Hello ... It's been a while since I've actively been
committing to PHP. So I thought I'd run this by everyone
first.
This is a patch to change the behavior of the PHP.INI
directive "safe_mode_include_dir" (which I added about 6
months ago). As it is currently, "safe_mode_include_dir"
takes a single directory (ie. /usr/local/lib/php) and
bypasses UID/GID checks on files included from that
directory.
This patch changes the behavior to allow a path-style list
of directories to be listed (similar to "include_path").
While I was at it, I made the code surrounding the check
much more readable by separating the safe_mode_include_dir
check into a separate function (a la open_base_dir_check).
Since a single directory is a valid path-style string, this
patch is completely backward compatible. Unless I broke
anything in the actual checking, which is another reason I
am posting this before I commit it. I cannot get current
CVS to build, so this patch is off of php-4.1.1, but
applies cleanly to php-cvs.
Thanks,
-James
# Patch to change PHP-4.1.1 to allow multiple
# safe_mode_include_dir directories (PATH-style string)
#
# By James Flemer <[EMAIL PROTECTED]>
# 2002-02-01
#
--- php-4.1.1/main/fopen_wrappers.h.orig Sat Aug 4 21:42:43 2001
+++ php-4.1.1/main/fopen_wrappers.h Fri Feb 1 12:38:52 2002
@@ -74,6 +74,8 @@
PHPAPI int php_check_open_basedir(char *path TSRMLS_DC);
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path TSRMLS_DC);
+PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC);
+
PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char
**opened_path TSRMLS_DC);
PHPAPI int php_is_url(char *path);
--- php-4.1.1/main/fopen_wrappers.c.orig Sat Aug 4 21:42:43 2001
+++ php-4.1.1/main/fopen_wrappers.c Fri Feb 1 12:45:04 2002
@@ -221,6 +221,57 @@
}
/* }}} */
+/* {{{ php_check_safe_mode_include_dir
+ */
+PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC)
+{
+ /* Only check when safe_mode on and safe_mode_include_dir is available */
+ if (PG(safe_mode) && PG(safe_mode_include_dir) &&
+ *PG(safe_mode_include_dir))
+ {
+ char *pathbuf;
+ char *ptr;
+ char *end;
+ char resolved_name[MAXPATHLEN];
+
+ /* Resolve the real path into resolved_name */
+ if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL)
+ return -1;
+
+ pathbuf = estrdup(PG(safe_mode_include_dir));
+
+ ptr = pathbuf;
+
+ while (ptr && *ptr) {
+ end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ if (end != NULL) {
+ *end = '\0';
+ end++;
+ }
+
+ /* Check the path */
+#ifdef PHP_WIN32
+ if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
+#else
+ if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
+#endif
+ {
+ /* File is in the right directory */
+ efree(pathbuf);
+ return 0;
+ }
+
+ ptr = end;
+ }
+ efree(pathbuf);
+ return -1;
+ }
+
+ /* Nothing to check... */
+ return 0;
+}
+/* }}} */
+
/* {{{ php_fopen_and_set_opened_path
*/
static FILE *php_fopen_and_set_opened_path(const char *path, char *mode, char
**opened_path TSRMLS_DC)
@@ -375,13 +426,10 @@
char *pathbuf, *ptr, *end;
char *exec_fname;
char trypath[MAXPATHLEN];
- char trydir[MAXPATHLEN];
- char safe_mode_include_dir[MAXPATHLEN];
struct stat sb;
FILE *fp;
int path_length;
int filename_length;
- int safe_mode_include_dir_length;
int exec_fname_length;
if (opened_path) {
@@ -406,32 +454,16 @@
* files in safe_mode_include_dir (or subdir) are excluded from
* safe mode GID/UID checks
*/
- *safe_mode_include_dir = 0;
- safe_mode_include_dir_length = 0;
- if(PG(safe_mode_include_dir) && VCWD_REALPATH(PG(safe_mode_include_dir),
safe_mode_include_dir)) {
- safe_mode_include_dir_length = strlen(safe_mode_include_dir);
- }
/* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
- /* Check to see if file is in safe_mode_include_dir (or subdir) */
- if (PG(safe_mode) && *safe_mode_include_dir && VCWD_REALPATH(filename,
trypath)) {
-#ifdef PHP_WIN32
- if (strncasecmp(safe_mode_include_dir, trypath,
safe_mode_include_dir_length) == 0)
-#else
- if (strncmp(safe_mode_include_dir, trypath,
safe_mode_include_dir_length) == 0)
-#endif
- {
- /* absolute path matches safe_mode_include_dir */
- fp = php_fopen_and_set_opened_path(trypath, mode,
opened_path TSRMLS_CC);
- if (fp) {
- return fp;
- }
- }
- }
- if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM))) {
+ if ((php_check_safe_mode_include_dir(filename)) == 0)
+ /* filename is in safe_mode_include_dir (or subdir) */
+ return php_fopen_and_set_opened_path(filename, mode,
+opened_path TSRMLS_CC);
+
+ if (PG(safe_mode) && (!php_checkuid(filename, mode,
+CHECKUID_CHECK_MODE_PARAM)))
return NULL;
- }
+
return php_fopen_and_set_opened_path(filename, mode, opened_path
TSRMLS_CC);
}
@@ -476,26 +508,18 @@
end++;
}
snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename);
- /* Check to see trypath is in safe_mode_include_dir (or subdir) */
- if (PG(safe_mode) && *safe_mode_include_dir && VCWD_REALPATH(trypath,
trydir)) {
-#ifdef PHP_WIN32
- if (strncasecmp(safe_mode_include_dir, trydir,
safe_mode_include_dir_length) == 0)
-#else
- if (strncmp(safe_mode_include_dir, trydir,
safe_mode_include_dir_length) == 0)
-#endif
- {
- /* trypath is in safe_mode_include_dir */
- fp = php_fopen_and_set_opened_path(trydir, mode,
opened_path TSRMLS_CC);
- if (fp) {
- efree(pathbuf);
- return fp;
- }
- }
- }
if (PG(safe_mode)) {
- if (VCWD_STAT(trypath, &sb) == 0 && (!php_checkuid(trypath,
mode, CHECKUID_CHECK_MODE_PARAM))) {
+ if (VCWD_STAT(trypath, &sb) == 0) {
+ /* file exists ... check permission */
+ if ((php_check_safe_mode_include_dir(trypath) == 0) ||
+ php_checkuid(trypath, mode,
+CHECKUID_CHECK_MODE_PARAM))
+ /* UID ok, or trypath is in
+safe_mode_include_dir */
+ fp = php_fopen_and_set_opened_path(trypath,
+mode, opened_path TSRMLS_CC);
+ else
+ fp = NULL;
+
efree(pathbuf);
- return NULL;
+ return fp;
}
}
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path
TSRMLS_CC);
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
