4

Here is the scenario I have... I have library from a vendor that does encryption/decryption as part of a product we use (no idea how it works under the hood). I built a PHP extension and everything works brilliantly via the CLI. Here is the raptor.c file I wrote for the PHP extension:

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "php.h"

//#if HAVE_LIBRAPTOR
#include "php_raptor.h"
#include "raptor.h"

#include "ext/standard/info.h"

/* If you declare any globals in php_raptor.h uncomment this:
ZEND_DECLARE_MODULE_GLOBALS(raptor)
*/

/* True global resources - no need for thread safety here */
static int le_raptor;

/* {{{ raptor_functions[]
 *
 * Every user visible function must have an entry in raptor_functions[].
 */
const zend_function_entry raptor_functions[] = {
        PHP_FE(raptor_decNK,                 NULL)
        PHP_FE(raptor_encNK,                 NULL)
        {NULL, NULL, NULL}      /* Must be the last line in raptor_functions[] */
};
/* }}} */

/* {{{ raptor_module_entry
 */
zend_module_entry raptor_module_entry = {
#if ZEND_MODULE_API_NO >= 20010901
        STANDARD_MODULE_HEADER,
#endif
        "raptor",
        raptor_functions,
        NULL,
        NULL,
        NULL,
        NULL,
        PHP_MINFO(raptor),
#if ZEND_MODULE_API_NO >= 20010901
        "0.1", /* Replace with version number for your extension */
#endif
        STANDARD_MODULE_PROPERTIES
};
/* }}} */

#ifdef COMPILE_DL_RAPTOR
ZEND_GET_MODULE(raptor)
#endif

/* {{{ PHP_MINFO_FUNCTION
 */
PHP_MINFO_FUNCTION(raptor)
{
        php_info_print_table_start();
        php_info_print_table_header(2, "raptor API support", "enabled");
        php_info_print_table_end();

}
/* }}} */


PHP_FUNCTION(raptor_decNK) {
  char * enctext;
  unsigned char * dectext;
  int enctextsize;
  size_t dectextsize;

  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &enctext, &enctextsize) == FAILURE) {
    RETURN_NULL();
  }

  dectext = decNK((unsigned char *) enctext, (size_t) enctextsize, &dectextsize);

  if (dectext == NULL) {
    RETURN_FALSE;
  } else {
    RETURN_STRINGL((char *) dectext, dectextsize, 1);
  }
}

PHP_FUNCTION(raptor_encNK) {
  char * dectext;
  unsigned char * enctext;
  int dectextsize;
  size_t enctextsize;

  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &dectext, &dectextsize) == FAILURE) {
    RETURN_NULL();
  }

  enctext = encNK((unsigned char *) dectext, (size_t) dectextsize, &enctextsize);

  if (enctext == NULL) {
    RETURN_FALSE;
  } else {
    RETURN_STRINGL((char *) enctext, enctextsize, 1);
  }
}


//#endif

and the applicable pieces of the vendor's raptor.h file:

unsigned char *decNK(unsigned char * s, size_t inLen, size_t * outLen);
unsigned char *encNK(unsigned char * s, size_t inLen, size_t * outLen);

My test.php file has really simple code:

<?php
$x = 1;
echo "$x\n";
$y = raptor_encNK($x);
echo "$y\n";
$x = raptor_decNK($y);
echo "$x\n";
?>

From the CLI I get (output $y changes with each run, but final output always correct)

# /usr/local/bin/php -f /usr/local/var/htdocs/test.php
1
FL//haHZgltG
1

The same code through the browser gets (again output $y changes, final output always crap)

1
TgPw72NF9Zby
<binary crap>

So I'm thinking something is getting lost in translation when it goes to Apache... or I have screwed up the extension and can't figure it out... or maybe both. I just don't understand why it would work via the CLI and not via Apache.

Improve this question
4
  • 1
    PHP CLI and PHP Apache might have different INI files. Check the configuration and look for the difference. Commented Oct 25, 2011 at 22:00
  • Obvious point, and I'm sure the answer is yes, but - are your testing this on the same system? Also, how is PHP running under Apache (module, CGI)? Also, probably won't matter, but what OS? Commented Oct 25, 2011 at 22:04
  • Yes, testing on the same system (Solaris 10). PHP is an apache module (PHP compiled with --with-apxs2=/usr/local/sbin/apxs). PHP 2.3.6 and Apache 2.2.17. According to phpinfo() and bin/php -i both are loading /usr/local/etc/php.ini-production (--with-config-file-path=/usr/local/etc was used during build) Commented Oct 26, 2011 at 0:29
  • So I got a debugging build of the library from the vendor and while working with them it seems the issue has to do with size_t used in a function for cryptographic rotation(?). Calling from the application, the PHP CLI, PERL script (connected to the library via a PERL module) it works perfectly. When called through Apache apparently size_t is changed. Still trying to figure out why. Anyone have any guesses? Commented Oct 27, 2011 at 1:34

2 Answers 2

Reset to default
1

So in the end it wasn't an issue with size_t but the size of an integer within their code. There is still mass confusion as to why it works when called by the CLI versus using Apache and a web browser... I may never find out.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

What does the apache error_log report? That's almost certainly where you'll find a clue to the cause.

Personally, I'd suspect a permissions problem - remember that the apache user has very limited permissions - certainly more restrictive than yours at the command line.

Improve this answer

1 Comment

The apache error log says nothing... and I've even cranked the log level to debug hoping that would show something. I did su - into the apache user and validated I can read and execute the CLI with no issue (and I even chmod'd 777 down the tree and restarted apache to make sure)... unfortunately there was no change.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.