pajoye Thu Apr 30 15:25:37 2009 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/standard exec.c
Log:
- MFB: #45997, safe_mode bypass with exec/sytem/passthru (windows only)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.1.2.16&r2=1.113.2.3.2.1.2.17&diff_format=u
Index: php-src/ext/standard/exec.c
diff -u php-src/ext/standard/exec.c:1.113.2.3.2.1.2.16
php-src/ext/standard/exec.c:1.113.2.3.2.1.2.17
--- php-src/ext/standard/exec.c:1.113.2.3.2.1.2.16 Sun Apr 19 14:59:52 2009
+++ php-src/ext/standard/exec.c Thu Apr 30 15:25:37 2009
@@ -16,7 +16,7 @@
| Ilia Alshanetsky <il...@php.net> |
+----------------------------------------------------------------------+
*/
-/* $Id: exec.c,v 1.113.2.3.2.1.2.16 2009/04/19 14:59:52 iliaa Exp $ */
+/* $Id: exec.c,v 1.113.2.3.2.1.2.17 2009/04/30 15:25:37 pajoye Exp $ */
#include <stdio.h>
#include "php.h"
@@ -79,7 +79,16 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..'
components allowed in path");
goto err;
}
+
b = strrchr(cmd, PHP_DIR_SEPARATOR);
+
+#ifdef PHP_WIN32
+ if (b && *b == '\\' && b == cmd) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid
absolute path.");
+ goto err;
+ }
+#endif
+
spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" :
"/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
if (c) {
*(c - 1) = ' ';
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
