suhosin
suhosin copied to clipboard
sektioneins
Compiling as extension on Windows for PHP 5.5
Hi,
I'm trying to compile Suhosin extension (0.9.35) on Windows for PHP 5.5.10.
I can build PHP 5.5.10 without Suhosin just fine. If I extract the Suhosin code and run configure like this:
configure --disable-all --enable-cli --enable-suhosin
in the PHP source directory (where \suhosin-0.9.35\ is), I get the following errors when running nmake:
suhosin-0.9.35\execute.c(1331) : warning C4101: 'fd': Unreferenzierte lokale Variable suhosin-0.9.35\execute.c(1620) : error C2143: Syntaxfehler: Es fehlt ';' vor 'Typ' suhosin-0.9.35\execute.c(1621) : error C2143: Syntaxfehler: Es fehlt ';' vor 'Typ' suhosin-0.9.35\execute.c(1622) : error C2275: 'zend_class_entry': Ungültige Verwendung dieses Typs als Ausdruck Zend\zend.h(302): Siehe Deklaration von 'zend_class_entry' suhosin-0.9.35\execute.c(1622) : error C2065: 'ce': nichtdeklarierter Bezeichner suhosin-0.9.35\execute.c(1623) : error C2275: 'internal_function_handler': Ungültige Verwendung dieses Typs als Ausdruck
Can anyone tell me what I'm doing wrong, or point me to a tutorial on how to install Suhosin under Windows?
Thanks a lot
Paul
It seems config.w32 is missing one file.
Find
EXTENSION("suhosin", "suhosin.c sha256.c memory_limit.c treat_data.c ifilter.c post_handler.c ufilter.c rfc1867.c log.c header.c execute.c ex_imp.c session.c aes.c");
Replace with
EXTENSION("suhosin", "suhosin.c sha256.c memory_limit.c treat_data.c ifilter.c post_handler.c ufilter.c rfc1867.c rfc1867_new.c log.c header.c execute.c ex_imp.c session.c aes.c");
Hi NEC,
thanks for the quick reply. I have changed config.w32 in the way you proposed, but I still get the same error messages as before (presented in English here, now; first couple of lines only):
ext\suhosin\execute.c(1620) : error C2143: syntax error : missing ';' before 'type' ext\suhosin\execute.c(1621) : error C2143: syntax error : missing ';' before 'type' ext\suhosin\execute.c(1622) : error C2275: 'zend_class_entry' : illegal use of this type as an expression Zend\zend.h(302) : see declaration of 'zend_class_entry' ext\suhosin\execute.c(1622) : error C2065: 'ce' : undeclared identifier ext\suhosin\execute.c(1623) : error C2275: 'internal_function_handler' : illegal use of this type as an expression ext\suhosin\execute.c(679) : see declaration of 'internal_function_handler' ext\suhosin\execute.c(1623) : error C2065: 'ih' : undeclared identifier ext\suhosin\execute.c(1626) : error C2065: 'ce' : undeclared identifier
This is the first time I try compiling PHP and Suhosin on windows, it works perfectly fine on Linux.
I kind of figured it out now... The error in line 1620 is specific to MSVC as it uses C89 rather than C99 (mixing variable declaration and block commands; if PHP_VERSION_ID >= 50500 then block if(fci) {} else {} precedes declaration zval *return_value; ). A short patch (patch -Np1 execute.c < execute.diff) fixes this. The patch can be found here:
http://txt.do/1305
After this I encountered the issue NEC mentioned. I adapted config.w32 the way NEC proposed but still wasn't able to compile/link. I got this error:
rfc1867_new.c
rfc1867_new.obj : error LNK2005: _destroy_uploaded_files_hash already defined in rfc1867.obj
Creating library Release_TS\php5ts.lib and object Release_TS\php5ts.exp
Release_TS\php5ts.dll : fatal error LNK1169: one or more multiply defined symbols found
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 11.0
\VC\BIN\cl.exe"' : return code '0x2'
Stop.
I removed function destroy_uploaded_files_hash from rfc1867_new.c in ext/suhosin (around line 184; I believe the same function can be found in main/rfc1867.c) and was finally able to successfully compile PHP with Suhosin on Windows.
The question that remains is: Is removing the function destroy_uploaded_files_hash from rfc1867_new.c the correct way to do it, or can it break something else?
BTW: It also compiles on Linux, if you remove said function.
Try building suhosin with:
configure --disable-all --enable-cli --enable-session --enable-object-out-dir=. --enable-one-shot --enable-suhosin=shared
Suhosin must always be built as a shared extension.
Also, I have made this big patch for version 0.9.35 sometime ago: https://github.com/NewEraCracker/suhosin-patches/blob/master/patches/suhosin-0.9.35.bugfix.diff (Removed now as it is obsolete)
This fixes:
- Build errors
- Log variable dropping statistics
Refactored:
- execute.c: ih_preg_replace
- execute.c: ih_function_exists
- execute.c: suhosin_execute_internal
- rfc1867.c: To fix issue #29 in PHP 5.3 and lower.
Added:
- Backup of old session module (to fix issues found by php test suite)
This should solve all your issues. If you find anything is broken, let me know.
Thanks for posting your patch. I'll try it and will report any issues I might find. It could take a couple of days, though...
Why must Suhosin be build as a shared extension? It seems to work for me when compiled in statically, and at least for version 0.9.12 Stefan wrote in the change log that he fixed static compilation against PHP 5.2.0. Did this change for newer versions of PHP?
http://www.hardened-php.net/suhosin/changelog.html
Personally I recommend Suhosin to be built as a shared extension because it will allow you to load in official windows.php.net packages as long as you used the same compiler that they used for the respective PHP version.
By copying php_suhosin.dll to ext dir and adding
extension = php_suhosin.dll
In the end of extension directive in php.ini will make it load.
Also, I recommend you to copy the [suhosin] part and below (from https://github.com/stefanesser/suhosin/blob/master/suhosin.ini ) to the end of php.ini and uncommenting and changing the values of the following directives to fix compatibility issues with some scripts:
suhosin.executor.max_depth = 10000
suhosin.mail.protect = 0
suhosin.session.encrypt = Off
suhosin.get.max_name_length = 512
suhosin.get.max_totalname_length = 512
suhosin.get.max_value_length = 2048
suhosin.post.max_array_index_length = 256
suhosin.post.max_name_length = 512
suhosin.post.max_totalname_length = 8192
suhosin.post.max_vars = 4096
suhosin.request.max_array_index_length = 256
suhosin.request.max_totalname_length = 8192
suhosin.request.max_vars = 4096
suhosin.request.max_varname_length = 512
Remember to change max_input_vars to 4096 as well Find
max_input_vars = 1000
Replace with
max_input_vars = 4096
Regards, NewEraCracker
Regarding the static compilation issue. The problem does not happen in PHP 5.2 or PHP 5.3. The problem was introduced in rfc1867_new.c code (For PHP 5.4 and higher).
This issue is easily fixable by changing
void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */
To
static void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */
This change with stop that function from being exposed to other files and will effectively fix the linker error.
And from what I can see from the code, destroy_uploaded_files_hash is unused, that means unlink_filename is also unused.
This piece of code
static int unlink_filename(char **filename TSRMLS_DC) /* {{{ */
{
VCWD_UNLINK(*filename);
return 0;
}
/* }}} */
void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */
{
zend_hash_apply(SG(rfc1867_uploaded_files), (apply_func_t) unlink_filename TSRMLS_CC);
zend_hash_destroy(SG(rfc1867_uploaded_files));
FREE_HASHTABLE(SG(rfc1867_uploaded_files));
}
/* }}} */
Can be delimited with
#if 0
code
#endif
To avoid compilation of unused code.
Regards, NewEraCracker
I strongly suggest to not use Suhosin 0.9.35 or the current git on windows. The code is just not written with Windows in mind. There is a lot that needs to be adjusted to be full windows compatible. E.g. random numbers might be weaker with Suhosin when you are using windows.
I believe this can be closed if three fixes are made:
config.w32: https://github.com/stefanesser/suhosin/issues/39#issuecomment-38476376
execute.c: https://github.com/stefanesser/suhosin/issues/39#issuecomment-38520106
And rfc1867_new.c: https://github.com/stefanesser/suhosin/issues/39#issuecomment-38755929
Hey guys,
please do not even try to compile Suhosin for Windows at the moment. The current code base is based on a decision from a few years back that Windows support is not a current goal.
This means: yes you might be able to get Suhosin to compile on Windows with several changes, but it also means that it was never tested if any of the features still work afterwards.
e.g. Suhosin before 0.9.36 would produce not better random numbers than a plain PHP on Windows. Maybe even worse (cannot be said without further analysis).