dmitry Fri Nov 23 10:02:53 2007 UTC Modified files: /php-src/ext/soap php_sdl.c Log: Fixed bug #42952 (soap cache file is created with insecure permissions) http://cvs.php.net/viewvc.cgi/php-src/ext/soap/php_sdl.c?r1=1.109&r2=1.110&diff_format=u Index: php-src/ext/soap/php_sdl.c diff -u php-src/ext/soap/php_sdl.c:1.109 php-src/ext/soap/php_sdl.c:1.110 --- php-src/ext/soap/php_sdl.c:1.109 Mon May 21 13:14:02 2007 +++ php-src/ext/soap/php_sdl.c Fri Nov 23 10:02:53 2007 @@ -17,7 +17,7 @@ | Dmitry Stogov <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: php_sdl.c,v 1.109 2007/05/21 13:14:02 dmitry Exp $ */ +/* $Id: php_sdl.c,v 1.110 2007/11/23 10:02:53 dmitry Exp $ */ #include "php_soap.h" #include "ext/libxml/php_libxml.h" @@ -2015,7 +2015,7 @@ #ifdef ZEND_WIN32 f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE); #else - f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE|S_IROTH|S_IWOTH|S_IRGRP|S_IWGRP); + f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE); #endif if (f < 0) {return;} @@ -3117,16 +3117,24 @@ unsigned char digest[16]; int len = strlen(SOAP_GLOBAL(cache_dir)); time_t cached; + char *user = php_get_current_user(); + int user_len = user ? strlen(user) + 1 : 0; md5str[0] = '\0'; PHP_MD5Init(&context); PHP_MD5Update(&context, (unsigned char*)uri, uri_len); PHP_MD5Final(digest, &context); make_digest(md5str, digest); - key = emalloc(len+sizeof("/wsdl-")-1+sizeof(md5str)); + key = emalloc(len+sizeof("/wsdl-")-1+user_len+sizeof(md5str)); memcpy(key,SOAP_GLOBAL(cache_dir),len); memcpy(key+len,"/wsdl-",sizeof("/wsdl-")-1); - memcpy(key+len+sizeof("/wsdl-")-1,md5str,sizeof(md5str)); + len += sizeof("/wsdl-")-1; + if (user_len) { + memcpy(key+len, user, user_len-1); + len += user_len-1; + key[len++] = '-'; + } + memcpy(key+len,md5str,sizeof(md5str)); if ((sdl = get_sdl_from_cache(key, uri, t-SOAP_GLOBAL(cache_ttl), &cached TSRMLS_CC)) != NULL) { t = cached;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php