pajoye                                   Tue, 28 Sep 2010 13:28:55 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=303823

Log:
- Fixed possible flaw in open_basedir (CVE-2010-3436)

Changed paths:
    U   php/php-src/branches/PHP_5_2/main/fopen_wrappers.c

Modified: php/php-src/branches/PHP_5_2/main/fopen_wrappers.c
===================================================================
--- php/php-src/branches/PHP_5_2/main/fopen_wrappers.c  2010-09-28 13:00:26 UTC 
(rev 303822)
+++ php/php-src/branches/PHP_5_2/main/fopen_wrappers.c  2010-09-28 13:28:55 UTC 
(rev 303823)
@@ -188,8 +188,13 @@
 #else
                if (strncmp(resolved_basedir, resolved_name, 
resolved_basedir_len) == 0) {
 #endif
-                       /* File is in the right directory */
-                       return 0;
+                       if (resolved_name_len > resolved_basedir_len &&
+                               resolved_name[resolved_basedir_len] != 
PHP_DIR_SEPARATOR) {
+                               return -1;
+                       } else {
+                               /* File is in the right directory */
+                               return 0;
+                       }
                } else {
                        /* /openbasedir/ and /openbasedir are the same 
directory */
                        if (resolved_basedir_len == (resolved_name_len + 1) && 
resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to