pajoye          Thu Apr 30 15:25:37 2009 UTC

  Modified files:              (Branch: PHP_5_3)
    /php-src/ext/standard       exec.c 
  Log:
  - MFB: #45997, safe_mode bypass with exec/sytem/passthru (windows only)
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.1.2.16&r2=1.113.2.3.2.1.2.17&diff_format=u
Index: php-src/ext/standard/exec.c
diff -u php-src/ext/standard/exec.c:1.113.2.3.2.1.2.16 
php-src/ext/standard/exec.c:1.113.2.3.2.1.2.17
--- php-src/ext/standard/exec.c:1.113.2.3.2.1.2.16      Sun Apr 19 14:59:52 2009
+++ php-src/ext/standard/exec.c Thu Apr 30 15:25:37 2009
@@ -16,7 +16,7 @@
    |         Ilia Alshanetsky <il...@php.net>                             |
    +----------------------------------------------------------------------+
  */
-/* $Id: exec.c,v 1.113.2.3.2.1.2.16 2009/04/19 14:59:52 iliaa Exp $ */
+/* $Id: exec.c,v 1.113.2.3.2.1.2.17 2009/04/30 15:25:37 pajoye Exp $ */
 
 #include <stdio.h>
 #include "php.h"
@@ -79,7 +79,16 @@
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "No '..' 
components allowed in path");
                        goto err;
                }
+               
                b = strrchr(cmd, PHP_DIR_SEPARATOR);
+
+#ifdef PHP_WIN32
+               if (b && *b == '\\' && b == cmd) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
absolute path.");
+                       goto err;
+               }
+#endif
+
                spprintf(&d, 0, "%s%s%s%s%s", PG(safe_mode_exec_dir), (b ? "" : 
"/"), (b ? b : cmd), (c ? " " : ""), (c ? c : ""));
                if (c) {
                        *(c - 1) = ' ';



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to