open_basedir_parse_ini_file.phpt

Pierre Joye Thu, 04 Feb 2010 01:40:54 -0800

pajoye                                   Thu, 04 Feb 2010 09:40:38 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=294515


Log:
- Fixed a possible open_basedir/safe_mode bypass in session extension

Changed paths:
    _U  php/php-src/branches/PHP_5_3_2/
    U   php/php-src/branches/PHP_5_3_2/ext/session/session.c
    _U  php/php-src/branches/PHP_5_3_2/ext/tidy/tests/
    _U  
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt


Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278
/php/php-src/trunk:284726
   + 
/php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_2/ext/session/session.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/session/session.c        2010-02-04 
09:37:38 UTC (rev 294514)
+++ php/php-src/branches/PHP_5_3_2/ext/session/session.c        2010-02-04 
09:40:38 UTC (rev 294515)
@@ -687,8 +687,13 @@
                        return FAILURE;
                }

-               if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+               /* we do not use zend_memrchr() since path can contain ; itself 
*/
+               if ((p = strchr(new_value, ';'))) {
+                       char *p2;
                        p++;
+                       if ((p2 = strchr(p, ';'))) {
+                               p = p2 + 1;
+                       }
                } else {
                        p = new_value;
                }


Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
   + 
/php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941


Property changes on: 
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
   - 
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294278
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
   + 
/php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] svn: /php/php-src/branches/PHP_5_3_2/ ext/session/session.c tests/security/open_basedir_parse_ini_file.phpt

Reply via email to