ID: 41899 Updated by: [EMAIL PROTECTED] Reported By: geoffwa at cs dot rmit dot edu dot au -Status: Open +Status: Closed Bug Type: Streams related Operating System: Solaris 10 PHP Version: 5.2.3 Assigned To: ab5602 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-10-10 21:21:21] [EMAIL PROTECTED] Verified w/ Geoffrey that the above patch fixes the problem. I am currently working on a final patch to apply to CVS and testing to make sure it does not break safe_mode. ------ > 1) Please try with the most recent snapshot (200710100230) there has > > been recent patches to code (main/fopen_wrappers.c) that effects this, > > as recent as today. Noticed that binary you are using is 10-08 4:30. > > The 200710100230 snapshot + your patch appears to work: $ ./php5.2-200710100430-patched -n -dsafe_mode-1 test.php Current working directory is: /home/g/geoffwa/work/test Opened /home/g/geoffwa/work/test/a/b/file Opened ./a/b/file from ./a using ./b/file Opened ./a/b/file from ./a using ./b/c/../file Opened ./a/b/file from ./a/b/c using ../file Opened ../file from ./a/b/c using ./../file Opened ./a/b/file from ./a/b using ./file Opened ./a/file from ./a/b using ./c/../../file Opened ./a/b/c/file from ./a/b/c using ../c/file ------------------------------------------------------------------------ [2007-10-10 02:42:22] geoffwa at cs dot rmit dot edu dot au PHP5.2-200710080430 + your patch still doesn't work for either test case (also, shouldn't sizeof(filename) be sizeof(filename_test)?). $ ./php5.2-200710080430-fixed -dsafe_mode=1 test2.php Warning: mkdir(): Unable to access ./a in /pathto/test2.php on line 3 mkdir failed (so the initial mkdir("./a/b", 0700, true) call is failing) Stepping through the non-patched PHP5.2-200710080430 the error message is being generated from: if (mode != CHECKUID_ALLOW_ONLY_FILE) { /* check directory */ ret = VCWD_STAT(path, &sb); if (ret < 0) { if ((flags & CHECKUID_NO_ERRORS) == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); } return 0; } (line 147 in safe_mode.c) ------------------------------------------------------------------------ [2007-10-10 01:01:42] [EMAIL PROTECTED] Geoffwa, when you get a chance, please let me know if applying the patch below to the current snapshot fixes the issue for you. [EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test2.php Current working directory is: /export/home/rob/mkdirtest Opened /export/home/rob/mkdirtest/a/b/file Opened ./a/b/file from ./a using ./b/file Opened ./a/b/file from ./a using ./b/c/../file Opened ./a/b/file from ./a/b/c using ../file Opened ../file from ./a/b/c using ./../file Opened ./a/b/file from ./a/b using ./file Opened ./a/file from ./a/b using ./c/../../file Opened ./a/b/c/file from ./a/b/c using ../c/file [EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test.php SUCCESS --- ./safe_mode.c.old 2007-09-23 10:19:21.000000000 -0500 +++ ./safe_mode.c 2007-10-09 19:39:44.000000000 -0500 @@ -86,7 +86,15 @@ * If that fails, passthrough and check directory... */ if (mode != CHECKUID_ALLOW_ONLY_DIR) { - expand_filepath(filename, path TSRMLS_CC); + + char filename_test[MAXPATHLEN]; + strcpy(filename_test,filename); + if (VCWD_GETCWD(filename_test, sizeof(filename)) == NULL) { + strcpy(path,filename); + } else { + expand_filepath(filename, path TSRMLS_CC); + } + ret = VCWD_STAT(path, &sb); if (ret < 0) { if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) { ------------------------------------------------------------------------ [2007-10-09 20:34:59] [EMAIL PROTECTED] Thanks, that was it. I am able to reproduce the situation now. Have tracked the issue down to safe_mode.c, php_checkuid_ex(), as is shown above in the thread and am working with it. ------------------------------------------------------------------------ [2007-10-09 16:07:47] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/41899 -- Edit this bug report at http://bugs.php.net/?id=41899&edit=1
