Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
On Thu, 2003-03-27 at 01:15, Andi Gutmans wrote: OK... :) I hope no one tries to efree() this though. I hope so too. I'm not sure, between this and return NULL, and then having callers check for it. -Sterling At 11:03 PM 3/26/2003 +, Sterling Hughes wrote: sterlingWed Mar 26 18:03:48 2003 EDT Modified files: /php4/main fopen_wrappers.c Log: really fix Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.160 php4/main/fopen_wrappers.c:1.161 --- php4/main/fopen_wrappers.c:1.160Wed Mar 26 18:01:39 2003 +++ php4/main/fopen_wrappers.c Wed Mar 26 18:03:48 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */ +/* $Id: fopen_wrappers.c,v 1.161 2003/03/26 23:03:48 sterling Exp $ */ /* {{{ includes */ @@ -493,7 +493,7 @@ register char *p, *url_start; if (url == NULL) { - return NULL; + return ; } p = url; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Reductionists like to take things apart. The rest of us are just trying to get it together. - Larry Wall, Programming Perl, 3rd Edition -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
How about using empty_string? As it can't be freed by STR_FREE(), we can reduce certain risks. Moriyoshit Sterling Hughes [EMAIL PROTECTED] wrote: On Thu, 2003-03-27 at 01:15, Andi Gutmans wrote: OK... :) I hope no one tries to efree() this though. I hope so too. I'm not sure, between this and return NULL, and then having callers check for it. -Sterling At 11:03 PM 3/26/2003 +, Sterling Hughes wrote: sterlingWed Mar 26 18:03:48 2003 EDT Modified files: /php4/main fopen_wrappers.c Log: really fix Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.160 php4/main/fopen_wrappers.c:1.161 --- php4/main/fopen_wrappers.c:1.160Wed Mar 26 18:01:39 2003 +++ php4/main/fopen_wrappers.c Wed Mar 26 18:03:48 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */ +/* $Id: fopen_wrappers.c,v 1.161 2003/03/26 23:03:48 sterling Exp $ */ /* {{{ includes */ @@ -493,7 +493,7 @@ register char *p, *url_start; if (url == NULL) { - return NULL; + return ; } p = url; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Reductionists like to take things apart. The rest of us are just trying to get it together. - Larry Wall, Programming Perl, 3rd Edition -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
On Thu, 2003-03-27 at 11:23, Moriyoshi Koizumi wrote: Moriyoshi Koizumi [EMAIL PROTECTED] wrote: Moriyoshit Oh, I'm no shit... Uh-oh, I think you just got a new nickname. empty_string can be free'd by efree() which is what we're worrying about more anyway. -Sterling Moriyoshi -- Good judgement comes from experience, and experience comes from bad judgement. - Fred Brooks -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
sterlingWed Mar 26 18:01:39 2003 EDT Modified files: /php4/main fopen_wrappers.c Log: fix segfault Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.159 php4/main/fopen_wrappers.c:1.160 --- php4/main/fopen_wrappers.c:1.159Sun Feb 23 17:30:02 2003 +++ php4/main/fopen_wrappers.c Wed Mar 26 18:01:39 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.159 2003/02/23 22:30:02 sniper Exp $ */ +/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */ /* {{{ includes */ @@ -490,7 +490,13 @@ */ PHPAPI char *php_strip_url_passwd(char *url) { - register char *p = url, *url_start; + register char *p, *url_start; + + if (url == NULL) { + return NULL; + } + + p = url; while (*p) { if (*p==':' *(p+1)=='/' *(p+2)=='/') { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
sterlingWed Mar 26 18:03:48 2003 EDT Modified files: /php4/main fopen_wrappers.c Log: really fix Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.160 php4/main/fopen_wrappers.c:1.161 --- php4/main/fopen_wrappers.c:1.160Wed Mar 26 18:01:39 2003 +++ php4/main/fopen_wrappers.c Wed Mar 26 18:03:48 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */ +/* $Id: fopen_wrappers.c,v 1.161 2003/03/26 23:03:48 sterling Exp $ */ /* {{{ includes */ @@ -493,7 +493,7 @@ register char *p, *url_start; if (url == NULL) { - return NULL; + return ; } p = url; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
sniper Sun Feb 23 17:30:02 2003 EDT Modified files: /php4/main fopen_wrappers.c Log: MFB: Fix for open_basedir error message Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.158 php4/main/fopen_wrappers.c:1.159 --- php4/main/fopen_wrappers.c:1.158Wed Feb 19 03:40:18 2003 +++ php4/main/fopen_wrappers.c Sun Feb 23 17:30:02 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.158 2003/02/19 08:40:18 sniper Exp $ */ +/* $Id: fopen_wrappers.c,v 1.159 2003/02/23 22:30:02 sniper Exp $ */ /* {{{ includes */ @@ -191,7 +191,7 @@ ptr = end; } php_error_docref(NULL TSRMLS_CC, E_WARNING, - open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s), path, pathbuf); + open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s), path, PG(open_basedir)); efree(pathbuf); errno = EPERM; /* we deny permission to open it */ return -1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
shane Sun Dec 1 16:28:28 2002 EDT Modified files: /php4/main fopen_wrappers.c Log: php_error_docref aborts cgi. This broke using php as cgi under apache/mod_cgi with the cgi-script directive and bang lines in php scripts. removing it allows this to work again. Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154 --- php4/main/fopen_wrappers.c:1.153Fri Nov 8 17:48:01 2002 +++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002 @@ -16,7 +16,7 @@ | Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */ /* {{{ includes */ @@ -348,8 +348,8 @@ fp = NULL; } if (!fp) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s, filename); STR_FREE(SG(request_info).path_translated); /* for same reason as above */ + SG(request_info).path_translated = NULL; return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
Why not simply change from E_ERROR to E_WARNING? marcus At 22:28 01.12.2002, Shane Caraveo wrote: shane Sun Dec 1 16:28:28 2002 EDT Modified files: /php4/main fopen_wrappers.c Log: php_error_docref aborts cgi. This broke using php as cgi under apache/mod_cgi with the cgi-script directive and bang lines in php scripts. removing it allows this to work again. Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154 --- php4/main/fopen_wrappers.c:1.153Fri Nov 8 17:48:01 2002 +++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002 @@ -16,7 +16,7 @@ | Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */ /* {{{ includes */ @@ -348,8 +348,8 @@ fp = NULL; } if (!fp) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s, filename); STR_FREE(SG(request_info).path_translated); /* for same reason as above */ + SG(request_info).path_translated = NULL; return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
MFH?? And are there possibly some bug reports caused by this..? --Jani On Sun, 1 Dec 2002, Shane Caraveo wrote: shane Sun Dec 1 16:28:28 2002 EDT Modified files: /php4/main fopen_wrappers.c Log: php_error_docref aborts cgi. This broke using php as cgi under apache/mod_cgi with the cgi-script directive and bang lines in php scripts. removing it allows this to work again. Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154 --- php4/main/fopen_wrappers.c:1.153 Fri Nov 8 17:48:01 2002 +++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002 @@ -16,7 +16,7 @@ | Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */ /* {{{ includes */ @@ -348,8 +348,8 @@ fp = NULL; } if (!fp) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s, filename); STR_FREE(SG(request_info).path_translated); /* for same reason as above */ + SG(request_info).path_translated = NULL; return FAILURE; } -- - For Sale! - -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
See my postings on php-dev about this. This particular patch is just one part of the problem. Shane Jani Taskinen wrote: MFH?? And are there possibly some bug reports caused by this..? --Jani On Sun, 1 Dec 2002, Shane Caraveo wrote: shane Sun Dec 1 16:28:28 2002 EDT Modified files: /php4/main fopen_wrappers.c Log: php_error_docref aborts cgi. This broke using php as cgi under apache/mod_cgi with the cgi-script directive and bang lines in php scripts. removing it allows this to work again. Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154 --- php4/main/fopen_wrappers.c:1.153 Fri Nov 8 17:48:01 2002 +++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002 @@ -16,7 +16,7 @@ | Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */ /* {{{ includes */ @@ -348,8 +348,8 @@ fp = NULL; } if (!fp) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s, filename); STR_FREE(SG(request_info).path_translated); /* for same reason as above */ + SG(request_info).path_translated = NULL; return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
iliaa Fri Nov 8 17:48:02 2002 EDT Modified files: /php4/main fopen_wrappers.c Log: Made open_basedir error more descriptive. Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.152 php4/main/fopen_wrappers.c:1.153 --- php4/main/fopen_wrappers.c:1.152Tue Nov 5 09:50:17 2002 +++ php4/main/fopen_wrappers.c Fri Nov 8 17:48:01 2002 @@ -16,7 +16,7 @@ | Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: fopen_wrappers.c,v 1.152 2002/11/05 14:50:17 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */ /* {{{ includes */ @@ -191,7 +191,8 @@ ptr = end; } - php_error_docref(NULL TSRMLS_CC, E_WARNING, open_basedir restriction in effect. File is in wrong directory); + php_error_docref(NULL TSRMLS_CC, E_WARNING, + open_basedir restriction in effect. File(%s) is not within +the allowed path(s): (%s), path, pathbuf); efree(pathbuf); errno = EPERM; /* we deny permission to open it */ return -1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c TSRM tsrm_virtual_cwd.c tsrm_virtual_cwd.h
iliaa Tue Nov 5 09:50:17 2002 EDT Modified files: /TSRM tsrm_virtual_cwd.h tsrm_virtual_cwd.c /php4/main fopen_wrappers.c Log: Added 4th argument to virtual_file_ex() that specifies whether or not realpath() should be used during path resolving. In a number of functions we do not want to use realpath(), since realpath() will resolve symlinks. Index: TSRM/tsrm_virtual_cwd.h diff -u TSRM/tsrm_virtual_cwd.h:1.23 TSRM/tsrm_virtual_cwd.h:1.24 --- TSRM/tsrm_virtual_cwd.h:1.23Mon Nov 4 18:24:15 2002 +++ TSRM/tsrm_virtual_cwd.h Tue Nov 5 09:50:16 2002 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: tsrm_virtual_cwd.h,v 1.23 2002/11/04 23:24:15 iliaa Exp $ */ +/* $Id: tsrm_virtual_cwd.h,v 1.24 2002/11/05 14:50:16 iliaa Exp $ */ #ifndef VIRTUAL_CWD_H #define VIRTUAL_CWD_H @@ -163,7 +163,7 @@ CWD_API int virtual_chown(const char *filename, uid_t owner, gid_t group TSRMLS_DC); #endif -CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func verify_path); +CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func +verify_path, int use_realpath); typedef struct _virtual_cwd_globals { cwd_state cwd; Index: TSRM/tsrm_virtual_cwd.c diff -u TSRM/tsrm_virtual_cwd.c:1.39 TSRM/tsrm_virtual_cwd.c:1.40 --- TSRM/tsrm_virtual_cwd.c:1.39Mon Nov 4 18:24:15 2002 +++ TSRM/tsrm_virtual_cwd.c Tue Nov 5 09:50:16 2002 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: tsrm_virtual_cwd.c,v 1.39 2002/11/04 23:24:15 iliaa Exp $ */ +/* $Id: tsrm_virtual_cwd.c,v 1.40 2002/11/05 14:50:16 iliaa Exp $ */ #include sys/types.h #include sys/stat.h @@ -284,7 +284,7 @@ /* Resolve path relatively to state and put the real path into state */ /* returns 0 for ok, 1 for error */ -CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func verify_path) +CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func +verify_path, int use_realpath) { int path_length = strlen(path); char *ptr, *path_copy; @@ -304,7 +304,7 @@ #if !defined(TSRM_WIN32) !defined(NETWARE) if (IS_ABSOLUTE_PATH(path, path_length)) { - if (realpath(path, resolved_path)) { + if (use_realpath realpath(path, resolved_path)) { path = resolved_path; path_length = strlen(path); } @@ -322,7 +322,7 @@ memcpy(ptr, path, path_length); ptr += path_length; *ptr = '\0'; - if (realpath(tmp, resolved_path)) { + if (use_realpath realpath(tmp, resolved_path)) { path = resolved_path; path_length = strlen(path); } @@ -439,7 +439,7 @@ CWD_API int virtual_chdir(const char *path TSRMLS_DC) { - return virtual_file_ex(CWDG(cwd), path, php_is_dir_ok)?-1:0; + return virtual_file_ex(CWDG(cwd), path, php_is_dir_ok, 1)?-1:0; } CWD_API int virtual_chdir_file(const char *path, int (*p_chdir)(const char *path TSRMLS_DC) TSRMLS_DC) @@ -480,7 +480,7 @@ int retval; CWD_STATE_COPY(new_state, CWDG(cwd)); - retval = virtual_file_ex(new_state, path, NULL); + retval = virtual_file_ex(new_state, path, NULL, 1); if (!retval) { int len = new_state.cwd_lengthMAXPATHLEN-1?MAXPATHLEN-1:new_state.cwd_length; @@ -498,7 +498,7 @@ int retval; CWD_STATE_COPY(new_state, CWDG(cwd)); - retval = virtual_file_ex(new_state, path, verify_path); + retval = virtual_file_ex(new_state, path, verify_path, 1); *filepath = new_state.cwd; @@ -521,7 +521,7 @@ } CWD_STATE_COPY(new_state, CWDG(cwd)); - virtual_file_ex(new_state, path, NULL); + virtual_file_ex(new_state, path, NULL, 1); f = fopen(new_state.cwd, mode); @@ -536,7 +536,7 @@ int ret; CWD_STATE_COPY(new_state, CWDG(cwd)); - virtual_file_ex(new_state, pathname, NULL); + virtual_file_ex(new_state, pathname, NULL, 1); ret = access(new_state.cwd, mode); @@ -554,7 +554,7 @@ int ret; CWD_STATE_COPY(new_state, CWDG(cwd)); - virtual_file_ex(new_state, filename, NULL); + virtual_file_ex(new_state, filename, NULL, 0); ret = utime(new_state.cwd, buf); @@ -569,7 +569,7 @@ int ret; CWD_STATE_COPY(new_state, CWDG(cwd)); - virtual_file_ex(new_state, filename, NULL); + virtual_file_ex(new_state, filename, NULL, 1); ret = chmod(new_state.cwd, mode); @@ -584,7 +584,7 @@ int ret; CWD_STATE_COPY(new_state, CWDG(cwd)); - virtual_file_ex(new_state, filename, NULL); + virtual_file_ex(new_state,
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
rasmus Sat Sep 28 12:10:43 2002 EDT Modified files: /php4/main fopen_wrappers.c Log: Probable fix for bug #19292 Index: php4/main/fopen_wrappers.c diff -u php4/main/fopen_wrappers.c:1.148 php4/main/fopen_wrappers.c:1.149 --- php4/main/fopen_wrappers.c:1.148Sun Sep 22 14:30:38 2002 +++ php4/main/fopen_wrappers.c Sat Sep 28 12:10:43 2002 @@ -16,7 +16,7 @@ | Jim Winstead [EMAIL PROTECTED] | +--+ */ -/* $Id: fopen_wrappers.c,v 1.148 2002/09/22 18:30:38 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.149 2002/09/28 16:10:43 rasmus Exp $ */ /* {{{ includes */ @@ -199,8 +199,8 @@ */ PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) { - /* Only check when safe_mode on and safe_mode_include_dir is available */ - if (PG(safe_mode) PG(safe_mode_include_dir) + /* Only check when safe_mode or open_basedir is on and safe_mode_include_dir +is available */ + if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) +PG(safe_mode_include_dir) *PG(safe_mode_include_dir)) { char *pathbuf; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php