Compiling as extension on Windows for PHP 5.5

[Paul-Pech]

Hi,

I'm trying to compile Suhosin extension (0.9.35) on Windows for PHP 5.5.10.

I can build PHP 5.5.10 without Suhosin just fine. If I extract the Suhosin code and run configure like this:

configure --disable-all --enable-cli --enable-suhosin

in the PHP source directory (where \suhosin-0.9.35\ is), I get the following errors when running nmake:

suhosin-0.9.35\execute.c(1331) : warning C4101: 'fd': Unreferenzierte lokale Variable suhosin-0.9.35\execute.c(1620) : error C2143: Syntaxfehler: Es fehlt ';' vor 'Typ' suhosin-0.9.35\execute.c(1621) : error C2143: Syntaxfehler: Es fehlt ';' vor 'Typ' suhosin-0.9.35\execute.c(1622) : error C2275: 'zend_class_entry': Ungültige Verwendung dieses Typs als Ausdruck Zend\zend.h(302): Siehe Deklaration von 'zend_class_entry' suhosin-0.9.35\execute.c(1622) : error C2065: 'ce': nichtdeklarierter Bezeichner suhosin-0.9.35\execute.c(1623) : error C2275: 'internal_function_handler': Ungültige Verwendung dieses Typs als Ausdruck

Can anyone tell me what I'm doing wrong, or point me to a tutorial on how to install Suhosin under Windows?

Thanks a lot

Paul

[NewEraCracker]

It seems config.w32 is missing one file.

Find

EXTENSION("suhosin", "suhosin.c sha256.c memory_limit.c treat_data.c ifilter.c post_handler.c ufilter.c rfc1867.c log.c header.c execute.c ex_imp.c session.c aes.c");

Replace with

EXTENSION("suhosin", "suhosin.c sha256.c memory_limit.c treat_data.c ifilter.c post_handler.c ufilter.c rfc1867.c rfc1867_new.c log.c header.c execute.c ex_imp.c session.c aes.c");

[NewEraCracker]

Also be aware of another bug. #37

[Paul-Pech]

Hi NEC,

thanks for the quick reply. I have changed config.w32 in the way you proposed, but I still get the same error messages as before (presented in English here, now; first couple of lines only):

ext\suhosin\execute.c(1620) : error C2143: syntax error : missing ';' before 'type' ext\suhosin\execute.c(1621) : error C2143: syntax error : missing ';' before 'type' ext\suhosin\execute.c(1622) : error C2275: 'zend_class_entry' : illegal use of this type as an expression Zend\zend.h(302) : see declaration of 'zend_class_entry' ext\suhosin\execute.c(1622) : error C2065: 'ce' : undeclared identifier ext\suhosin\execute.c(1623) : error C2275: 'internal_function_handler' : illegal use of this type as an expression ext\suhosin\execute.c(679) : see declaration of 'internal_function_handler' ext\suhosin\execute.c(1623) : error C2065: 'ih' : undeclared identifier ext\suhosin\execute.c(1626) : error C2065: 'ce' : undeclared identifier

This is the first time I try compiling PHP and Suhosin on windows, it works perfectly fine on Linux.

[Paul-Pech]

I kind of figured it out now... The error in line 1620 is specific to MSVC as it uses C89 rather than C99 (mixing variable declaration and block commands; if PHP_VERSION_ID >= 50500 then block if(fci) {} else {} precedes declaration zval *return_value; ). A short patch (patch -Np1 execute.c < execute.diff) fixes this. The patch can be found here:

http://txt.do/1305

After this I encountered the issue NEC mentioned. I adapted config.w32 the way NEC proposed but still wasn't able to compile/link. I got this error:

rfc1867_new.c
rfc1867_new.obj : error LNK2005: _destroy_uploaded_files_hash already defined in rfc1867.obj
   Creating library Release_TS\php5ts.lib and object Release_TS\php5ts.exp
Release_TS\php5ts.dll : fatal error LNK1169: one or more multiply defined symbols found
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 11.0
\VC\BIN\cl.exe"' : return code '0x2'
Stop. 

I removed function destroy_uploaded_files_hash from rfc1867_new.c in ext/suhosin (around line 184; I believe the same function can be found in main/rfc1867.c) and was finally able to successfully compile PHP with Suhosin on Windows.

The question that remains is: Is removing the function destroy_uploaded_files_hash from rfc1867_new.c the correct way to do it, or can it break something else?

BTW: It also compiles on Linux, if you remove said function.

[NewEraCracker]

Try building suhosin with:

configure --disable-all --enable-cli --enable-session --enable-object-out-dir=. --enable-one-shot --enable-suhosin=shared

Suhosin must always be built as a shared extension.

[NewEraCracker]

Also, I have made this big patch for version 0.9.35 sometime ago: https://github.com/NewEraCracker/suhosin-patches/blob/master/patches/suhosin-0.9.35.bugfix.diff (Removed now as it is obsolete)

This fixes:

• Build errors
• Log variable dropping statistics

Refactored:

• execute.c: ih_preg_replace
• execute.c: ih_function_exists
• execute.c: suhosin_execute_internal
• rfc1867.c: To fix issue #29 in PHP 5.3 and lower.

Added:

• Backup of old session module (to fix issues found by php test suite)

This should solve all your issues. If you find anything is broken, let me know.

[Paul-Pech]

Thanks for posting your patch. I'll try it and will report any issues I might find. It could take a couple of days, though...

Why must Suhosin be build as a shared extension? It seems to work for me when compiled in statically, and at least for version 0.9.12 Stefan wrote in the change log that he fixed static compilation against PHP 5.2.0. Did this change for newer versions of PHP?

http://www.hardened-php.net/suhosin/changelog.html

[NewEraCracker]

Personally I recommend Suhosin to be built as a shared extension because it will allow you to load in official windows.php.net packages as long as you used the same compiler that they used for the respective PHP version.

By copying php_suhosin.dll to ext dir and adding

extension = php_suhosin.dll

In the end of extension directive in php.ini will make it load.

Also, I recommend you to copy the [suhosin] part and below (from https://github.com/stefanesser/suhosin/blob/master/suhosin.ini ) to the end of php.ini and uncommenting and changing the values of the following directives to fix compatibility issues with some scripts:

suhosin.executor.max_depth = 10000
suhosin.mail.protect = 0
suhosin.session.encrypt = Off
suhosin.get.max_name_length = 512
suhosin.get.max_totalname_length = 512
suhosin.get.max_value_length = 2048
suhosin.post.max_array_index_length = 256
suhosin.post.max_name_length = 512
suhosin.post.max_totalname_length = 8192
suhosin.post.max_vars = 4096
suhosin.request.max_array_index_length = 256
suhosin.request.max_totalname_length = 8192
suhosin.request.max_vars = 4096
suhosin.request.max_varname_length = 512

Remember to change max_input_vars to 4096 as well Find

max_input_vars = 1000

Replace with

max_input_vars = 4096

Regards, NewEraCracker

[NewEraCracker]

Regarding the static compilation issue. The problem does not happen in PHP 5.2 or PHP 5.3. The problem was introduced in rfc1867_new.c code (For PHP 5.4 and higher).

This issue is easily fixable by changing

void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */

To

static void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */

This change with stop that function from being exposed to other files and will effectively fix the linker error.

[NewEraCracker]

And from what I can see from the code, destroy_uploaded_files_hash is unused, that means unlink_filename is also unused.

This piece of code

static int unlink_filename(char **filename TSRMLS_DC) /* {{{ */
{
    VCWD_UNLINK(*filename);
    return 0;
}
/* }}} */

void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */
{
    zend_hash_apply(SG(rfc1867_uploaded_files), (apply_func_t) unlink_filename TSRMLS_CC);
    zend_hash_destroy(SG(rfc1867_uploaded_files));
    FREE_HASHTABLE(SG(rfc1867_uploaded_files));
}
/* }}} */

Can be delimited with

#if 0
code
#endif

To avoid compilation of unused code.

Regards, NewEraCracker

[stefanesser]

I strongly suggest to not use Suhosin 0.9.35 or the current git on windows. The code is just not written with Windows in mind. There is a lot that needs to be adjusted to be full windows compatible. E.g. random numbers might be weaker with Suhosin when you are using windows.

[NewEraCracker]

I believe this can be closed if three fixes are made:

config.w32: https://github.com/stefanesser/suhosin/issues/39#issuecomment-38476376

execute.c: https://github.com/stefanesser/suhosin/issues/39#issuecomment-38520106

And rfc1867_new.c: https://github.com/stefanesser/suhosin/issues/39#issuecomment-38755929

[stefanesser]

Hey guys,

please do not even try to compile Suhosin for Windows at the moment. The current code base is based on a decision from a few years back that Windows support is not a current goal.

This means: yes you might be able to get Suhosin to compile on Windows with several changes, but it also means that it was never tested if any of the features still work afterwards.

e.g. Suhosin before 0.9.36 would produce not better random numbers than a plain PHP on Windows. Maybe even worse (cannot be said without further analysis).