pajoye Tue, 28 Sep 2010 13:28:55 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=303823
Log:
- Fixed possible flaw in open_basedir (CVE-2010-3436)
Changed paths:
U php/php-src/branches/PHP_5_2/main/fopen_wrappers.c
Modified: php/php-src/branches/PHP_5_2/main/fopen_wrappers.c
===================================================================
--- php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-09-28 13:00:26 UTC
(rev 303822)
+++ php/php-src/branches/PHP_5_2/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC
(rev 303823)
@@ -188,8 +188,13 @@
#else
if (strncmp(resolved_basedir, resolved_name,
resolved_basedir_len) == 0) {
#endif
- /* File is in the right directory */
- return 0;
+ if (resolved_name_len > resolved_basedir_len &&
+ resolved_name[resolved_basedir_len] !=
PHP_DIR_SEPARATOR) {
+ return -1;
+ } else {
+ /* File is in the right directory */
+ return 0;
+ }
} else {
/* /openbasedir/ and /openbasedir are the same
directory */
if (resolved_basedir_len == (resolved_name_len + 1) &&
resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
