers,
>>  David
>> --
>>  David Santinoli
>>  Tieffe Sistemi S.r.l.                      viale Piceno 21, Milano
>>  www.tieffesistemi.com                         tel. +39 02 45490882
>> --
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
> 
>