ID: 20190 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Apache related Operating System: FreeBSD PHP Version: 4.3.0-dev New Comment:
I have tried to do workarounds earlier. But it seems that this one here now has solved both issues, the wrong random "basedir message" and the segfaults I encountered with my first two patches. http://people.freebsd.org/~mbr/patches/patch-main+fopen_wrappers.c The solution is quite easy. In the onyl case where the error happens, zend_get_executed_filename() is correct. and can be used. Since the error happens on perfect legitimate requests, which work most of the time, I don't think this is a security risk. If no executed filename is set, I set $newpath to a empty string. Note that this is a workaround only. And I print the errors to syslog, since I can watch that easier. Previous Comments: ------------------------------------------------------------------------ [2002-10-31 16:34:24] [EMAIL PROTECTED] It looks to me that $path is composed somewhere. And a the old basedir entry was not overwritten correctly. So $path is $basedir + $called phpfile and the $basedir is plain wrong. Some hint where this happens ? ------------------------------------------------------------------------ [2002-10-31 16:24:52] [EMAIL PROTECTED] Sorry ... >There is no "/www/doc/www.bbb.imp.ch-80/html/visions/php" >exists, but this is a different customer. This should be: There is a dir "/www/doc/www.bbb.imp.ch-80 ..." but this is a different customer. ------------------------------------------------------------------------ [2002-10-31 16:23:17] [EMAIL PROTECTED] This is a example: Correct: PG(open_basedir)=/www/doc/www.aaa.ch-80, Correct: zend_get_executed_filename() = /www/doc/www.aaa.ch-80/index.php, Wrong: path=/www/doc/www.bbb.imp.ch-80/html/visions/php//ueberuns/mannschaft.php There is no "/www/doc/www.bbb.imp.ch-80/html/visions/php" exists, but this is a different customer. The correct filename would be: "/www/doc/www.aaa.ch-80/ueberuns/mannschaft.php" Also note the two "//" slashes ... ------------------------------------------------------------------------ [2002-10-31 16:15:42] [EMAIL PROTECTED] Ok, I think I'm a bit smarter now. zend_get_executed_filename() can only be used if zend_is_executing(TSRMLS_C) is true. That explains the uninitialisized values there. If I do a check for this, the errors go away and the segfaults are gone. Buth $path can still point to a wrong virtual server. That happens in 1/500 requests, and the thing is random. I try to solve this now. Martin ------------------------------------------------------------------------ [2002-10-31 15:47:14] [EMAIL PROTECTED] Hi, >should be critical, and now you say it's fixed. >So what's the real thing here? It seems that we hit two different bugs. I've seen that bug 19292 was fixed for the part when a safe_mode include dir was involved. But here the problem is more complex. Some global php variables seem to be corrupted, or not properly initialised. I'm still in gdb and try to find out why. Martin ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/20190 -- Edit this bug report at http://bugs.php.net/?id=20190&edit=1
