Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60623
Return-Path: <stefan.esser@sektioneins.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91798 invoked from network); 21 May 2012 10:41:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 May 2012 10:41:30 -0000
Authentication-Results: pb1.pair.com smtp.mail=stefan.esser@sektioneins.de; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=stefan.esser@sektioneins.de; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain sektioneins.de from 85.214.103.31 cause and error)
X-PHP-List-Original-Sender: stefan.esser@sektioneins.de
X-Host-Fingerprint: 85.214.103.31 h1332034.stratoserver.net Linux 2.6
Received: from [85.214.103.31] ([85.214.103.31:52924] helo=mail.sektioneins.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 65/E1-14145-8DB1ABF4 for <internals@lists.php.net>; Mon, 21 May 2012 06:41:29 -0400
Received: from [10.23.17.42] (cable-78-34-71-151.netcologne.de [78.34.71.151])
	by mail.sektioneins.de (Postfix) with ESMTPSA id A1C76189C007
	for <internals@lists.php.net>; Mon, 21 May 2012 12:41:24 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 21 May 2012 12:41:24 +0200
Message-ID: <5262BA67-53D2-4D19-9AD6-B1BFDABAC32E@sektioneins.de>
To: Mailing-List php <internals@lists.php.net>
Mime-Version: 1.0 (Apple Message framework v1257)
X-Mailer: Apple Mail (2.1257)
Subject: zend_execute_internal hook missing from PHP 5
From: stefan.esser@sektioneins.de (Stefan Esser)

Hi,

it recently came to my attention that the function whitelist and =
blacklist feature inside Suhosin is easily bypassable since PHP 5.0.

The reason for this is that PHP is no longer calling the =
zend_execute_internal() hook if a function is called from another =
function (via zend_call_function)

In the days of PHP 4 the code looked like this:

		if (!zend_execute_internal) {
			((zend_internal_function *) =
EX(function_state).function)->handler(EX(opline)->extended_value, =
EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, 1 TSRMLS_CC);
		} else {
			zend_execute_internal(&execute_data, 1 =
TSRMLS_CC);
		}

Nowadays (since PHP 5.0) the code was moved from call_user_function_ex =
to zend_call_function and just looks like this:

		((zend_internal_function *) =
EX(function_state).function)->handler(fci->param_count, =
*fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1 =
TSRMLS_CC);


While this has no immediate impact for average PHP users, it basically =
kills the possibility for an extension like Suhosin to catch all =
function starts.
This should also be a problem for your DTRACE support. And IIRC Xdebug =
was hooking this point (at least in the past), too.

My suggestion is to change the code to call the hook again.

Regards,
Stefan=