Suhosin + PHP 5.4 + Roundcube, anyone got it working? [WORKING]

scrupul0us

Verified User
Joined
Jan 8, 2011
Messages
135
Location
New York
EDIT: See the fourth post for full installation instructions

Recently we upgraded to PHP 5.4 and did a compile of the latest source of Suhosin to get PHP 5.4 support.

This broke Roundcube with the way it handles sessions (0.9.5) so I disabled suhosin, however, in Googling around Roundcube says it's not an issue with their software they can fix and its an issue with Suhosin:

http://trac.roundcube.net/ticket/1489445

...and they point you here:

https://github.com/stefanesser/suhosin/pull/26

...in which they point you to a commit from 8 months ago which "fixed" sessions:

https://github.com/blino/suhosin/commit/117b6aa6efec61afaa1431c698dad8eb553b55f5

But, I can tell you, Roundcube still has the login/session issue.

EDIT: I do have suhosin.session.encrypt=Off in php.ini

Does anyone have this working by chance that can offer up some advice?
 
Last edited:
Here's my full instructions for installing it:

Code:
cd /usr/local/src/
wget https://github.com/stefanesser/suhosin/tarball/master
tar zxvf master
cd /usr/local/src/stefanesser-suhosin-1fba865
mv session.c session.c.old
mv rfc1867.c rfc1867.c.old
wget https://raw.github.com/blino/suhosin/117b6aa6efec61afaa1431c698dad8eb553b55f5/session.c
wget https://raw.github.com/shakaran/suhosin/master/rfc1867.c
/usr/local/php5/bin/phpize
./configure --with-php-config=/usr/local/php5/bin/php-config && make && make install
cp /usr/local/php5/lib/php/extensions/no-debug-non-zts-20100525/suhosin.so /usr/local/php5/lib/php/extensions/no-debug-non-zts-20060613
service httpd restart

Code:
PHP 5.4.22 (cli) (built: Nov 20 2013 12:59:31)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with the ionCube PHP Loader v4.4.4, Copyright (c) 2002-2013, by ionCube Ltd., and
    with Zend Guard Loader v3.3, Copyright (c) 1998-2013, by Zend Technologies
    with Suhosin v0.9.34-dev, Copyright (c) 2007-2012, by SektionEins GmbH

Config options for php.ini here:
http://www.hardened-php.net/suhosin/configuration.html
 
Last edited:
Seeing some issues reported today:

Code:
suhosin.so: undefined symbol: php_mb_encoding_translation

Code:
mbstring.encoding_translation => Off => Off

I've disabled suhosin for the moment
 
Last edited:
It looks like there is another user contributed patch to fix this:

https://github.com/shakaran/suhosin

Specifically:

https://raw.github.com/shakaran/suhosin/master/rfc1867.c

Related diff:

Code:
40a41,45
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
> #include "ext/mbstring/mbstring.h"
>
> static void safe_php_register_variable(char *var, char *strval, zval *track_vars_array, zend_bool override_protection TSRMLS_DC);
>
41a47
>     php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \
52a59,123
> static void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr  TSRMLS_DC)
> {
>       int i;
>       if (php_mb_encoding_translation(TSRMLS_C)) {
>               if (num_vars > 0 &&
>                       php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) {
>                       php_mb_gpc_encoding_converter(val_list, len_list, num_vars, NULL, NULL TSRMLS_CC);
>               }
>               for (i=0; i<num_vars; i+=2){
>                       safe_php_register_variable(val_list[i], val_list[i+1], array_ptr, 0 TSRMLS_CC);
>                       efree(val_list[i]);
>                       efree(val_list[i+1]);
>               }
>               efree(val_list);
>               efree(len_list);
>       }
> }
>
> static void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max, int inc  TSRMLS_DC)
> {
>       /* allow only even increments */
>       if (inc & 1) {
>               inc++;
>       }
>       (*num_vars_max) += inc;
>       *pval_list = (char **)erealloc(*pval_list, (*num_vars_max+2)*sizeof(char *));
>       *plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int));
> }
>
> static void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC)
> {
>       char **val_list=*pval_list;
>       int *len_list=*plen_list;
>
>       if (*num_vars>=*num_vars_max){
>               php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max,
>                                                                 16 TSRMLS_CC);
>               /* in case realloc relocated the buffer */
>               val_list = *pval_list;
>               len_list = *plen_list;
>       }
>
>       val_list[*num_vars] = (char *)estrdup(param);
>       len_list[*num_vars] = strlen(param);
>       (*num_vars)++;
>       val_list[*num_vars] = (char *)estrdup(value);
>       len_list[*num_vars] = strlen(value);
>       (*num_vars)++;
> }
>
> #else
>
> #define SAFE_RETURN { \
>       if (lbuf) efree(lbuf); \
>       if (abuf) efree(abuf); \
>       if (array_index) efree(array_index); \
>       zend_hash_destroy(&PG(rfc1867_protected_variables)); \
>       zend_llist_destroy(&header); \
>       if (mbuff->boundary_next) efree(mbuff->boundary_next); \
>       if (mbuff->boundary) efree(mbuff->boundary); \
>       if (mbuff->buffer) efree(mbuff->buffer); \
>       if (mbuff) efree(mbuff); \
>       return; }
> #endif
>
523a595,605
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
>                       if (php_mb_encoding_translation(TSRMLS_C)) {
>                               size_t j = php_mb_gpc_mbchar_bytes(start+i TSRMLS_CC);
>                               while (j-- > 0 && i < len) {
>                                       *resp++ = start[i++];
>                               }
>                               --i;
>                       } else {
>                               *resp++ = start[i];
>                       }
> #else
524a607
> #endif
536a620,626
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
>       if (php_mb_encoding_translation(TSRMLS_C)) {
>               int len=strlen(str);
>               php_mb_gpc_encoding_detector(&str, &len, 1, NULL TSRMLS_CC);
>       }
> #endif
>
694a785,788
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
>       int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL;
>       char **val_list = NULL;
> #endif
766a861,866
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
>       if (php_mb_encoding_translation(TSRMLS_C)) {
>               val_list = (char **)ecalloc(num_vars_max+2, sizeof(char *));
>               len_list = (int *)ecalloc(num_vars_max+2, sizeof(int));
>       }
> #endif
865a966,973
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
>                                       if (php_mb_encoding_translation(TSRMLS_C)) {
>                                               php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
>                                                                                                 &num_vars, &num_vars_max TSRMLS_CC);
>                                       } else {
>                                               safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
>                                       }
> #else
866a975
> #endif
1094a1204,1224
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
>                       if (php_mb_encoding_translation(TSRMLS_C)) {
>                               if (num_vars>=num_vars_max){
>                                       php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max,
>                                                                                         1 TSRMLS_CC);
>                               }
>                               val_list[num_vars] = filename;
>                               len_list[num_vars] = strlen(filename);
>                               num_vars++;
>                               if(php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) {
>                                       str_len = strlen(filename);
>                                       php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC);
>                               }
>                               s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
>                               if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) > s) {
>                                       s = tmp;
>                               }
>                               num_vars--;
>                               goto filedone;
>                       }
> #endif
1114a1245,1248
> #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
> filedone:
> #endif
>

...again, I'll run the patch and report back =)
 
Confirmed, this fixed the issues many Wordpress users were having.

I've updated my instructions in Post #4 to reflect this.
 
So far not a single complaint has rolled in.

I'm going to give it another 24 hours before releasing to our entire platform.
 
We've been live on the whole platform with this build for just over 24 hours now, not a single complaint has came in.

So far so good =)
 
Back
Top