rasmus Tue, 29 Sep 2009 14:14:02 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=288945
Log: Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/file.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/file.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_2/NEWS 2009-09-29 14:14:02 UTC (rev 288945) @@ -1,6 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 20??, PHP 5.2.12 +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus) - Fixed bug #49647 (DOMUserData does not exist). (Rob) - Fixed bug #49630 (imap_listscan function missing). (Felipe) Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/standard/file.c 2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_2/ext/standard/file.c 2009-09-29 14:14:02 UTC (rev 288945) @@ -838,6 +838,10 @@ convert_to_string_ex(arg1); convert_to_string_ex(arg2); + if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + RETURN_FALSE; + } + if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) { RETURN_FALSE; } Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_3/NEWS 2009-09-29 14:14:02 UTC (rev 288945) @@ -8,6 +8,10 @@ - Implemented FR #49253 (added support for libcurl's CERTINFO option). (Linus Nielsen Feltzing <li...@haxx.se>) +- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. + (Rasmus) +- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz + Stachowiak. (Rasmus) - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus) - Fixed bug #49647 (DOMUserData does not exist). (Rob) - Fixed bug #49630 (imap_listscan function missing). (Felipe) Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/file.c 2009-09-29 14:03:49 UTC (rev 288944) +++ php/php-src/branches/PHP_5_3/ext/standard/file.c 2009-09-29 14:14:02 UTC (rev 288945) @@ -846,6 +846,10 @@ return; } + if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + RETURN_FALSE; + } + if (php_check_open_basedir(dir TSRMLS_CC)) { RETURN_FALSE; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php