--- /dev/null
+diff -Nura php-5.2.9/TSRM/TSRM.h suhosin-patch-5.2.9-0.9.7/TSRM/TSRM.h
+--- php-5.2.9/TSRM/TSRM.h 2008-12-31 12:17:31.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/TSRM/TSRM.h 2009-03-05 21:11:35.000000000 +0100
+@@ -38,6 +38,13 @@
+ typedef unsigned long tsrm_uintptr_t;
+ #endif
+
++#if SUHOSIN_PATCH
++# if HAVE_REALPATH
++# undef realpath
++# define realpath php_realpath
++# endif
++#endif
++
+ /* Only compile multi-threading functions if we're in ZTS mode */
+ #ifdef ZTS
+
+@@ -93,6 +100,7 @@
+
+ #define THREAD_HASH_OF(thr,ts) (unsigned long)thr%(unsigned long)ts
+
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+diff -Nura php-5.2.9/TSRM/tsrm_virtual_cwd.c suhosin-patch-5.2.9-0.9.7/TSRM/tsrm_virtual_cwd.c
+--- php-5.2.9/TSRM/tsrm_virtual_cwd.c 2008-12-31 12:17:31.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/TSRM/tsrm_virtual_cwd.c 2009-03-05 21:37:36.000000000 +0100
+@@ -273,6 +273,191 @@
+ }
+ /* }}} */
+
++#if SUHOSIN_PATCH
++CWD_API char *php_realpath(const char *path, char *resolved)
++{
++ struct stat sb;
++ char *p, *q, *s;
++ size_t left_len, resolved_len;
++ unsigned symlinks;
++ int serrno, slen;
++ int is_dir = 1;
++ char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
++
++ serrno = errno;
++ symlinks = 0;
++ if (path[0] == '/') {
++ resolved[0] = '/';
++ resolved[1] = '\0';
++ if (path[1] == '\0')
++ return (resolved);
++ resolved_len = 1;
++ left_len = strlcpy(left, path + 1, sizeof(left));
++ } else {
++ if (getcwd(resolved, PATH_MAX) == NULL) {
++ strlcpy(resolved, ".", PATH_MAX);
++ return (NULL);
++ }
++ resolved_len = strlen(resolved);
++ left_len = strlcpy(left, path, sizeof(left));
++ }
++ if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++
++ /*
++ * Iterate over path components in `left'.
++ */
++ while (left_len != 0) {
++ /*
++ * Extract the next path component and adjust `left'
++ * and its length.
++ */
++ p = strchr(left, '/');
++ s = p ? p : left + left_len;
++ if (s - left >= sizeof(next_token)) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ memcpy(next_token, left, s - left);
++ next_token[s - left] = '\0';
++ left_len -= s - left;
++ if (p != NULL)
++ memmove(left, s + 1, left_len + 1);
++ if (resolved[resolved_len - 1] != '/') {
++ if (resolved_len + 1 >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ resolved[resolved_len++] = '/';
++ resolved[resolved_len] = '\0';
++ }
++ if (next_token[0] == '\0')
++ continue;
++ else if (strcmp(next_token, ".") == 0){
++ if (!is_dir) {
++ resolved_len = strlcat(resolved, "#", PATH_MAX);
++ if (resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ return resolved;
++ }
++ continue;
++ } else if (strcmp(next_token, "..") == 0) {
++ /*
++ * Strip the last path component except when we have
++ * single "/"
++ */
++ if (!is_dir) {
++ errno = ENOENT;
++ return (NULL);
++ }
++ if (resolved_len > 1) {
++ resolved[resolved_len - 1] = '\0';
++ q = strrchr(resolved, '/');
++ *q = '\0';
++ resolved_len = q - resolved;
++ }
++ continue;
++ }
++
++ /*
++ * Append the next path component and lstat() it. If
++ * lstat() fails we still can return successfully if
++ * there are no more path components left.
++ */
++ resolved_len = strlcat(resolved, next_token, PATH_MAX);
++ if (resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ if (lstat(resolved, &sb) != 0) {
++ if (errno == ENOENT) {
++ if (p == NULL) {
++ errno = serrno;
++ return NULL;
++ return (resolved);
++ } /*else if (strstr(left, "/.") == NULL && strstr(left, "./") == NULL) {
++ resolved_len = strlcat(resolved, "/", PATH_MAX);
++ resolved_len = strlcat(resolved, left, PATH_MAX);
++ if (resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ errno = serrno;
++ return (resolved);
++ } */
++ }
++ return (NULL);
++ }
++ if (S_ISLNK(sb.st_mode)) {
++ if (symlinks++ > MAXSYMLINKS) {
++ errno = ELOOP;
++ return (NULL);
++ }
++ slen = readlink(resolved, symlink, sizeof(symlink) - 1);
++ if (slen < 0)
++ return (NULL);
++ symlink[slen] = '\0';
++ if (symlink[0] == '/') {
++ resolved[1] = 0;
++ resolved_len = 1;
++ } else if (resolved_len > 1) {
++ /* Strip the last path component. */
++ resolved[resolved_len - 1] = '\0';
++ q = strrchr(resolved, '/');
++ *q = '\0';
++ resolved_len = q - resolved;
++ }
++
++ /*
++ * If there are any path components left, then
++ * append them to symlink. The result is placed
++ * in `left'.
++ */
++ if (p != NULL) {
++ if (symlink[slen - 1] != '/') {
++ if (slen + 1 >= sizeof(symlink)) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ symlink[slen] = '/';
++ symlink[slen + 1] = 0;
++ }
++ left_len = strlcat(symlink, left, sizeof(left));
++ if (left_len >= sizeof(left)) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ }
++ left_len = strlcpy(left, symlink, sizeof(left));
++ } else {
++ if (S_ISDIR(sb.st_mode)) {
++ is_dir = 1;
++ } else {
++ is_dir = 0;
++ }
++ }
++ }
++
++ /*
++ * Remove trailing slash except when the resolved pathname
++ * is a single "/".
++ */
++ if (resolved_len > 1 && resolved[resolved_len - 1] == '/') {
++ if (!is_dir) {
++ errno = ENOENT;
++ return (NULL);
++ }
++ resolved[resolved_len - 1] = '\0';
++ }
++ return (resolved);
++}
++#endif
++
++
+ CWD_API void virtual_cwd_startup(void) /* {{{ */
+ {
+ char cwd[MAXPATHLEN];
+diff -Nura php-5.2.9/TSRM/tsrm_virtual_cwd.h suhosin-patch-5.2.9-0.9.7/TSRM/tsrm_virtual_cwd.h
+--- php-5.2.9/TSRM/tsrm_virtual_cwd.h 2008-12-31 12:17:32.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/TSRM/tsrm_virtual_cwd.h 2009-03-05 21:11:35.000000000 +0100
+@@ -139,6 +139,22 @@
+
+ typedef int (*verify_path_func)(const cwd_state *);
+
++#ifndef HAVE_STRLCPY
++CWD_API size_t php_strlcpy(char *dst, const char *src, size_t siz);
++#undef strlcpy
++#define strlcpy php_strlcpy
++#endif
++
++#ifndef HAVE_STRLCAT
++CWD_API size_t php_strlcat(char *dst, const char *src, size_t siz);
++#undef strlcat
++#define strlcat php_strlcat
++#endif
++
++
++#if SUHOSIN_PATCH
++CWD_API char *php_realpath(const char *path, char *resolved);
++#endif
+ CWD_API void virtual_cwd_startup(void);
+ CWD_API void virtual_cwd_shutdown(void);
+ CWD_API char *virtual_getcwd_ex(size_t *length TSRMLS_DC);
+diff -Nura php-5.2.9/Zend/Makefile.am suhosin-patch-5.2.9-0.9.7/Zend/Makefile.am
+--- php-5.2.9/Zend/Makefile.am 2006-12-05 09:07:57.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/Makefile.am 2009-03-05 21:11:35.000000000 +0100
+@@ -17,7 +17,7 @@
+ zend_objects_API.c zend_ts_hash.c zend_stream.c \
+ zend_default_classes.c \
+ zend_iterators.c zend_interfaces.c zend_exceptions.c \
+- zend_strtod.c zend_multibyte.c
++ zend_strtod.c zend_multibyte.c zend_canary.c
+
+ libZend_la_LDFLAGS =
+ libZend_la_LIBADD = @ZEND_EXTRA_LIBS@
+diff -Nura php-5.2.9/Zend/Zend.dsp suhosin-patch-5.2.9-0.9.7/Zend/Zend.dsp
+--- php-5.2.9/Zend/Zend.dsp 2006-12-05 09:07:57.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/Zend.dsp 2009-03-05 21:15:17.000000000 +0100
+@@ -239,6 +239,10 @@
+ # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
+diff -Nura php-5.2.9/Zend/ZendTS.dsp suhosin-patch-5.2.9-0.9.7/Zend/ZendTS.dsp
+--- php-5.2.9/Zend/ZendTS.dsp 2006-12-05 09:07:57.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/ZendTS.dsp 2009-03-05 21:15:17.000000000 +0100
+@@ -273,6 +273,10 @@
+ # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
+diff -Nura php-5.2.9/Zend/zend.c suhosin-patch-5.2.9-0.9.7/Zend/zend.c
+--- php-5.2.9/Zend/zend.c 2008-12-31 12:17:32.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend.c 2009-03-05 21:11:35.000000000 +0100
+@@ -57,7 +57,9 @@
+ ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+ int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap);
+ ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
+-
++#if SUHOSIN_PATCH
++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
++#endif
+ void (*zend_on_timeout)(int seconds TSRMLS_DC);
+
+ static void (*zend_message_dispatcher_p)(long message, void *data);
+@@ -74,9 +76,88 @@
+ return SUCCESS;
+ }
+
++#if SUHOSIN_PATCH
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
++{
++ if (!new_value) {
++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY;
++ } else {
++ SPG(log_syslog) = atoi(new_value) | S_MEMORY;
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
++{
++ if (!new_value) {
++ SPG(log_syslog_facility) = LOG_USER;
++ } else {
++ SPG(log_syslog_facility) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
++{
++ if (!new_value) {
++ SPG(log_syslog_priority) = LOG_ALERT;
++ } else {
++ SPG(log_syslog_priority) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
++{
++ if (!new_value) {
++ SPG(log_sapi) = S_ALL & ~S_SQL;
++ } else {
++ SPG(log_sapi) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_script)
++{
++ if (!new_value) {
++ SPG(log_script) = S_ALL & ~S_MEMORY;
++ } else {
++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
++{
++ if (SPG(log_scriptname)) {
++ pefree(SPG(log_scriptname),1);
++ }
++ SPG(log_scriptname) = NULL;
++ if (new_value) {
++ SPG(log_scriptname) = pestrdup(new_value,1);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
++{
++ if (!new_value) {
++ SPG(log_phpscript) = S_ALL & ~S_MEMORY;
++ } else {
++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
++ }
++ return SUCCESS;
++}
++#endif
+
+ ZEND_INI_BEGIN()
+ ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting)
++#if SUHOSIN_PATCH
++ ZEND_INI_ENTRY("suhosin.log.syslog", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog)
++ ZEND_INI_ENTRY("suhosin.log.syslog.facility", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog_facility)
++ ZEND_INI_ENTRY("suhosin.log.syslog.priority", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog_priority)
++ ZEND_INI_ENTRY("suhosin.log.sapi", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_sapi)
++ ZEND_INI_ENTRY("suhosin.log.script", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_script)
++ ZEND_INI_ENTRY("suhosin.log.script.name", NULL, ZEND_INI_SYSTEM, OnUpdateSuhosin_log_scriptname)
++ STD_ZEND_INI_BOOLEAN("suhosin.log.use-x-forwarded-for", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, log_use_x_forwarded_for, suhosin_patch_globals_struct, suhosin_patch_globals)
++ ZEND_INI_ENTRY("suhosin.log.phpscript", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_phpscript)
++ STD_ZEND_INI_ENTRY("suhosin.log.phpscript.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateString, log_phpscriptname, suhosin_patch_globals_struct, suhosin_patch_globals)
++ STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_SYSTEM, OnUpdateBool, log_phpscript_is_safe, suhosin_patch_globals_struct, suhosin_patch_globals)
++#endif
+ STD_ZEND_INI_BOOLEAN("zend.ze1_compatibility_mode", "0", ZEND_INI_ALL, OnUpdateBool, ze1_compatibility_mode, zend_executor_globals, executor_globals)
+ #ifdef ZEND_MULTIBYTE
+ STD_ZEND_INI_BOOLEAN("detect_unicode", "1", ZEND_INI_ALL, OnUpdateBool, detect_unicode, zend_compiler_globals, compiler_globals)
+diff -Nura php-5.2.9/Zend/zend.h suhosin-patch-5.2.9-0.9.7/Zend/zend.h
+--- php-5.2.9/Zend/zend.h 2008-12-31 12:17:32.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend.h 2009-03-05 21:11:35.000000000 +0100
+@@ -532,6 +532,9 @@
+ extern ZEND_API int (*zend_stream_open_function)(const char *filename, zend_file_handle *handle TSRMLS_DC);
+ extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap);
+ extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
++#if SUHOSIN_PATCH
++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
++#endif
+
+
+ ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3);
+@@ -663,6 +666,13 @@
+ #include "zend_operators.h"
+ #include "zend_variables.h"
+
++#if SUHOSIN_PATCH
++#include "suhosin_globals.h"
++#include "php_syslog.h"
++
++ZEND_API size_t zend_canary();
++#endif
++
+ #endif /* ZEND_H */
+
+ /*
+diff -Nura php-5.2.9/Zend/zend_alloc.c suhosin-patch-5.2.9-0.9.7/Zend/zend_alloc.c
+--- php-5.2.9/Zend/zend_alloc.c 2009-01-25 15:04:09.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_alloc.c 2009-03-05 21:11:35.000000000 +0100
+@@ -311,13 +311,26 @@
+ #define MEM_BLOCK_GUARD 0x2A8FCC84
+ #define MEM_BLOCK_LEAK 0x6C5E8F2D
+
++#if SUHOSIN_PATCH
++# define CANARY_SIZE sizeof(size_t)
++#else
++# define CANARY_SIZE 0
++#endif
++
+ /* mm block type */
+ typedef struct _zend_mm_block_info {
+ #if ZEND_MM_COOKIES
+ size_t _cookie;
+ #endif
+- size_t _size;
+- size_t _prev;
++#if SUHOSIN_PATCH
++ size_t canary_1;
++#endif
++ size_t _size;
++ size_t _prev;
++#if SUHOSIN_PATCH
++ size_t size;
++ size_t canary_2;
++#endif
+ } zend_mm_block_info;
+
+ #if ZEND_DEBUG
+@@ -423,6 +436,9 @@
+ int miss;
+ } cache_stat[ZEND_MM_NUM_BUCKETS+1];
+ #endif
++#if SUHOSIN_PATCH
++ size_t canary_1,canary_2,canary_3;
++#endif
+ };
+
+ #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \
+@@ -512,15 +528,15 @@
+ #define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK)
+ #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block))
+ #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block))
+-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE)
++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE)
+ #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE)
+ #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment))
+
+-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0)
++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0)
+
+ #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE)
+
+-#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)))
++#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)))
+
+ #define ZEND_MM_BUCKET_INDEX(true_size) ((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2))
+
+@@ -582,6 +598,48 @@
+
+ #endif
+
++#if SUHOSIN_PATCH
++
++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); size_t check; \
++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \
++ canary_mismatch: \
++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected"); \
++ exit(1); \
++ } \
++ memcpy(&check, p, CANARY_SIZE); \
++ if (check != heap->canary_3) { \
++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected"); \
++ exit(1); \
++ goto canary_mismatch; \
++ } \
++ } while (0)
++
++# define SUHOSIN_MM_SET_CANARIES(block) do { \
++ (block)->info.canary_1 = heap->canary_1; \
++ (block)->info.canary_2 = heap->canary_2; \
++ } while (0)
++
++# define SUHOSIN_MM_END_CANARY_PTR(block) \
++ (char *)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE)
++
++# define SUHOSIN_MM_SET_END_CANARY(block) do { \
++ char *p = SUHOSIN_MM_END_CANARY_PTR(block); \
++ memcpy(p, &heap->canary_3, CANARY_SIZE); \
++ } while (0)
++
++#else
++
++# define SUHOSIN_MM_CHECK_CANARIES(block)
++
++# define SUHOSIN_MM_SET_CANARIES(block)
++
++# define SUHOSIN_MM_END_CANARY_PTR(block)
++
++# define SUHOSIN_MM_SET_END_CANARY(block)
++
++#endif
++
+
+ #if ZEND_MM_HEAP_PROTECTION
+
+@@ -790,6 +848,12 @@
+ if (EXPECTED(prev == mm_block)) {
+ zend_mm_free_block **rp, **cp;
+
++#if SUHOSIN_PATCH
++ if (next != mm_block) {
++ zend_suhosin_log(S_MEMORY, "heap corrupt on efree() - heap corruption detected");
++ exit(1);
++ }
++#endif
+ #if ZEND_MM_SAFE_UNLINKING
+ if (UNEXPECTED(next != mm_block)) {
+ zend_mm_panic("zend_mm_heap corrupted");
+@@ -828,6 +892,12 @@
+ }
+ } else {
+
++#if SUHOSIN_PATCH
++ if (prev->next_free_block != mm_block || next->prev_free_block != mm_block) {
++ zend_suhosin_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected");
++ exit(1);
++ }
++#endif
+ #if ZEND_MM_SAFE_UNLINKING
+ if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) {
+ zend_mm_panic("zend_mm_heap corrupted");
+@@ -875,6 +945,11 @@
+ heap->large_free_buckets[i] = NULL;
+ }
+ heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap);
++#if SUHOSIN_PATCH
++ heap->canary_1 = zend_canary();
++ heap->canary_2 = zend_canary();
++ heap->canary_3 = zend_canary();
++#endif
+ }
+
+ static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment)
+@@ -1779,6 +1854,11 @@
+ best_fit = heap->cache[index];
+ heap->cache[index] = best_fit->prev_free_block;
+ heap->cached -= true_size;
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
+ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
+ return ZEND_MM_DATA_OF(best_fit);
+@@ -1918,6 +1998,12 @@
+
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1);
+
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
++
+ heap->size += true_size;
+ if (heap->peak < heap->size) {
+ heap->peak = heap->size;
+@@ -1941,6 +2027,9 @@
+
+ mm_block = ZEND_MM_HEADER_OF(p);
+ size = ZEND_MM_BLOCK_SIZE(mm_block);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()");
++#endif
+ ZEND_MM_CHECK_PROTECTION(mm_block);
+
+ #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+@@ -2003,6 +2092,9 @@
+ mm_block = ZEND_MM_HEADER_OF(p);
+ true_size = ZEND_MM_TRUE_SIZE(size);
+ orig_size = ZEND_MM_BLOCK_SIZE(mm_block);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()");
++#endif
+ ZEND_MM_CHECK_PROTECTION(mm_block);
+
+ if (UNEXPECTED(true_size < size)) {
+@@ -2034,6 +2126,11 @@
+ HANDLE_UNBLOCK_INTERRUPTIONS();
+ }
+ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(mm_block);
++ ((zend_mm_block*)mm_block)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(mm_block);
++#endif
+ return p;
+ }
+
+@@ -2053,13 +2150,18 @@
+ heap->cache[index] = best_fit->prev_free_block;
+ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
+
+ ptr = ZEND_MM_DATA_OF(best_fit);
+
+ #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+ memcpy(ptr, p, mm_block->debug.size);
+ #else
+- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE);
++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
+ #endif
+
+ heap->cached -= true_size - orig_size;
+@@ -2117,6 +2219,11 @@
+ if (heap->peak < heap->size) {
+ heap->peak = heap->size;
+ }
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(mm_block);
++ ((zend_mm_block*)mm_block)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(mm_block);
++#endif
+ HANDLE_UNBLOCK_INTERRUPTIONS();
+ return p;
+ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
+@@ -2220,6 +2327,11 @@
+ }
+
+ HANDLE_UNBLOCK_INTERRUPTIONS();
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(mm_block);
++ ((zend_mm_block*)mm_block)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(mm_block);
++#endif
+ return ZEND_MM_DATA_OF(mm_block);
+ }
+
+@@ -2227,7 +2339,7 @@
+ #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+ memcpy(ptr, p, mm_block->debug.size);
+ #else
+- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE);
++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
+ #endif
+ _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+ return ptr;
+@@ -2490,6 +2602,17 @@
+ zend_mm_shutdown(AG(mm_heap), full_shutdown, silent);
+ }
+
++#if SUHOSIN_PATCH
++ZEND_API void suhosin_clear_mm_canaries(TSRMLS_D)
++{
++/* NOT HERE
++
++ AG(mm_heap)->canary_1 = zend_canary();
++ AG(mm_heap)->canary_2 = zend_canary();
++ AG(mm_heap)->canary_3 = zend_canary(); */
++}
++#endif
++
+ static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC)
+ {
+ char *tmp;
+diff -Nura php-5.2.9/Zend/zend_alloc.h suhosin-patch-5.2.9-0.9.7/Zend/zend_alloc.h
+--- php-5.2.9/Zend/zend_alloc.h 2009-01-25 14:42:39.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_alloc.h 2009-03-05 21:11:35.000000000 +0100
+@@ -129,6 +129,9 @@
+
+ ZEND_API void start_memory_manager(TSRMLS_D);
+ ZEND_API void shutdown_memory_manager(int silent, int full_shutdown TSRMLS_DC);
++#if SUHOSIN_PATCH
++ZEND_API void suhosin_clear_mm_canaries(TSRMLS_D);
++#endif
+ ZEND_API int is_zend_mm(TSRMLS_D);
+
+ #if ZEND_DEBUG
+diff -Nura php-5.2.9/Zend/zend_canary.c suhosin-patch-5.2.9-0.9.7/Zend/zend_canary.c
+--- php-5.2.9/Zend/zend_canary.c 1970-01-01 01:00:00.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_canary.c 2009-03-05 21:11:35.000000000 +0100
+@@ -0,0 +1,64 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin-Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license@php.net so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser@hardened-php.net> |
++ +----------------------------------------------------------------------+
++ */
++/* $Id$ */
++
++#include "zend.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++
++
++#if SUHOSIN_PATCH
++
++static size_t last_canary = 0x73625123;
++
++/* will be replaced later with more compatible method */
++ZEND_API size_t zend_canary()
++{
++ time_t t;
++ size_t canary;
++ int fd;
++
++#ifndef PHP_WIN32
++ fd = open("/dev/urandom", 0);
++ if (fd != -1) {
++ int r = read(fd, &canary, sizeof(canary));
++ close(fd);
++ if (r == sizeof(canary)) {
++ return (canary);
++ }
++ }
++#endif
++ /* not good but we never want to do this */
++ time(&t);
++ canary = *(unsigned int *)&t + getpid() << 16 + last_canary;
++ last_canary ^= (canary << 5) | (canary >> (32-5));
++ return (canary);
++}
++
++#endif
++
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ * vim600: sw=4 ts=4 fdm=marker
++ * vim<600: sw=4 ts=4
++ */
+diff -Nura php-5.2.9/Zend/zend_compile.c suhosin-patch-5.2.9-0.9.7/Zend/zend_compile.c
+--- php-5.2.9/Zend/zend_compile.c 2009-01-26 22:27:41.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_compile.c 2009-03-05 21:11:35.000000000 +0100
+@@ -54,7 +54,6 @@
+ property_info->name = zend_strndup(property_info->name, property_info->name_length);
+ }
+
+-
+ static void zend_destroy_property_info(zend_property_info *property_info)
+ {
+ efree(property_info->name);
+@@ -68,6 +67,10 @@
+ {
+ free(property_info->name);
+ }
++#if SUHOSIN_PATCH
++void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal;
++void *suhosin_zend_destroy_property_info = zend_destroy_property_info;
++#endif
+
+ static void build_runtime_defined_function_key(zval *result, char *name, int name_length TSRMLS_DC)
+ {
+diff -Nura php-5.2.9/Zend/zend_compile.h suhosin-patch-5.2.9-0.9.7/Zend/zend_compile.h
+--- php-5.2.9/Zend/zend_compile.h 2009-01-21 11:15:46.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_compile.h 2009-03-05 21:11:35.000000000 +0100
+@@ -564,6 +564,11 @@
+
+ int zendlex(znode *zendlval TSRMLS_DC);
+
++#if SUHOSIN_PATCH
++extern void *suhosin_zend_destroy_property_info_internal;
++extern void *suhosin_zend_destroy_property_info;
++#endif
++
+ /* BEGIN: OPCODES */
+
+ #include "zend_vm_opcodes.h"
+@@ -689,6 +694,7 @@
+ #define ZEND_RETURNS_FUNCTION 1<<0
+ #define ZEND_RETURNS_NEW 1<<1
+
++
+ END_EXTERN_C()
+
+ #define ZEND_CLONE_FUNC_NAME "__clone"
+diff -Nura php-5.2.9/Zend/zend_constants.c suhosin-patch-5.2.9-0.9.7/Zend/zend_constants.c
+--- php-5.2.9/Zend/zend_constants.c 2008-12-31 12:17:33.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_constants.c 2009-03-05 21:11:35.000000000 +0100
+@@ -110,6 +110,75 @@
+ REGISTER_MAIN_LONG_CONSTANT("E_USER_NOTICE", E_USER_NOTICE, CONST_PERSISTENT | CONST_CS);
+
+ REGISTER_MAIN_LONG_CONSTANT("E_ALL", E_ALL, CONST_PERSISTENT | CONST_CS);
++#if SUHOSIN_PATCH
++ REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
++
++ /* error levels */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT);
++ /* facility: type of program logging the message */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT);
++#ifdef LOG_NEWS
++ /* No LOG_NEWS on HP-UX */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */
++#endif
++#ifdef LOG_UUCP
++ /* No LOG_UUCP on HP-UX */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT);
++#endif
++#ifdef LOG_CRON
++ /* apparently some systems don't have this one */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT);
++#endif
++#ifdef LOG_AUTHPRIV
++ /* AIX doesn't have LOG_AUTHPRIV */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT);
++#endif
++#if !defined(PHP_WIN32) && !defined(NETWARE)
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT);
++#endif
++ /* options */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT);
++#ifdef LOG_NOWAIT
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT);
++#endif
++#ifdef LOG_PERROR
++ /* AIX doesn't have LOG_PERROR */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
++#endif
++#endif
+
+ /* true/false constants */
+ {
+diff -Nura php-5.2.9/Zend/zend_errors.h suhosin-patch-5.2.9-0.9.7/Zend/zend_errors.h
+--- php-5.2.9/Zend/zend_errors.h 2008-12-31 12:17:33.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_errors.h 2009-03-05 21:11:35.000000000 +0100
+@@ -39,6 +39,20 @@
+ #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR)
+ #define E_CORE (E_CORE_ERROR | E_CORE_WARNING)
+
++#if SUHOSIN_PATCH
++#define S_MEMORY (1<<0L)
++#define S_MISC (1<<1L)
++#define S_VARS (1<<2L)
++#define S_FILES (1<<3L)
++#define S_INCLUDE (1<<4L)
++#define S_SQL (1<<5L)
++#define S_EXECUTOR (1<<6L)
++#define S_MAIL (1<<7L)
++#define S_SESSION (1<<8L)
++#define S_INTERNAL (1<<29L)
++#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR)
++#endif
++
+ #endif /* ZEND_ERRORS_H */
+
+ /*
+diff -Nura php-5.2.9/Zend/zend_hash.c suhosin-patch-5.2.9-0.9.7/Zend/zend_hash.c
+--- php-5.2.9/Zend/zend_hash.c 2008-12-31 12:17:33.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_hash.c 2009-03-05 21:11:35.000000000 +0100
+@@ -20,6 +20,7 @@
+ /* $Id$ */
+
+ #include "zend.h"
++#include "zend_compile.h"
+
+ #define CONNECT_TO_BUCKET_DLLIST(element, list_head) \
+ (element)->pNext = (list_head); \
+@@ -132,7 +133,189 @@
+ (p)->pDataPtr=NULL; \
+ }
+
++#if SUHOSIN_PATCH
++#ifdef ZTS
++MUTEX_T zend_hash_dprot_mx_reader;
++MUTEX_T zend_hash_dprot_mx_writer;
++unsigned int zend_hash_dprot_reader;
++#endif
++unsigned int zend_hash_dprot_counter;
++unsigned int zend_hash_dprot_curmax;
++dtor_func_t *zend_hash_dprot_table = NULL;
++
++static void zend_hash_dprot_begin_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_hash_dprot_mx_reader);
++ if ((++(zend_hash_dprot_reader)) == 1) {
++ tsrm_mutex_lock(zend_hash_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader);
++#endif
++}
++
++static void zend_hash_dprot_end_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_hash_dprot_mx_reader);
++ if ((--(zend_hash_dprot_reader)) == 0) {
++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader);
++#endif
++}
++
++static void zend_hash_dprot_begin_write()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_hash_dprot_mx_writer);
++#endif
++}
++
++static void zend_hash_dprot_end_write()
++{
++#ifdef ZTS
++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer);
++#endif
++}
++
++/*ZEND_API void zend_hash_dprot_dtor()
++{
++#ifdef ZTS
++ tsrm_mutex_free(zend_hash_dprot_mx_reader);
++ tsrm_mutex_free(zend_hash_dprot_mx_writer);
++#endif
++ free(zend_hash_dprot_table);
++}*/
++
++static void zend_hash_add_destructor(dtor_func_t pDestructor)
++{
++ int left, right, mid;
++ zend_bool found = 0;
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR
++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) {
++ return;
++ }
++
++ if (zend_hash_dprot_table == NULL) {
++#ifdef ZTS
++ zend_hash_dprot_mx_reader = tsrm_mutex_alloc();
++ zend_hash_dprot_mx_writer = tsrm_mutex_alloc();
++ zend_hash_dprot_reader = 0;
++#endif
++ zend_hash_dprot_counter = 0;
++ zend_hash_dprot_curmax = 256;
++ zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t));
++ }
++
++ zend_hash_dprot_begin_write();
++
++ if (zend_hash_dprot_counter == 0) {
++ zend_hash_dprot_counter++;
++ zend_hash_dprot_table[0] = pDestructor;
++ } else {
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_hash_dprot_counter-1;
++ mid = 0;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_hash_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_hash_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_hash_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++
++ if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) {
++ zend_hash_dprot_curmax += 256;
++ zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t));
++ }
++
++ if ((unsigned long)zend_hash_dprot_table[left] < value) {
++ memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t));
++ zend_hash_dprot_table[left+1] = pDestructor;
++ } else {
++ memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t));
++ zend_hash_dprot_table[left] = pDestructor;
++ }
++
++ zend_hash_dprot_counter++;
++ }
++ }
++
++ zend_hash_dprot_end_write();
++}
++
++static void zend_hash_check_destructor(dtor_func_t pDestructor)
++{
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR
++#ifdef ZEND_ENGINE_2
++ || pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info
++#endif
++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) {
++ return;
++ }
++
++ zend_hash_dprot_begin_read();
++
++ if (zend_hash_dprot_counter > 0) {
++ int left, right, mid;
++ zend_bool found = 0;
++
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_hash_dprot_counter-1;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_hash_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_hash_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_hash_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++ zend_hash_dprot_end_read();
++
++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor");
++ exit(1);
++ return;
++ }
++
++ }
++
++ zend_hash_dprot_end_read();
++}
+
++#else
++#define zend_hash_add_destructor(pDestructor) do {} while(0)
++#define zend_hash_check_destructor(pDestructor) do {} while(0)
++#endif
+
+ ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC)
+ {
+@@ -153,6 +336,7 @@
+
+ ht->nTableMask = ht->nTableSize - 1;
+ ht->pDestructor = pDestructor;
++ zend_hash_add_destructor(pDestructor);
+ ht->arBuckets = NULL;
+ ht->pListHead = NULL;
+ ht->pListTail = NULL;
+@@ -230,6 +414,8 @@
+ return FAILURE;
+ }
+ #endif
++
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -295,6 +481,7 @@
+ return FAILURE;
+ }
+ #endif
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -370,6 +557,7 @@
+ return FAILURE;
+ }
+ #endif
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -493,6 +681,7 @@
+ if (ht->pInternalPointer == p) {
+ ht->pInternalPointer = p->pListNext;
+ }
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -518,6 +707,8 @@
+
+ SET_INCONSISTENT(HT_IS_DESTROYING);
+
++ zend_hash_check_destructor(ht->pDestructor);
++
+ p = ht->pListHead;
+ while (p != NULL) {
+ q = p;
+@@ -544,6 +735,8 @@
+
+ SET_INCONSISTENT(HT_CLEANING);
+
++ zend_hash_check_destructor(ht->pDestructor);
++
+ p = ht->pListHead;
+ while (p != NULL) {
+ q = p;
+@@ -607,6 +800,7 @@
+ ht->nNumOfElements--;
+ HANDLE_UNBLOCK_INTERRUPTIONS();
+
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+diff -Nura php-5.2.9/Zend/zend_llist.c suhosin-patch-5.2.9-0.9.7/Zend/zend_llist.c
+--- php-5.2.9/Zend/zend_llist.c 2008-12-31 12:17:33.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/Zend/zend_llist.c 2009-03-05 21:11:35.000000000 +0100
+@@ -23,6 +23,184 @@
+ #include "zend_llist.h"
+ #include "zend_qsort.h"
+
++#if SUHOSIN_PATCH
++#ifdef ZTS
++MUTEX_T zend_llist_dprot_mx_reader;
++MUTEX_T zend_llist_dprot_mx_writer;
++unsigned int zend_llist_dprot_reader;
++#endif
++unsigned int zend_llist_dprot_counter;
++unsigned int zend_llist_dprot_curmax;
++llist_dtor_func_t *zend_llist_dprot_table = NULL;
++
++static void zend_llist_dprot_begin_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_llist_dprot_mx_reader);
++ if ((++(zend_llist_dprot_reader)) == 1) {
++ tsrm_mutex_lock(zend_llist_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader);
++#endif
++}
++
++static void zend_llist_dprot_end_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_llist_dprot_mx_reader);
++ if ((--(zend_llist_dprot_reader)) == 0) {
++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader);
++#endif
++}
++
++static void zend_llist_dprot_begin_write()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_llist_dprot_mx_writer);
++#endif
++}
++
++static void zend_llist_dprot_end_write()
++{
++#ifdef ZTS
++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer);
++#endif
++}
++
++/*ZEND_API void zend_llist_dprot_dtor()
++{
++#ifdef ZTS
++ tsrm_mutex_free(zend_llist_dprot_mx_reader);
++ tsrm_mutex_free(zend_llist_dprot_mx_writer);
++#endif
++ free(zend_llist_dprot_table);
++}*/
++
++static void zend_llist_add_destructor(llist_dtor_func_t pDestructor)
++{
++ int left, right, mid;
++ zend_bool found = 0;
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) {
++ return;
++ }
++
++ if (zend_llist_dprot_table == NULL) {
++#ifdef ZTS
++ zend_llist_dprot_mx_reader = tsrm_mutex_alloc();
++ zend_llist_dprot_mx_writer = tsrm_mutex_alloc();
++ zend_llist_dprot_reader = 0;
++#endif
++ zend_llist_dprot_counter = 0;
++ zend_llist_dprot_curmax = 256;
++ zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t));
++ }
++
++ zend_llist_dprot_begin_write();
++
++ if (zend_llist_dprot_counter == 0) {
++ zend_llist_dprot_counter++;
++ zend_llist_dprot_table[0] = pDestructor;
++ } else {
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_llist_dprot_counter-1;
++ mid = 0;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_llist_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_llist_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_llist_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++
++ if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) {
++ zend_llist_dprot_curmax += 256;
++ zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t));
++ }
++
++ if ((unsigned long)zend_llist_dprot_table[left] < value) {
++ memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t));
++ zend_llist_dprot_table[left+1] = pDestructor;
++ } else {
++ memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t));
++ zend_llist_dprot_table[left] = pDestructor;
++ }
++
++ zend_llist_dprot_counter++;
++ }
++ }
++
++ zend_llist_dprot_end_write();
++}
++
++static void zend_llist_check_destructor(llist_dtor_func_t pDestructor)
++{
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) {
++ return;
++ }
++
++ zend_llist_dprot_begin_read();
++
++ if (zend_llist_dprot_counter > 0) {
++ int left, right, mid;
++ zend_bool found = 0;
++
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_llist_dprot_counter-1;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_llist_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_llist_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_llist_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++ zend_llist_dprot_end_read();
++
++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor");
++ exit(1);
++ return;
++ }
++
++ }
++
++ zend_llist_dprot_end_read();
++}
++#else
++#define zend_llist_add_destructor(pDestructor) do {} while(0)
++#define zend_llist_check_destructor(pDestructor) do {} while(0)
++#endif
++
+ ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent)
+ {
+ l->head = NULL;
+@@ -30,6 +208,7 @@
+ l->count = 0;
+ l->size = size;
+ l->dtor = dtor;
++ zend_llist_add_destructor(dtor);
+ l->persistent = persistent;
+ }
+
+@@ -81,6 +260,7 @@
+ } else {\
+ (l)->tail = (current)->prev;\
+ }\
++ zend_llist_check_destructor((l)->dtor); \
+ if ((l)->dtor) {\
+ (l)->dtor((current)->data);\
+ }\
+@@ -108,6 +288,7 @@
+ {
+ zend_llist_element *current=l->head, *next;
+
++ zend_llist_check_destructor(l->dtor);
+ while (current) {
+ next = current->next;
+ if (l->dtor) {
+@@ -133,6 +314,7 @@
+ zend_llist_element *old_tail;
+ void *data;
+
++ zend_llist_check_destructor(l->dtor);
+ if ((old_tail = l->tail)) {
+ if (old_tail->prev) {
+ old_tail->prev->next = NULL;
+diff -Nura php-5.2.9/configure suhosin-patch-5.2.9-0.9.7/configure
+--- php-5.2.9/configure 2009-02-25 16:39:40.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/configure 2009-03-05 21:11:35.000000000 +0100
+@@ -18576,6 +18576,9 @@
+
+ fi
+
++cat >> confdefs.h <<\EOF
++#define SUHOSIN_PATCH 1
++EOF
+
+ echo $ac_n "checking for declared timezone""... $ac_c" 1>&6
+ echo "configure:18582: checking for declared timezone" >&5
+@@ -116592,7 +116595,7 @@
+ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
+ network.c php_open_temporary_file.c php_logos.c \
+- output.c ; do
++ output.c suhosin_patch.c ; do
+
+ IFS=.
+ set $ac_src
+@@ -116794,7 +116797,7 @@
+ zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
+ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
+ zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \
+- zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c; do
++ zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_canary.c; do
+
+ IFS=.
+ set $ac_src
+diff -Nura php-5.2.9/configure.in suhosin-patch-5.2.9-0.9.7/configure.in
+--- php-5.2.9/configure.in 2009-02-25 15:56:50.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/configure.in 2009-03-05 21:11:35.000000000 +0100
+@@ -257,6 +257,7 @@
+ sinclude(TSRM/threads.m4)
+ sinclude(TSRM/tsrm.m4)
+
++sinclude(main/suhosin_patch.m4)
+
+ divert(2)
+
+@@ -1368,7 +1369,7 @@
+ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
+ network.c php_open_temporary_file.c php_logos.c \
+- output.c )
++ output.c suhosin_patch.c )
+
+ PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \
+ plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c)
+@@ -1394,7 +1395,7 @@
+ zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
+ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
+ zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \
+- zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c)
++ zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_canary.c )
+
+ if test -r "$abs_srcdir/Zend/zend_objects.c"; then
+ PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c)
+diff -Nura php-5.2.9/ext/standard/basic_functions.c suhosin-patch-5.2.9-0.9.7/ext/standard/basic_functions.c
+--- php-5.2.9/ext/standard/basic_functions.c 2008-12-31 12:17:44.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/ext/standard/basic_functions.c 2009-03-05 21:11:35.000000000 +0100
+@@ -3575,7 +3575,9 @@
+ PHP_FALIAS(socket_get_status, stream_get_meta_data, arginfo_stream_get_meta_data)
+
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+- PHP_FE(realpath, arginfo_realpath)
++#undef realpath
++ PHP_NAMED_FE(realpath, PHP_FN(real_path), arginfo_realpath)
++#define realpath real_path
+ #endif
+
+ #ifdef HAVE_FNMATCH
+diff -Nura php-5.2.9/ext/standard/dl.c suhosin-patch-5.2.9-0.9.7/ext/standard/dl.c
+--- php-5.2.9/ext/standard/dl.c 2008-12-31 12:17:44.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/ext/standard/dl.c 2009-03-05 21:11:35.000000000 +0100
+@@ -246,6 +246,19 @@
+ RETURN_FALSE;
+ }
+ }
++#if SUHOSIN_PATCH
++ if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) {
++ void *log_func;
++ /* sucessfully loaded suhosin extension, now check for logging function replacement */
++ log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log");
++ if (log_func == NULL) {
++ log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log");
++ }
++ if (log_func != NULL) {
++ zend_suhosin_log = log_func;
++ }
++ }
++#endif
+ RETURN_TRUE;
+ }
+ /* }}} */
+diff -Nura php-5.2.9/ext/standard/file.c suhosin-patch-5.2.9-0.9.7/ext/standard/file.c
+--- php-5.2.9/ext/standard/file.c 2008-12-31 12:17:44.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/ext/standard/file.c 2009-03-05 21:11:35.000000000 +0100
+@@ -2387,7 +2387,7 @@
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+ /* {{{ proto string realpath(string path)
+ Return the resolved path */
+-PHP_FUNCTION(realpath)
++PHP_FUNCTION(real_path)
+ {
+ zval **path;
+ char resolved_path_buff[MAXPATHLEN];
+diff -Nura php-5.2.9/ext/standard/file.h suhosin-patch-5.2.9-0.9.7/ext/standard/file.h
+--- php-5.2.9/ext/standard/file.h 2008-12-31 12:17:45.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/ext/standard/file.h 2009-03-05 21:11:35.000000000 +0100
+@@ -61,7 +61,7 @@
+ PHP_FUNCTION(fd_set);
+ PHP_FUNCTION(fd_isset);
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+-PHP_FUNCTION(realpath);
++PHP_FUNCTION(real_path);
+ #endif
+ #ifdef HAVE_FNMATCH
+ PHP_FUNCTION(fnmatch);
+diff -Nura php-5.2.9/ext/standard/info.c suhosin-patch-5.2.9-0.9.7/ext/standard/info.c
+--- php-5.2.9/ext/standard/info.c 2008-12-31 12:17:45.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/ext/standard/info.c 2009-03-05 21:11:35.000000000 +0100
+@@ -648,6 +648,31 @@
+
+ php_info_print_table_end();
+
++ /* Suhosin Patch */
++ php_info_print_box_start(0);
++ if (expose_php && !sapi_module.phpinfo_as_text) {
++ PUTS("<a href=\"http://www.hardened-php.net/suhosin/index.html\"><img border=\"0\" src=\"");
++ if (SG(request_info).request_uri) {
++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
++ PUTS(elem_esc);
++ efree(elem_esc);
++ }
++ PUTS("?="SUHOSIN_LOGO_GUID"\" alt=\"Suhosin logo\" /></a>\n");
++ }
++ PUTS("This server is protected with the Suhosin Patch ");
++ if (sapi_module.phpinfo_as_text) {
++ PUTS(SUHOSIN_PATCH_VERSION);
++ } else {
++ zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC);
++ }
++ PUTS(!sapi_module.phpinfo_as_text?"<br />":"\n");
++ if (sapi_module.phpinfo_as_text) {
++ PUTS("Copyright (c) 2006 Hardened-PHP Project\n");
++ } else {
++ PUTS("Copyright (c) 2006 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a>\n");
++ }
++ php_info_print_box_end();
++
+ /* Zend Engine */
+ php_info_print_box_start(0);
+ if (expose_php && !sapi_module.phpinfo_as_text) {
+diff -Nura php-5.2.9/ext/standard/syslog.c suhosin-patch-5.2.9-0.9.7/ext/standard/syslog.c
+--- php-5.2.9/ext/standard/syslog.c 2008-12-31 12:17:46.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/ext/standard/syslog.c 2009-03-05 21:11:35.000000000 +0100
+@@ -42,6 +42,7 @@
+ */
+ PHP_MINIT_FUNCTION(syslog)
+ {
++#if !SUHOSIN_PATCH
+ /* error levels */
+ REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
+ REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
+@@ -97,6 +98,7 @@
+ /* AIX doesn't have LOG_PERROR */
+ REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
+ #endif
++#endif
+ BG(syslog_device)=NULL;
+
+ return SUCCESS;
+diff -Nura php-5.2.9/main/fopen_wrappers.c suhosin-patch-5.2.9-0.9.7/main/fopen_wrappers.c
+--- php-5.2.9/main/fopen_wrappers.c 2009-02-10 17:14:27.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/fopen_wrappers.c 2009-03-05 21:11:35.000000000 +0100
+@@ -110,7 +110,7 @@
+
+ /* normalize and expand path */
+ if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
+- return -1;
++ return -2;
+ }
+
+ path_len = strlen(resolved_name);
+@@ -182,6 +182,12 @@
+ }
+ }
+
++ if (resolved_name_len == resolved_basedir_len - 1) {
++ if (resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
++ resolved_basedir_len--;
++ }
++ }
++
+ /* Check the path */
+ #if defined(PHP_WIN32) || defined(NETWARE)
+ if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
+@@ -205,7 +211,7 @@
+ }
+ } else {
+ /* Unable to resolve the real path, return -1 */
+- return -1;
++ return -3;
+ }
+ }
+ /* }}} */
+@@ -224,22 +230,44 @@
+ char *pathbuf;
+ char *ptr;
+ char *end;
++ char path_copy[MAXPATHLEN];
++ int path_len;
++
++ /* Special case path ends with a trailing slash */
++ path_len = strlen(path);
++ if (path_len >= MAXPATHLEN) {
++ errno = EPERM; /* we deny permission to open it */
++ return -1;
++ }
++ if (path_len > 0 && path[path_len-1] == PHP_DIR_SEPARATOR) {
++ memcpy(path_copy, path, path_len+1);
++ while (path_len > 1 && path_copy[path_len-1] == PHP_DIR_SEPARATOR) path_len--;
++ path_copy[path_len] = '\0';
++ path = (const char *)&path_copy;
++ }
+
+ pathbuf = estrdup(PG(open_basedir));
+
+ ptr = pathbuf;
+
+ while (ptr && *ptr) {
++ int res;
+ end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ if (end != NULL) {
+ *end = '\0';
+ end++;
+ }
+
+- if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
++ res = php_check_specific_open_basedir(ptr, path TSRMLS_CC);
++ if (res == 0) {
+ efree(pathbuf);
+ return 0;
+ }
++ if (res == -2) {
++ efree(pathbuf);
++ errno = EPERM;
++ return -1;
++ }
+
+ ptr = end;
+ }
+diff -Nura php-5.2.9/main/main.c suhosin-patch-5.2.9-0.9.7/main/main.c
+--- php-5.2.9/main/main.c 2008-12-31 12:17:47.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/main.c 2009-03-05 21:11:35.000000000 +0100
+@@ -89,6 +89,9 @@
+
+ #include "SAPI.h"
+ #include "rfc1867.h"
++#if SUHOSIN_PATCH
++#include "suhosin_globals.h"
++#endif
+ /* }}} */
+
+ #ifndef ZTS
+@@ -1374,7 +1377,7 @@
+
+ /* used to close fd's in the 3..255 range here, but it's problematic
+ */
+- shutdown_memory_manager(1, 1 TSRMLS_CC);
++ shutdown_memory_manager(1, 1 TSRMLS_CC);
+ }
+ /* }}} */
+
+@@ -1415,6 +1418,9 @@
+
+ zend_try {
+ shutdown_memory_manager(CG(unclean_shutdown), 0 TSRMLS_CC);
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ } zend_end_try();
+
+ zend_try {
+@@ -1509,6 +1515,9 @@
+ /* 11. Free Willy (here be crashes) */
+ zend_try {
+ shutdown_memory_manager(CG(unclean_shutdown) || !report_memleaks, 0 TSRMLS_CC);
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ } zend_end_try();
+
+ /* 12. Reset max_execution_time */
+@@ -1668,6 +1677,9 @@
+ #ifdef ZTS
+ tsrm_ls = ts_resource(0);
+ #endif
++#if SUHOSIN_PATCH
++ suhosin_startup();
++#endif
+
+ module_shutdown = 0;
+ module_startup = 1;
+@@ -1809,6 +1821,10 @@
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_PATH", PHP_CONFIG_FILE_PATH, strlen(PHP_CONFIG_FILE_PATH), CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS);
++#if SUHOSIN_PATCH
++ REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS);
++#endif
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS);
+@@ -1858,7 +1874,9 @@
+ module_startup = 0;
+
+ shutdown_memory_manager(1, 0 TSRMLS_CC);
+-
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ /* we're done */
+ return SUCCESS;
+ }
+@@ -1917,6 +1935,9 @@
+ #ifndef ZTS
+ zend_ini_shutdown(TSRMLS_C);
+ shutdown_memory_manager(CG(unclean_shutdown), 1 TSRMLS_CC);
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ core_globals_dtor(&core_globals TSRMLS_CC);
+ #else
+ zend_ini_global_shutdown(TSRMLS_C);
+diff -Nura php-5.2.9/main/php.h suhosin-patch-5.2.9-0.9.7/main/php.h
+--- php-5.2.9/main/php.h 2008-12-31 12:17:47.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/php.h 2009-03-05 21:11:35.000000000 +0100
+@@ -40,6 +40,13 @@
+ #undef sprintf
+ #define sprintf php_sprintf
+
++#if SUHOSIN_PATCH
++#if HAVE_REALPATH
++#undef realpath
++#define realpath php_realpath
++#endif
++#endif
++
+ /* PHP's DEBUG value must match Zend's ZEND_DEBUG value */
+ #undef PHP_DEBUG
+ #define PHP_DEBUG ZEND_DEBUG
+@@ -448,6 +455,10 @@
+ #endif
+ #endif /* !XtOffsetOf */
+
++#if SUHOSIN_PATCH
++#include "suhosin_patch.h"
++#endif
++
+ #endif
+
+ /*
+diff -Nura php-5.2.9/main/php_config.h.in suhosin-patch-5.2.9-0.9.7/main/php_config.h.in
+--- php-5.2.9/main/php_config.h.in 2009-02-25 16:39:45.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/php_config.h.in 2009-03-05 21:11:35.000000000 +0100
+@@ -809,6 +809,9 @@
+ /* Define if the target system has /dev/urandom device */
+ #undef HAVE_DEV_URANDOM
+
++/* Suhosin-Patch for PHP */
++#undef SUHOSIN_PATCH
++
+ /* Whether you have AOLserver */
+ #undef HAVE_AOLSERVER
+
+diff -Nura php-5.2.9/main/php_logos.c suhosin-patch-5.2.9-0.9.7/main/php_logos.c
+--- php-5.2.9/main/php_logos.c 2008-12-31 12:17:47.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/php_logos.c 2009-03-05 21:11:35.000000000 +0100
+@@ -50,6 +50,10 @@
+ return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string));
+ }
+
++#if SUHOSIN_PATCH
++#include "suhosin_logo.h"
++#endif
++
+ int php_init_info_logos(void)
+ {
+ if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE)
+@@ -58,6 +62,9 @@
+ php_register_info_logo(PHP_LOGO_GUID , "image/gif", php_logo , sizeof(php_logo));
+ php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo));
+ php_register_info_logo(ZEND_LOGO_GUID , "image/gif", zend_logo , sizeof(zend_logo));
++#if SUHOSIN_PATCH
++ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo, sizeof(suhosin_logo));
++#endif
+
+ return SUCCESS;
+ }
+diff -Nura php-5.2.9/main/snprintf.c suhosin-patch-5.2.9-0.9.7/main/snprintf.c
+--- php-5.2.9/main/snprintf.c 2008-12-31 12:17:48.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/snprintf.c 2009-03-05 21:11:35.000000000 +0100
+@@ -1077,7 +1077,11 @@
+
+
+ case 'n':
++#if SUHOSIN_PATCH
++ zend_suhosin_log(S_MISC, "'n' specifier within format string");
++#else
+ *(va_arg(ap, int *)) = cc;
++#endif
+ goto skip_output;
+
+ /*
+diff -Nura php-5.2.9/main/spprintf.c suhosin-patch-5.2.9-0.9.7/main/spprintf.c
+--- php-5.2.9/main/spprintf.c 2009-02-04 16:03:12.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/spprintf.c 2009-03-05 21:11:35.000000000 +0100
+@@ -682,7 +682,11 @@
+
+
+ case 'n':
++#if SUHOSIN_PATCH
++ zend_suhosin_log(S_MISC, "'n' specifier within format string");
++#else
+ *(va_arg(ap, int *)) = xbuf->len;
++#endif
+ goto skip_output;
+
+ /*
+diff -Nura php-5.2.9/main/suhosin_globals.h suhosin-patch-5.2.9-0.9.7/main/suhosin_globals.h
+--- php-5.2.9/main/suhosin_globals.h 1970-01-01 01:00:00.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/suhosin_globals.h 2009-03-05 21:11:35.000000000 +0100
+@@ -0,0 +1,61 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin-Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license@php.net so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser@hardened-php.net> |
++ +----------------------------------------------------------------------+
++ */
++
++#ifndef SUHOSIN_GLOBALS_H
++#define SUHOSIN_GLOBALS_H
++
++typedef struct _suhosin_patch_globals suhosin_patch_globals_struct;
++
++#ifdef ZTS
++# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v)
++extern int suhosin_patch_globals_id;
++#else
++# define SPG(v) (suhosin_patch_globals.v)
++extern struct _suhosin_patch_globals suhosin_patch_globals;
++#endif
++
++
++struct _suhosin_patch_globals {
++ /* logging */
++ int log_syslog;
++ int log_syslog_facility;
++ int log_syslog_priority;
++ int log_sapi;
++ int log_script;
++ int log_phpscript;
++ char *log_scriptname;
++ char *log_phpscriptname;
++ zend_bool log_phpscript_is_safe;
++ zend_bool log_use_x_forwarded_for;
++
++ /* memory manager canary protection */
++ unsigned int canary_1;
++ unsigned int canary_2;
++ unsigned int canary_3;
++ unsigned int dummy;
++};
++
++
++#endif /* SUHOSIN_GLOBALS_H */
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ */
+diff -Nura php-5.2.9/main/suhosin_logo.h suhosin-patch-5.2.9-0.9.7/main/suhosin_logo.h
+--- php-5.2.9/main/suhosin_logo.h 1970-01-01 01:00:00.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/suhosin_logo.h 2009-03-05 21:11:35.000000000 +0100
+@@ -0,0 +1,178 @@
++static unsigned char suhosin_logo[] =
++ "\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48"
++ "\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d"
++ "\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43"
++ "\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4"
++ "\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00"
++ "\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4"
++ "\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00"
++ "\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13"
++ "\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98"
++ "\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5"
++ "\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46"
++ "\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69"
++ "\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5"
++ "\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13"
++ "\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf"
++ "\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8"
++ "\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44"
++ "\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c"
++ "\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d"
++ "\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1"
++ "\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55"
++ "\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3"
++ "\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35"
++ "\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b"
++ "\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d"
++ "\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6"
++ "\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27"
++ "\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3"
++ "\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52"
++ "\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85"
++ "\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e"
++ "\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74"
++ "\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1"
++ "\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95"
++ "\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4"
++ "\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf"
++ "\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71"
++ "\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58"
++ "\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c"
++ "\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf"
++ "\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83"
++ "\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d"
++ "\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08"
++ "\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf"
++ "\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01"
++ "\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21"
++ "\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac"
++ "\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56"
++ "\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10"
++ "\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98"
++ "\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e"
++ "\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3"
++ "\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d"
++ "\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85"
++ "\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa"
++ "\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7"
++ "\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76"
++ "\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21"
++ "\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a"
++ "\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36"
++ "\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24"
++ "\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12"
++ "\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78"
++ "\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb"
++ "\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2"
++ "\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2"
++ "\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79"
++ "\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d"
++ "\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98"
++ "\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c"
++ "\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c"
++ "\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77"
++ "\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65"
++ "\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe"
++ "\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15"
++ "\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb"
++ "\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65"
++ "\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84"
++ "\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a"
++ "\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c"
++ "\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40"
++ "\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e"
++ "\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4"
++ "\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d"
++ "\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d"
++ "\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d"
++ "\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b"
++ "\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07"
++ "\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22"
++ "\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c"
++ "\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54"
++ "\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67"
++ "\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96"
++ "\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd"
++ "\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40"
++ "\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3"
++ "\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85"
++ "\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96"
++ "\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76"
++ "\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c"
++ "\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09"
++ "\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3"
++ "\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22"
++ "\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92"
++ "\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5"
++ "\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb"
++ "\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74"
++ "\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b"
++ "\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa"
++ "\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b"
++ "\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed"
++ "\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80"
++ "\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01"
++ "\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74"
++ "\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90"
++ "\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b"
++ "\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8"
++ "\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81"
++ "\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67"
++ "\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e"
++ "\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1"
++ "\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd"
++ "\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7"
++ "\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d"
++ "\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d"
++ "\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1"
++ "\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7"
++ "\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f"
++ "\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64"
++ "\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14"
++ "\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8"
++ "\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2"
++ "\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef"
++ "\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb"
++ "\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12"
++ "\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07"
++ "\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64"
++ "\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07"
++ "\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a"
++ "\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9"
++ "\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb"
++ "\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31"
++ "\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5"
++ "\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9"
++ "\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee"
++ "\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e"
++ "\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f"
++ "\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50"
++ "\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96"
++ "\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30"
++ "\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57"
++ "\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f"
++ "\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99"
++ "\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab"
++ "\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51"
++ "\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02"
++ "\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae"
++ "\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6"
++ "\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2"
++ "\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c"
++ "\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8"
++ "\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49"
++ "\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e"
++ "\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f"
++ "\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3"
++ "\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78"
++ "\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b"
++ "\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe"
++ "\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31"
++ "\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c"
++ "\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1"
++ "\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9"
++ ;
+diff -Nura php-5.2.9/main/suhosin_patch.c suhosin-patch-5.2.9-0.9.7/main/suhosin_patch.c
+--- php-5.2.9/main/suhosin_patch.c 1970-01-01 01:00:00.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/suhosin_patch.c 2009-03-05 21:11:35.000000000 +0100
+@@ -0,0 +1,380 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license@php.net so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser@hardened-php.net> |
++ +----------------------------------------------------------------------+
++ */
++/* $Id$ */
++
++#include "php.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++
++#if HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++#include "SAPI.h"
++#include "php_globals.h"
++
++#if SUHOSIN_PATCH
++
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++
++#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
++#undef AF_UNIX
++#endif
++
++#if defined(AF_UNIX)
++#include <sys/un.h>
++#endif
++
++#define SYSLOG_PATH "/dev/log"
++
++#ifdef PHP_WIN32
++static HANDLE log_source = 0;
++#endif
++
++#include "snprintf.h"
++
++#include "suhosin_patch.h"
++
++#ifdef ZTS
++#include "suhosin_globals.h"
++int suhosin_patch_globals_id;
++#else
++struct _suhosin_patch_globals suhosin_patch_globals;
++#endif
++
++static void php_security_log(int loglevel, char *fmt, ...);
++
++static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC)
++{
++ memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals));
++}
++
++PHPAPI void suhosin_startup()
++{
++#ifdef ZTS
++ ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL);
++#else
++ suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC);
++#endif
++ zend_suhosin_log = php_security_log;
++}
++
++/*PHPAPI void suhosin_clear_mm_canaries(TSRMLS_D)
++{
++ zend_alloc_clear_mm_canaries(AG(heap));
++ SPG(canary_1) = zend_canary();
++ SPG(canary_2) = zend_canary();
++ SPG(canary_3) = zend_canary();
++}*/
++
++static char *loglevel2string(int loglevel)
++{
++ switch (loglevel) {
++ case S_FILES:
++ return "FILES";
++ case S_INCLUDE:
++ return "INCLUDE";
++ case S_MEMORY:
++ return "MEMORY";
++ case S_MISC:
++ return "MISC";
++ case S_SESSION:
++ return "SESSION";
++ case S_SQL:
++ return "SQL";
++ case S_EXECUTOR:
++ return "EXECUTOR";
++ case S_VARS:
++ return "VARS";
++ default:
++ return "UNKNOWN";
++ }
++}
++
++static void php_security_log(int loglevel, char *fmt, ...)
++{
++ int s, r, i=0;
++#if defined(AF_UNIX)
++ struct sockaddr_un saun;
++#endif
++#ifdef PHP_WIN32
++ LPTSTR strs[2];
++ unsigned short etype;
++ DWORD evid;
++#endif
++ char buf[4096+64];
++ char error[4096+100];
++ char *ip_address;
++ char *fname;
++ char *alertstring;
++ int lineno;
++ va_list ap;
++ TSRMLS_FETCH();
++
++ /*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/
++
++ if (SPG(log_use_x_forwarded_for)) {
++ ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC);
++ if (ip_address == NULL) {
++ ip_address = "X-FORWARDED-FOR not set";
++ }
++ } else {
++ ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC);
++ if (ip_address == NULL) {
++ ip_address = "REMOTE_ADDR not set";
++ }
++ }
++
++
++ va_start(ap, fmt);
++ ap_php_vsnprintf(error, sizeof(error), fmt, ap);
++ va_end(ap);
++ while (error[i]) {
++ if (error[i] < 32) error[i] = '.';
++ i++;
++ }
++
++/* if (SPG(simulation)) {
++ alertstring = "ALERT-SIMULATION";
++ } else { */
++ alertstring = "ALERT";
++/* }*/
++
++ if (zend_is_executing(TSRMLS_C)) {
++ if (EG(current_execute_data)) {
++ lineno = EG(current_execute_data)->opline->lineno;
++ fname = EG(current_execute_data)->op_array->filename;
++ } else {
++ lineno = zend_get_executed_lineno(TSRMLS_C);
++ fname = zend_get_executed_filename(TSRMLS_C);
++ }
++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno);
++ } else {
++ fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC);
++ if (fname==NULL) {
++ fname = "unknown";
++ }
++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname);
++ }
++
++ /* Syslog-Logging disabled? */
++ if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) {
++ goto log_sapi;
++ }
++
++#if defined(AF_UNIX)
++ ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf);
++
++ s = socket(AF_UNIX, SOCK_DGRAM, 0);
++ if (s == -1) {
++ goto log_sapi;
++ }
++
++ memset(&saun, 0, sizeof(saun));
++ saun.sun_family = AF_UNIX;
++ strcpy(saun.sun_path, SYSLOG_PATH);
++ /*saun.sun_len = sizeof(saun);*/
++
++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
++ if (r) {
++ close(s);
++ s = socket(AF_UNIX, SOCK_STREAM, 0);
++ if (s == -1) {
++ goto log_sapi;
++ }
++
++ memset(&saun, 0, sizeof(saun));
++ saun.sun_family = AF_UNIX;
++ strcpy(saun.sun_path, SYSLOG_PATH);
++ /*saun.sun_len = sizeof(saun);*/
++
++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
++ if (r) {
++ close(s);
++ goto log_sapi;
++ }
++ }
++ send(s, error, strlen(error), 0);
++
++ close(s);
++#endif
++#ifdef PHP_WIN32
++ ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf);
++
++ switch (SPG(log_syslog_priority)) { /* translate UNIX type into NT type */
++ case 1: /*LOG_ALERT:*/
++ etype = EVENTLOG_ERROR_TYPE;
++ break;
++ case 6: /*LOG_INFO:*/
++ etype = EVENTLOG_INFORMATION_TYPE;
++ break;
++ default:
++ etype = EVENTLOG_WARNING_TYPE;
++ }
++ evid = loglevel;
++ strs[0] = error;
++ /* report the event */
++ if (log_source == NULL) {
++ log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION);
++ }
++ ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL);
++
++#endif
++log_sapi:
++ /* SAPI Logging activated? */
++ /*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/
++ if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) {
++ sapi_module.log_message(buf);
++ }
++
++/*log_script:*/
++ /* script logging activaed? */
++ if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) {
++ char cmd[8192], *cmdpos, *bufpos;
++ FILE *in;
++ int space;
++
++ ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel));
++ space = sizeof(cmd) - strlen(cmd);
++ cmdpos = cmd + strlen(cmd);
++ bufpos = buf;
++ if (space <= 1) return;
++ while (space > 2 && *bufpos) {
++ if (*bufpos == '\'') {
++ if (space<=5) break;
++ *cmdpos++ = '\'';
++ *cmdpos++ = '\\';
++ *cmdpos++ = '\'';
++ *cmdpos++ = '\'';
++ bufpos++;
++ space-=4;
++ } else {
++ *cmdpos++ = *bufpos++;
++ space--;
++ }
++ }
++ *cmdpos++ = '\'';
++ *cmdpos = 0;
++
++ if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
++ php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname));
++ return;
++ }
++ /* read and forget the result */
++ while (1) {
++ int readbytes = fread(cmd, 1, sizeof(cmd), in);
++ if (readbytes<=0) {
++ break;
++ }
++ }
++ pclose(in);
++ }
++/*log_phpscript:*/
++ if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) {
++ zend_file_handle file_handle;
++ zend_op_array *new_op_array;
++ zval *result = NULL;
++
++ /*long orig_execution_depth = SPG(execution_depth);*/
++ zend_bool orig_safe_mode = PG(safe_mode);
++ char *orig_basedir = PG(open_basedir);
++
++ char *phpscript = SPG(log_phpscriptname);
++/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/
++#ifdef ZEND_ENGINE_2
++ if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) {
++#else
++ if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
++ file_handle.filename = phpscript;
++ file_handle.free_filename = 0;
++#endif
++ if (!file_handle.opened_path) {
++ file_handle.opened_path = estrndup(phpscript, strlen(phpscript));
++ }
++ new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC);
++ zend_destroy_file_handle(&file_handle TSRMLS_CC);
++ if (new_op_array) {
++ HashTable *active_symbol_table = EG(active_symbol_table);
++ zval *zerror, *zerror_class;
++
++ if (active_symbol_table == NULL) {
++ active_symbol_table = &EG(symbol_table);
++ }
++ EG(return_value_ptr_ptr) = &result;
++ EG(active_op_array) = new_op_array;
++
++ MAKE_STD_ZVAL(zerror);
++ MAKE_STD_ZVAL(zerror_class);
++ ZVAL_STRING(zerror, buf, 1);
++ ZVAL_LONG(zerror_class, loglevel);
++
++ zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL);
++ zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL);
++
++ /*SPG(execution_depth) = 0;*/
++ if (SPG(log_phpscript_is_safe)) {
++ PG(safe_mode) = 0;
++ PG(open_basedir) = NULL;
++ }
++
++ zend_execute(new_op_array TSRMLS_CC);
++
++ /*SPG(execution_depth) = orig_execution_depth;*/
++ PG(safe_mode) = orig_safe_mode;
++ PG(open_basedir) = orig_basedir;
++
++#ifdef ZEND_ENGINE_2
++ destroy_op_array(new_op_array TSRMLS_CC);
++#else
++ destroy_op_array(new_op_array);
++#endif
++ efree(new_op_array);
++#ifdef ZEND_ENGINE_2
++ if (!EG(exception))
++#endif
++ {
++ if (EG(return_value_ptr_ptr)) {
++ zval_ptr_dtor(EG(return_value_ptr_ptr));
++ EG(return_value_ptr_ptr) = NULL;
++ }
++ }
++ } else {
++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname));
++ return;
++ }
++ } else {
++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname));
++ return;
++ }
++ }
++
++}
++
++
++#endif
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ * vim600: sw=4 ts=4 fdm=marker
++ * vim<600: sw=4 ts=4
++ */
+diff -Nura php-5.2.9/main/suhosin_patch.h suhosin-patch-5.2.9-0.9.7/main/suhosin_patch.h
+--- php-5.2.9/main/suhosin_patch.h 1970-01-01 01:00:00.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/suhosin_patch.h 2009-03-05 21:40:19.000000000 +0100
+@@ -0,0 +1,40 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license@php.net so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser@hardened-php.net> |
++ +----------------------------------------------------------------------+
++ */
++
++#ifndef SUHOSIN_PATCH_H
++#define SUHOSIN_PATCH_H
++
++#if SUHOSIN_PATCH
++
++#include "zend.h"
++
++PHPAPI void suhosin_startup();
++#define SUHOSIN_PATCH_VERSION "0.9.7"
++
++#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18"
++
++#endif
++
++#endif /* SUHOSIN_PATCH_H */
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ */
+diff -Nura php-5.2.9/main/suhosin_patch.m4 suhosin-patch-5.2.9-0.9.7/main/suhosin_patch.m4
+--- php-5.2.9/main/suhosin_patch.m4 1970-01-01 01:00:00.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/main/suhosin_patch.m4 2009-03-05 21:11:35.000000000 +0100
+@@ -0,0 +1,8 @@
++dnl
++dnl $Id$
++dnl
++dnl This file contains Suhosin Patch for PHP specific autoconf functions.
++dnl
++
++AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch])
++
+diff -Nura php-5.2.9/sapi/apache/mod_php5.c suhosin-patch-5.2.9-0.9.7/sapi/apache/mod_php5.c
+--- php-5.2.9/sapi/apache/mod_php5.c 2008-12-31 12:17:48.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/sapi/apache/mod_php5.c 2009-03-05 21:11:35.000000000 +0100
+@@ -951,7 +951,11 @@
+ {
+ TSRMLS_FETCH();
+ if (PG(expose_php)) {
++#if SUHOSIN_PATCH
++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch");
++#else
+ ap_add_version_component("PHP/" PHP_VERSION);
++#endif
+ }
+ }
+ #endif
+diff -Nura php-5.2.9/sapi/apache2filter/sapi_apache2.c suhosin-patch-5.2.9-0.9.7/sapi/apache2filter/sapi_apache2.c
+--- php-5.2.9/sapi/apache2filter/sapi_apache2.c 2008-12-31 12:17:48.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/sapi/apache2filter/sapi_apache2.c 2009-03-05 21:11:35.000000000 +0100
+@@ -566,7 +566,11 @@
+ {
+ TSRMLS_FETCH();
+ if (PG(expose_php)) {
++#if SUHOSIN_PATCH
++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch");
++#else
+ ap_add_version_component(p, "PHP/" PHP_VERSION);
++#endif
+ }
+ }
+
+diff -Nura php-5.2.9/sapi/apache2handler/sapi_apache2.c suhosin-patch-5.2.9-0.9.7/sapi/apache2handler/sapi_apache2.c
+--- php-5.2.9/sapi/apache2handler/sapi_apache2.c 2008-12-31 12:17:48.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/sapi/apache2handler/sapi_apache2.c 2009-03-05 21:11:35.000000000 +0100
+@@ -370,7 +370,11 @@
+ {
+ TSRMLS_FETCH();
+ if (PG(expose_php)) {
++#if SUHOSIN_PATCH
++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch");
++#else
+ ap_add_version_component(p, "PHP/" PHP_VERSION);
++#endif
+ }
+ }
+
+diff -Nura php-5.2.9/sapi/cgi/cgi_main.c suhosin-patch-5.2.9-0.9.7/sapi/cgi/cgi_main.c
+--- php-5.2.9/sapi/cgi/cgi_main.c 2009-01-19 19:17:59.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/sapi/cgi/cgi_main.c 2009-03-05 21:11:35.000000000 +0100
+@@ -1797,11 +1797,19 @@
+ SG(headers_sent) = 1;
+ SG(request_info).no_headers = 1;
+ }
++#if SUHOSIN_PATCH
++#if ZEND_DEBUG
++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, SUHOSIN_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++#else
++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, SUHOSIN_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++#endif
++#else
+ #if ZEND_DEBUG
+ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #else
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #endif
++#endif
+ php_request_shutdown((void *) 0);
+ exit_status = 0;
+ goto out;
+diff -Nura php-5.2.9/sapi/cli/php_cli.c suhosin-patch-5.2.9-0.9.7/sapi/cli/php_cli.c
+--- php-5.2.9/sapi/cli/php_cli.c 2008-12-31 12:17:49.000000000 +0100
++++ suhosin-patch-5.2.9-0.9.7/sapi/cli/php_cli.c 2009-03-05 21:11:35.000000000 +0100
+@@ -772,8 +772,14 @@
+ }
+
+ request_started = 1;
+- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2009 The PHP Group\n%s",
+- PHP_VERSION, sapi_module.name, __DATE__, __TIME__,
++#if SUHOSIN_PATCH
++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2009 The PHP Group\n%s",
++ PHP_VERSION, SUHOSIN_PATCH_VERSION,
++#else
++ php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2009 The PHP Group\n%s",
++ PHP_VERSION,
++#endif
++ sapi_module.name, __DATE__, __TIME__,
+ #if ZEND_DEBUG && defined(HAVE_GCOV)
+ "(DEBUG GCOV)",
+ #elif ZEND_DEBUG
+diff -Nura php-5.2.9/win32/build/config.w32 suhosin-patch-5.2.9-0.9.7/win32/build/config.w32
+--- php-5.2.9/win32/build/config.w32 2008-10-11 01:38:14.000000000 +0200
++++ suhosin-patch-5.2.9-0.9.7/win32/build/config.w32 2009-03-05 21:11:35.000000000 +0100
+@@ -305,7 +305,7 @@
+ zend_sprintf.c zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c \
+ zend_stream.c zend_iterators.c zend_interfaces.c zend_objects.c \
+ zend_object_handlers.c zend_objects_API.c \
+- zend_default_classes.c zend_execute.c zend_strtod.c");
++ zend_default_classes.c zend_execute.c zend_strtod.c zend_canary.c");
+
+ ADD_SOURCES("main", "main.c snprintf.c spprintf.c safe_mode.c fopen_wrappers.c \
+ php_scandir.c php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+@@ -350,6 +350,8 @@
+ AC_DEFINE('HAVE_USLEEP', 1);
+ AC_DEFINE('HAVE_STRCOLL', 1);
+
++AC_DEFINE('SUHOSIN_PATCH', 1);
++
+ /* For snapshot builders, where can we find the additional
+ * files that make up the snapshot template? */
+ ARG_WITH("snapshot-template", "Path to snapshot builder template dir", "no");
projects / packages / php.git / commitdiff