rasmus                                   Tue, 29 Sep 2009 14:14:02 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=288945

Log:
Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.

Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/standard/file.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/standard/file.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2009-09-29 14:03:49 UTC (rev 288944)
+++ php/php-src/branches/PHP_5_2/NEWS   2009-09-29 14:14:02 UTC (rev 288945)
@@ -1,6 +1,10 @@
 ´╗┐PHP                                                                        
NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.2.12
+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+  (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+  Stachowiak.  (Rasmus)
 - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
 - Fixed bug #49647 (DOMUserData does not exist). (Rob)
 - Fixed bug #49630 (imap_listscan function missing). (Felipe)

Modified: php/php-src/branches/PHP_5_2/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/file.c    2009-09-29 14:03:49 UTC 
(rev 288944)
+++ php/php-src/branches/PHP_5_2/ext/standard/file.c    2009-09-29 14:14:02 UTC 
(rev 288945)
@@ -838,6 +838,10 @@
        convert_to_string_ex(arg1);
        convert_to_string_ex(arg2);

+       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+               RETURN_FALSE;
+       }
+
        if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
                RETURN_FALSE;
        }

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-09-29 14:03:49 UTC (rev 288944)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-09-29 14:14:02 UTC (rev 288945)
@@ -8,6 +8,10 @@
 - Implemented FR #49253 (added support for libcurl's CERTINFO option).
   (Linus Nielsen Feltzing <li...@haxx.se>)

+- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
+  (Rasmus)
+- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
+  Stachowiak.  (Rasmus)
 - Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
 - Fixed bug #49647 (DOMUserData does not exist). (Rob)
 - Fixed bug #49630 (imap_listscan function missing). (Felipe)

Modified: php/php-src/branches/PHP_5_3/ext/standard/file.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/file.c    2009-09-29 14:03:49 UTC 
(rev 288944)
+++ php/php-src/branches/PHP_5_3/ext/standard/file.c    2009-09-29 14:14:02 UTC 
(rev 288945)
@@ -846,6 +846,10 @@
                return;
        }

+       if (PG(safe_mode) &&(!php_checkuid(dir, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+               RETURN_FALSE;
+       }
+
        if (php_check_open_basedir(dir TSRMLS_CC)) {
                RETURN_FALSE;
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to