Re: [PHP-DEV] Patches for odbc_execute()

[Dan Kalowsky]

Yeah yeah I'm doing some tests on them here before I commit them.  No
worries, I've seen your messages :)

On 14 Feb 2002, Lars Torben Wilson wrote:

> Could someone check these out and commit them (or similar)? At
> the moment, odbc_execute() allows any script to view any file
> without regard to safe_mode or open_basedir, and also under
> certain circumstances can corrupt its parameters. See Bug #15516
> for more info. It may be desirable to change this mechanism
> entirely, since presently you can't use odbc replaceable params
> to enter strings which start and end with quotes.
>
> If these changes are not suitable, could someone email me a
> comment explaining why? Thanks...
>
> Index: php_odbc.c
> ===================================================================
> RCS file: /repository/php4/ext/odbc/php_odbc.c,v
> retrieving revision 1.115
> diff -u -r1.115 php_odbc.c
> --- php_odbc.c        30 Jan 2002 21:54:54 -0000      1.115
> +++ php_odbc.c        13 Feb 2002 08:52:27 -0000
> @@ -943,12 +943,23 @@
>                       else
>                               ctype = SQL_C_CHAR;
>
> -                     if (Z_STRVAL_PP(tmp)[0] == '\'' &&
> +                     if (Z_STRLEN_PP(tmp) > 2 &&
> +                             Z_STRVAL_PP(tmp)[0] == '\'' &&
>                               Z_STRVAL_PP(tmp)[Z_STRLEN_PP(tmp) - 1] == '\'') {
> -                             filename = &Z_STRVAL_PP(tmp)[1];
> -                             filename[Z_STRLEN_PP(tmp) - 2] = '\0';
> +                             filename = estrndup(&Z_STRVAL_PP(tmp)[1], 
>Z_STRLEN_PP(tmp) - 2);
> +                             filename[strlen(filename)] = '\0';
>
> -                if ((params[i-1].fp = open(filename,O_RDONLY)) == -1) {
> +                             /* Check for safe mode. */
> +                             if (PG(safe_mode) &&(!php_checkuid(filename, NULL,
> CHECKUID_CHECK_FILE_AND_DIR))) {
> +                                     RETURN_FALSE;
> +                             }
> +
> +                             /* Check the basedir */
> +                             if (php_check_open_basedir(filename TSRMLS_CC)) {
> +                                     RETURN_FALSE;
> +                             }
> +
> +                             if ((params[i-1].fp = open(filename,O_RDONLY)) == -1) {
>                                       php_error(E_WARNING,"Can't open file %s", 
>filename);
>                                       SQLFreeStmt(result->stmt, SQL_RESET_PARAMS);
>                                       for(i = 0; i < result->numparams; i++) {
> @@ -957,8 +968,11 @@
>                                               }
>                                       }
>                                       efree(params);
> +                                     efree(filename);
>                                       RETURN_FALSE;
>                               }
> +
> +                             efree(filename);
>
>                               params[i-1].vallen = SQL_LEN_DATA_AT_EXEC(0);
>
>
>
>
>
>

>---------------------------------------------------------------<
Dan Kalowsky                    "Tonight I think I'll walk alone.
http://www.deadmime.org/~dank    I'll find soul as I go home."
[EMAIL PROTECTED]                - "Temptation", New Order


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php