iliaa Sun Nov 10 00:19:39 2002 EDT Modified files: /php4/ext/openssl openssl.c Log: Fixed bug #19935. Made OpenSSL file system operations abide by safe_mode & open_basedir restrictions. Index: php4/ext/openssl/openssl.c diff -u php4/ext/openssl/openssl.c:1.51 php4/ext/openssl/openssl.c:1.52 --- php4/ext/openssl/openssl.c:1.51 Sat Aug 10 16:19:46 2002 +++ php4/ext/openssl/openssl.c Sun Nov 10 00:19:39 2002 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: openssl.c,v 1.51 2002/08/10 20:19:46 wez Exp $ */ +/* $Id: openssl.c,v 1.52 2002/11/10 05:19:39 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -158,6 +158,20 @@ } /* }}} */ +/* {{{ openssl safe_mode & open_basedir checks */ +inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC) +{ + if (PG(safe_mode) && (!php_checkuid(filename, NULL, +CHECKUID_CHECK_FILE_AND_DIR))) { + return -1; + } + if (php_check_open_basedir(filename TSRMLS_CC)) { + return -1; + } + + return 0; +} +/* }}} */ + /* {{{ openssl -> PHP "bridging" */ /* true global; readonly after module startup */ static char default_ssl_conf_filename[MAXPATHLEN]; @@ -384,8 +398,8 @@ /* read in the oids */ str = CONF_get_string(req->req_config, NULL, "oid_file"); - if (str) { - BIO * oid_bio = BIO_new_file(str, "r"); + if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) { + BIO *oid_bio = BIO_new_file(str, "r"); if (oid_bio) { OBJ_create_objects(oid_bio); BIO_free(oid_bio); @@ -654,6 +668,10 @@ /* read cert from the named file */ BIO *in; + if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + 7 TSRMLS_CC)) { + return NULL; + } + in = BIO_new_file(Z_STRVAL_PP(val) + 7, "r"); if (in == NULL) return NULL; @@ -705,6 +723,10 @@ return; } + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + return; + } + bio_out = BIO_new_file(filename, "w"); if (bio_out) { if (!notext) @@ -900,6 +922,10 @@ goto end; } + if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) { + goto end; + } + if(!(in=BIO_new_file(certfile, "r"))) { zend_error(E_WARNING, "%s(): error opening the file, %s", get_active_function_name(TSRMLS_C), certfile); goto end; @@ -1286,8 +1312,12 @@ if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0) filename = Z_STRVAL_PP(val) + 7; - if (filename) + if (filename) { + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + return NULL; + } in = BIO_new_file(filename, "r"); + } else in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val)); @@ -1320,6 +1350,10 @@ return; } + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + return; + } + bio_out = BIO_new_file(filename, "w"); if (bio_out) { if (!notext) @@ -1669,7 +1703,11 @@ else { /* we want the private key */ if (filename) { - BIO *in = BIO_new_file(filename, "r"); + BIO *in; + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + return NULL; + } + in = BIO_new_file(filename, "r"); if (in == NULL) return NULL; key = PEM_read_bio_PrivateKey(in, NULL,NULL, passphrase); @@ -1793,6 +1831,10 @@ RETURN_FALSE; } + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + RETURN_FALSE; + } + PHP_SSL_REQ_INIT(&req); if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS) @@ -1972,6 +2014,10 @@ if (!store) goto clean_exit; + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + goto clean_exit; + } + in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r"); if (in == NULL) goto clean_exit; @@ -1990,8 +2036,14 @@ RETVAL_TRUE; - if (signersfilename) { - BIO * certout = BIO_new_file(signersfilename, "w"); + if (signersfilename) { + BIO *certout; + + if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) { + goto clean_exit; + } + + certout = BIO_new_file(signersfilename, "w"); if (certout) { int i; signers = PKCS7_get0_signers(p7, NULL, flags); @@ -2046,6 +2098,10 @@ &outfilename, &outfilename_len, &zrecipcerts, &zheaders, &flags) == FAILURE) return; + if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || +php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + return; + } + infile = BIO_new_file(infilename, "r"); if (infile == NULL) goto clean_exit; @@ -2190,6 +2246,10 @@ goto clean_exit; } + if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || +php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { + goto clean_exit; + } + infile = BIO_new_file(infilename, "r"); if (infile == NULL) { zend_error(E_WARNING, "%s(): error opening input file %s!", get_active_function_name(TSRMLS_C), infilename); @@ -2273,6 +2333,10 @@ key = php_openssl_evp_from_zval(recipkey ? &recipkey : &recipcert, 0, "", 0, &keyresval TSRMLS_CC); if (key == NULL) { zend_error(E_WARNING, "%s(): unable to get private key", get_active_function_name(TSRMLS_C)); + goto clean_exit; + } + + if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || +php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) { goto clean_exit; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php