Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
On Thu, 2003-03-27 at 01:15, Andi Gutmans wrote:
OK... :) I hope no one tries to efree() this though.
I hope so too. I'm not sure, between this and return NULL, and then
having callers check for it.
-Sterling
At 11:03 PM 3/26/2003 +, Sterling Hughes wrote:
sterlingWed Mar 26 18:03:48 2003 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
really fix
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.160 php4/main/fopen_wrappers.c:1.161
--- php4/main/fopen_wrappers.c:1.160Wed Mar 26 18:01:39 2003
+++ php4/main/fopen_wrappers.c Wed Mar 26 18:03:48 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */
+/* $Id: fopen_wrappers.c,v 1.161 2003/03/26 23:03:48 sterling Exp $ */
/* {{{ includes
*/
@@ -493,7 +493,7 @@
register char *p, *url_start;
if (url == NULL) {
- return NULL;
+ return ;
}
p = url;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Reductionists like to take things apart. The rest of us are
just trying to get it together.
- Larry Wall, Programming Perl, 3rd Edition
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
How about using empty_string? As it can't be freed by STR_FREE(), we can
reduce certain risks.
Moriyoshit
Sterling Hughes [EMAIL PROTECTED] wrote:
On Thu, 2003-03-27 at 01:15, Andi Gutmans wrote:
OK... :) I hope no one tries to efree() this though.
I hope so too. I'm not sure, between this and return NULL, and then
having callers check for it.
-Sterling
At 11:03 PM 3/26/2003 +, Sterling Hughes wrote:
sterlingWed Mar 26 18:03:48 2003 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
really fix
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.160 php4/main/fopen_wrappers.c:1.161
--- php4/main/fopen_wrappers.c:1.160Wed Mar 26 18:01:39 2003
+++ php4/main/fopen_wrappers.c Wed Mar 26 18:03:48 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */
+/* $Id: fopen_wrappers.c,v 1.161 2003/03/26 23:03:48 sterling Exp $ */
/* {{{ includes
*/
@@ -493,7 +493,7 @@
register char *p, *url_start;
if (url == NULL) {
- return NULL;
+ return ;
}
p = url;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Reductionists like to take things apart. The rest of us are
just trying to get it together.
- Larry Wall, Programming Perl, 3rd Edition
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
On Thu, 2003-03-27 at 11:23, Moriyoshi Koizumi wrote: Moriyoshi Koizumi [EMAIL PROTECTED] wrote: Moriyoshit Oh, I'm no shit... Uh-oh, I think you just got a new nickname. empty_string can be free'd by efree() which is what we're worrying about more anyway. -Sterling Moriyoshi -- Good judgement comes from experience, and experience comes from bad judgement. - Fred Brooks -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
sterlingWed Mar 26 18:01:39 2003 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
fix segfault
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.159 php4/main/fopen_wrappers.c:1.160
--- php4/main/fopen_wrappers.c:1.159Sun Feb 23 17:30:02 2003
+++ php4/main/fopen_wrappers.c Wed Mar 26 18:01:39 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.159 2003/02/23 22:30:02 sniper Exp $ */
+/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */
/* {{{ includes
*/
@@ -490,7 +490,13 @@
*/
PHPAPI char *php_strip_url_passwd(char *url)
{
- register char *p = url, *url_start;
+ register char *p, *url_start;
+
+ if (url == NULL) {
+ return NULL;
+ }
+
+ p = url;
while (*p) {
if (*p==':' *(p+1)=='/' *(p+2)=='/') {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
sterlingWed Mar 26 18:03:48 2003 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
really fix
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.160 php4/main/fopen_wrappers.c:1.161
--- php4/main/fopen_wrappers.c:1.160Wed Mar 26 18:01:39 2003
+++ php4/main/fopen_wrappers.c Wed Mar 26 18:03:48 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.160 2003/03/26 23:01:39 sterling Exp $ */
+/* $Id: fopen_wrappers.c,v 1.161 2003/03/26 23:03:48 sterling Exp $ */
/* {{{ includes
*/
@@ -493,7 +493,7 @@
register char *p, *url_start;
if (url == NULL) {
- return NULL;
+ return ;
}
p = url;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
sniper Sun Feb 23 17:30:02 2003 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
MFB: Fix for open_basedir error message
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.158 php4/main/fopen_wrappers.c:1.159
--- php4/main/fopen_wrappers.c:1.158Wed Feb 19 03:40:18 2003
+++ php4/main/fopen_wrappers.c Sun Feb 23 17:30:02 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.158 2003/02/19 08:40:18 sniper Exp $ */
+/* $Id: fopen_wrappers.c,v 1.159 2003/02/23 22:30:02 sniper Exp $ */
/* {{{ includes
*/
@@ -191,7 +191,7 @@
ptr = end;
}
php_error_docref(NULL TSRMLS_CC, E_WARNING,
- open_basedir restriction in effect. File(%s) is not within
the allowed path(s): (%s), path, pathbuf);
+ open_basedir restriction in effect. File(%s) is not within
the allowed path(s): (%s), path, PG(open_basedir));
efree(pathbuf);
errno = EPERM; /* we deny permission to open it */
return -1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
shane Sun Dec 1 16:28:28 2002 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
php_error_docref aborts cgi. This broke using php as cgi under
apache/mod_cgi with the cgi-script directive and bang lines in php scripts.
removing it allows this to work again.
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154
--- php4/main/fopen_wrappers.c:1.153Fri Nov 8 17:48:01 2002
+++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002
@@ -16,7 +16,7 @@
| Jim Winstead [EMAIL PROTECTED] |
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */
+/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */
/* {{{ includes
*/
@@ -348,8 +348,8 @@
fp = NULL;
}
if (!fp) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s,
filename);
STR_FREE(SG(request_info).path_translated); /* for same reason as
above */
+ SG(request_info).path_translated = NULL;
return FAILURE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
Why not simply change from E_ERROR to E_WARNING?
marcus
At 22:28 01.12.2002, Shane Caraveo wrote:
shane Sun Dec 1 16:28:28 2002 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
php_error_docref aborts cgi. This broke using php as cgi under
apache/mod_cgi with the cgi-script directive and bang lines in php scripts.
removing it allows this to work again.
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154
--- php4/main/fopen_wrappers.c:1.153Fri Nov 8 17:48:01 2002
+++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002
@@ -16,7 +16,7 @@
| Jim Winstead [EMAIL PROTECTED] |
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */
+/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */
/* {{{ includes
*/
@@ -348,8 +348,8 @@
fp = NULL;
}
if (!fp) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open
%s, filename);
STR_FREE(SG(request_info).path_translated); /* for
same reason as above */
+ SG(request_info).path_translated = NULL;
return FAILURE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
MFH?? And are there possibly some bug reports caused by this..?
--Jani
On Sun, 1 Dec 2002, Shane Caraveo wrote:
shane Sun Dec 1 16:28:28 2002 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
php_error_docref aborts cgi. This broke using php as cgi under
apache/mod_cgi with the cgi-script directive and bang lines in php scripts.
removing it allows this to work again.
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154
--- php4/main/fopen_wrappers.c:1.153 Fri Nov 8 17:48:01 2002
+++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002
@@ -16,7 +16,7 @@
| Jim Winstead [EMAIL PROTECTED] |
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */
+/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */
/* {{{ includes
*/
@@ -348,8 +348,8 @@
fp = NULL;
}
if (!fp) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s,
filename);
STR_FREE(SG(request_info).path_translated); /* for same reason as
above */
+ SG(request_info).path_translated = NULL;
return FAILURE;
}
--
- For Sale! -
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main fopen_wrappers.c
See my postings on php-dev about this. This particular patch is just
one part of the problem.
Shane
Jani Taskinen wrote:
MFH?? And are there possibly some bug reports caused by this..?
--Jani
On Sun, 1 Dec 2002, Shane Caraveo wrote:
shane Sun Dec 1 16:28:28 2002 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
php_error_docref aborts cgi. This broke using php as cgi under
apache/mod_cgi with the cgi-script directive and bang lines in php scripts.
removing it allows this to work again.
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.153 php4/main/fopen_wrappers.c:1.154
--- php4/main/fopen_wrappers.c:1.153 Fri Nov 8 17:48:01 2002
+++ php4/main/fopen_wrappers.c Sun Dec 1 16:28:27 2002
@@ -16,7 +16,7 @@
| Jim Winstead [EMAIL PROTECTED] |
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */
+/* $Id: fopen_wrappers.c,v 1.154 2002/12/01 21:28:27 shane Exp $ */
/* {{{ includes
*/
@@ -348,8 +348,8 @@
fp = NULL;
}
if (!fp) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Unable to open %s, filename);
STR_FREE(SG(request_info).path_translated); /* for same reason as above */
+ SG(request_info).path_translated = NULL;
return FAILURE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
iliaa Fri Nov 8 17:48:02 2002 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
Made open_basedir error more descriptive.
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.152 php4/main/fopen_wrappers.c:1.153
--- php4/main/fopen_wrappers.c:1.152Tue Nov 5 09:50:17 2002
+++ php4/main/fopen_wrappers.c Fri Nov 8 17:48:01 2002
@@ -16,7 +16,7 @@
| Jim Winstead [EMAIL PROTECTED] |
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.152 2002/11/05 14:50:17 iliaa Exp $ */
+/* $Id: fopen_wrappers.c,v 1.153 2002/11/08 22:48:01 iliaa Exp $ */
/* {{{ includes
*/
@@ -191,7 +191,8 @@
ptr = end;
}
- php_error_docref(NULL TSRMLS_CC, E_WARNING, open_basedir restriction
in effect. File is in wrong directory);
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
+ open_basedir restriction in effect. File(%s) is not within
+the allowed path(s): (%s), path, pathbuf);
efree(pathbuf);
errno = EPERM; /* we deny permission to open it */
return -1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main fopen_wrappers.c TSRM tsrm_virtual_cwd.c tsrm_virtual_cwd.h
iliaa Tue Nov 5 09:50:17 2002 EDT
Modified files:
/TSRM tsrm_virtual_cwd.h tsrm_virtual_cwd.c
/php4/main fopen_wrappers.c
Log:
Added 4th argument to virtual_file_ex() that specifies whether or not
realpath() should be used during path resolving. In a number of functions
we do not want to use realpath(), since realpath() will resolve symlinks.
Index: TSRM/tsrm_virtual_cwd.h
diff -u TSRM/tsrm_virtual_cwd.h:1.23 TSRM/tsrm_virtual_cwd.h:1.24
--- TSRM/tsrm_virtual_cwd.h:1.23Mon Nov 4 18:24:15 2002
+++ TSRM/tsrm_virtual_cwd.h Tue Nov 5 09:50:16 2002
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: tsrm_virtual_cwd.h,v 1.23 2002/11/04 23:24:15 iliaa Exp $ */
+/* $Id: tsrm_virtual_cwd.h,v 1.24 2002/11/05 14:50:16 iliaa Exp $ */
#ifndef VIRTUAL_CWD_H
#define VIRTUAL_CWD_H
@@ -163,7 +163,7 @@
CWD_API int virtual_chown(const char *filename, uid_t owner, gid_t group TSRMLS_DC);
#endif
-CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
verify_path);
+CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
+verify_path, int use_realpath);
typedef struct _virtual_cwd_globals {
cwd_state cwd;
Index: TSRM/tsrm_virtual_cwd.c
diff -u TSRM/tsrm_virtual_cwd.c:1.39 TSRM/tsrm_virtual_cwd.c:1.40
--- TSRM/tsrm_virtual_cwd.c:1.39Mon Nov 4 18:24:15 2002
+++ TSRM/tsrm_virtual_cwd.c Tue Nov 5 09:50:16 2002
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: tsrm_virtual_cwd.c,v 1.39 2002/11/04 23:24:15 iliaa Exp $ */
+/* $Id: tsrm_virtual_cwd.c,v 1.40 2002/11/05 14:50:16 iliaa Exp $ */
#include sys/types.h
#include sys/stat.h
@@ -284,7 +284,7 @@
/* Resolve path relatively to state and put the real path into state */
/* returns 0 for ok, 1 for error */
-CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
verify_path)
+CWD_API int virtual_file_ex(cwd_state *state, const char *path, verify_path_func
+verify_path, int use_realpath)
{
int path_length = strlen(path);
char *ptr, *path_copy;
@@ -304,7 +304,7 @@
#if !defined(TSRM_WIN32) !defined(NETWARE)
if (IS_ABSOLUTE_PATH(path, path_length)) {
- if (realpath(path, resolved_path)) {
+ if (use_realpath realpath(path, resolved_path)) {
path = resolved_path;
path_length = strlen(path);
}
@@ -322,7 +322,7 @@
memcpy(ptr, path, path_length);
ptr += path_length;
*ptr = '\0';
- if (realpath(tmp, resolved_path)) {
+ if (use_realpath realpath(tmp, resolved_path)) {
path = resolved_path;
path_length = strlen(path);
}
@@ -439,7 +439,7 @@
CWD_API int virtual_chdir(const char *path TSRMLS_DC)
{
- return virtual_file_ex(CWDG(cwd), path, php_is_dir_ok)?-1:0;
+ return virtual_file_ex(CWDG(cwd), path, php_is_dir_ok, 1)?-1:0;
}
CWD_API int virtual_chdir_file(const char *path, int (*p_chdir)(const char *path
TSRMLS_DC) TSRMLS_DC)
@@ -480,7 +480,7 @@
int retval;
CWD_STATE_COPY(new_state, CWDG(cwd));
- retval = virtual_file_ex(new_state, path, NULL);
+ retval = virtual_file_ex(new_state, path, NULL, 1);
if (!retval) {
int len =
new_state.cwd_lengthMAXPATHLEN-1?MAXPATHLEN-1:new_state.cwd_length;
@@ -498,7 +498,7 @@
int retval;
CWD_STATE_COPY(new_state, CWDG(cwd));
- retval = virtual_file_ex(new_state, path, verify_path);
+ retval = virtual_file_ex(new_state, path, verify_path, 1);
*filepath = new_state.cwd;
@@ -521,7 +521,7 @@
}
CWD_STATE_COPY(new_state, CWDG(cwd));
- virtual_file_ex(new_state, path, NULL);
+ virtual_file_ex(new_state, path, NULL, 1);
f = fopen(new_state.cwd, mode);
@@ -536,7 +536,7 @@
int ret;
CWD_STATE_COPY(new_state, CWDG(cwd));
- virtual_file_ex(new_state, pathname, NULL);
+ virtual_file_ex(new_state, pathname, NULL, 1);
ret = access(new_state.cwd, mode);
@@ -554,7 +554,7 @@
int ret;
CWD_STATE_COPY(new_state, CWDG(cwd));
- virtual_file_ex(new_state, filename, NULL);
+ virtual_file_ex(new_state, filename, NULL, 0);
ret = utime(new_state.cwd, buf);
@@ -569,7 +569,7 @@
int ret;
CWD_STATE_COPY(new_state, CWDG(cwd));
- virtual_file_ex(new_state, filename, NULL);
+ virtual_file_ex(new_state, filename, NULL, 1);
ret = chmod(new_state.cwd, mode);
@@ -584,7 +584,7 @@
int ret;
CWD_STATE_COPY(new_state, CWDG(cwd));
- virtual_file_ex(new_state, filename, NULL);
+ virtual_file_ex(new_state,
[PHP-CVS] cvs: php4 /main fopen_wrappers.c
rasmus Sat Sep 28 12:10:43 2002 EDT
Modified files:
/php4/main fopen_wrappers.c
Log:
Probable fix for bug #19292
Index: php4/main/fopen_wrappers.c
diff -u php4/main/fopen_wrappers.c:1.148 php4/main/fopen_wrappers.c:1.149
--- php4/main/fopen_wrappers.c:1.148Sun Sep 22 14:30:38 2002
+++ php4/main/fopen_wrappers.c Sat Sep 28 12:10:43 2002
@@ -16,7 +16,7 @@
| Jim Winstead [EMAIL PROTECTED] |
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.148 2002/09/22 18:30:38 iliaa Exp $ */
+/* $Id: fopen_wrappers.c,v 1.149 2002/09/28 16:10:43 rasmus Exp $ */
/* {{{ includes
*/
@@ -199,8 +199,8 @@
*/
PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC)
{
- /* Only check when safe_mode on and safe_mode_include_dir is available */
- if (PG(safe_mode) PG(safe_mode_include_dir)
+ /* Only check when safe_mode or open_basedir is on and safe_mode_include_dir
+is available */
+ if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode))
+PG(safe_mode_include_dir)
*PG(safe_mode_include_dir))
{
char *pathbuf;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
