Hi!
The attached patch implements the following improvement in Apache
module configuration handling:
New INI stage is introduced - ZEND_INI_STAGE_HTACCESS and values
set in .htaccess are passed to handlers with
ZEND_INI_STAGE_HTACCESS instead of ZEND_INI_STAGE_ACTIVATE.
The reason for this is that there are values - one of them being
session.save_handler - that we want to allow administrator to set
to arbitrary values, even not inside open_basedir/safe_mode
restrictions, while we do want user-set values to be inside limits.
The problem was that right now there's no way to see if the value
is set from httpd.conf (admin) or from .htaccess (frequently user-
accessible and user-writable). This patch enables to make such
distinction.
I don't see any modules depending on ZEND_INI_STAGE_ACTIVATE but if
there would be they can easily be fixed to work with
ZEND_INI_STAGE_HTACCESS too. The attached patch is for apache2 SAPI
only, but same one would be needed for apache1 API.
This patch will allow proper fix for CVE-2007-3378 (current one
breaks BC).
Comments/objections?
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] http://www.zend.com/
(408)253-8829 MSN: [EMAIL PROTECTED]
Index: Zend/zend_ini.h
===================================================================
RCS file: /repository/ZendEngine2/zend_ini.h,v
retrieving revision 1.34.2.1.2.3
diff -u -r1.34.2.1.2.3 zend_ini.h
--- Zend/zend_ini.h 1 Jan 2007 09:35:46 -0000 1.34.2.1.2.3
+++ Zend/zend_ini.h 2 Aug 2007 00:40:52 -0000
@@ -189,6 +189,7 @@
#define ZEND_INI_STAGE_ACTIVATE (1<<2)
#define ZEND_INI_STAGE_DEACTIVATE (1<<3)
#define ZEND_INI_STAGE_RUNTIME (1<<4)
+#define ZEND_INI_STAGE_HTACCESS (1<<5)
/* INI parsing engine */
typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int
callback_type, void *arg);
Index: sapi/apache2handler/apache_config.c
===================================================================
RCS file: /repository/php-src/sapi/apache2handler/apache_config.c,v
retrieving revision 1.7.2.1.2.2
diff -u -r1.7.2.1.2.2 apache_config.c
--- sapi/apache2handler/apache_config.c 1 Jan 2007 09:36:12
-0000
1.7.2.1.2.2
+++ sapi/apache2handler/apache_config.c 2 Aug 2007 00:40:52
-0000
@@ -51,6 +51,7 @@
char *value;
size_t value_len;
char status;
+ char htaccess;
} php_dir_entry;
static const char *real_value_hnd(cmd_parms *cmd, void *dummy,
const char *name, const char *value, int status)
@@ -67,7 +68,8 @@
e.value = apr_pstrdup(cmd->pool, value);
e.value_len = strlen(value);
e.status = status;
-
+ e.htaccess = ((cmd->override & (RSRC_CONF|ACCESS_CONF)) == 0);
+
zend_hash_update(&d->config, (char *) name, strlen(name) +
1, &e,
sizeof(e), NULL);
return NULL;
}
@@ -170,7 +172,7 @@
zend_hash_move_forward(&d->config)) {
zend_hash_get_current_data(&d->config, (void **)
&data);
phpapdebug((stderr, "APPLYING (%s)(%s)\n", str,
data->value));
- if (zend_alter_ini_entry(str, str_len, data->value,
data-
value_len, data->status, PHP_INI_STAGE_ACTIVATE) == FAILURE) {
+ if (zend_alter_ini_entry(str, str_len, data->value,
data-
value_len, data->status, data->htaccess?
ZEND_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) {
phpapdebug((stderr, "..FAILED\n"));
}
}
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
