pajoye Tue, 28 Sep 2010 13:29:33 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=303824
Log:
- Fixed possible flaw in open_basedir (CVE-2010-3436)
Changed paths:
U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c
U php/php-src/trunk/main/fopen_wrappers.c
Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c
===================================================================
--- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC
(rev 303823)
+++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC
(rev 303824)
@@ -250,8 +250,13 @@
#else
if (strncmp(resolved_basedir, resolved_name,
resolved_basedir_len) == 0) {
#endif
- /* File is in the right directory */
- return 0;
+ if (resolved_name_len > resolved_basedir_len &&
+ resolved_name[resolved_basedir_len] !=
PHP_DIR_SEPARATOR) {
+ return -1;
+ } else {
+ /* File is in the right directory */
+ return 0;
+ }
} else {
/* /openbasedir/ and /openbasedir are the same
directory */
if (resolved_basedir_len == (resolved_name_len + 1) &&
resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
Modified: php/php-src/trunk/main/fopen_wrappers.c
===================================================================
--- php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev
303823)
+++ php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev
303824)
@@ -249,8 +249,13 @@
#else
if (strncmp(resolved_basedir, resolved_name,
resolved_basedir_len) == 0) {
#endif
- /* File is in the right directory */
- return 0;
+ if (resolved_name_len > resolved_basedir_len &&
+ resolved_name[resolved_basedir_len] !=
PHP_DIR_SEPARATOR) {
+ return -1;
+ } else {
+ /* File is in the right directory */
+ return 0;
+ }
} else {
/* /openbasedir/ and /openbasedir are the same
directory */
if (resolved_basedir_len == (resolved_name_len + 1) &&
resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
