pajoye Thu, 04 Feb 2010 09:40:38 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=294515
Log: - Fixed a possible open_basedir/safe_mode bypass in session extension Changed paths: _U php/php-src/branches/PHP_5_3_2/ U php/php-src/branches/PHP_5_3_2/ext/session/session.c _U php/php-src/branches/PHP_5_3_2/ext/tidy/tests/ _U php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt Property changes on: php/php-src/branches/PHP_5_3_2 ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278 /php/php-src/trunk:284726 + /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278 /php/php-src/trunk:284726 Modified: php/php-src/branches/PHP_5_3_2/ext/session/session.c =================================================================== --- php/php-src/branches/PHP_5_3_2/ext/session/session.c 2010-02-04 09:37:38 UTC (rev 294514) +++ php/php-src/branches/PHP_5_3_2/ext/session/session.c 2010-02-04 09:40:38 UTC (rev 294515) @@ -687,8 +687,13 @@ return FAILURE; } - if ((p = zend_memrchr(new_value, ';', new_value_length))) { + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } } else { p = new_value; } Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278 /php/php-src/trunk/ext/tidy/tests:284726,287798-287941 + /php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278 /php/php-src/trunk/ext/tidy/tests:284726,287798-287941 Property changes on: php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278 /php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951 + /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278 /php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php