ID: 21958
Comment by: ohp at pyrenet dot fr
Reported By: ct at swin dot edu dot au
Status: Assigned
Bug Type: Filesystem function related
Operating System: Tru64 UNIX 5.1A
PHP Version: 4.3.3-dev
Assigned To: wez
New Comment:
Would you please send the patch (on the list or to me) I don't have the
realpath source handy and would love to give your patch a try.
Regards
Previous Comments:
------------------------------------------------------------------------
[2003-06-04 18:17:32] ct at swin dot edu dot au
I suspect some implementations of realpath will not touch the resolved
path if the filename does not exist. This would explain why your patch
works on some systems. On Tru64 realpath will set the resolved path to
NULL if the file does not exist. As such, setting path in the strcpy
before VCWD_REALPATH doesn't fix the problem, at least on Tru64.
PHP is making some assumptions about the behaviour of realpath, but
there are differences in the way vendors handle the case of a non
existent file.
I have got around this problem by using the realpath function from the
BSD source.
------------------------------------------------------------------------
[2003-06-04 06:24:04] ohp at pyrenet dot fr
Hi, Glad to see my patch works on AIX, not so glad it fails with TRU64
UNIX
Did you test with the same script/environment you wrote on Jan 30?
Did you try to log the value of path after each VCWD_REALPATH.
AFAICS, the whole bug comes from realpath doing nasty things when path
is NULL hence the strcopy I added.
Feel free to email directly. I'm not a PHP developper (I'd love the
help of one on this one) but I want to get rid of this bug.
Regards
Olivier
------------------------------------------------------------------------
[2003-06-01 23:54:24] ct at swin dot edu dot au
Patch makes no difference with Tru64 UNIX 5.1A and PHP 4.3.2.
------------------------------------------------------------------------
[2003-05-30 11:12:50] juha dot moisio at tietonauha dot fi
I tested that patch.
Works just fine in AIX 4.3.1 php 4.3.2
-Juha-
------------------------------------------------------------------------
[2003-05-28 10:47:42] ohp at pyrenet dot fr
after 2 strggling, I came with the following path on
safe_mode.c against 4.3.2RC4.
Not sure it's the right thing to do.
could someone have a look?
Regards
*** main/safe_mode.c.orig lun mrs 17 14:50:23 2003
--- main/safe_mode.c mar mai 27 15:06:30 2003
***************
*** 66,71 ****
--- 66,72 ----
mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;
} else {
mode = CHECKUID_CHECK_FILE_AND_DIR;
+ flags=1;
}
}
***************
*** 81,86 ****
--- 82,88 ----
* If that fails, passthrough and check
directory...
*/
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
+ strcpy(path,filename);
VCWD_REALPATH(filename, path);
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
this works on Unixware 713
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/21958
--
Edit this bug report at http://bugs.php.net/?id=21958&edit=1
