[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 18 Jan 2011 22:20:09 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307563 Log: - fix regression introduced in 5.3.4 in open_basedir on windows/novell with trailing fwd slash Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-01-18 19:56:09 UTC (rev 307562) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-01-18 22:20:09 UTC (rev 307563) @@ -229,7 +229,11 @@ if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); +#if defined(PHP_WIN32) || defined(NETWARE) + if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') { +#else if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { +#endif if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2011-01-18 19:56:09 UTC (rev 307562) +++ php/php-src/trunk/main/fopen_wrappers.c 2011-01-18 22:20:09 UTC (rev 307563) @@ -228,7 +228,11 @@ if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); +#if defined(PHP_WIN32) || defined(NETWARE) + if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') { +#else if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { +#endif if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 23 Nov 2010 22:14:54 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305698 Log: - fixed #53352 Bug: http://bugs.php.net/53352 (Assigned) open_basedir does not pass through files with matching path Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-11-23 21:49:18 UTC (rev 305697) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-11-23 22:14:54 UTC (rev 305698) @@ -234,6 +234,9 @@ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } + } else { + resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR; + resolved_basedir[resolved_basedir_len] = '\0'; } resolved_name_len = strlen(resolved_name); @@ -251,7 +254,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2010-11-23 21:49:18 UTC (rev 305697) +++ php/php-src/trunk/main/fopen_wrappers.c 2010-11-23 22:14:54 UTC (rev 305698) @@ -233,6 +233,9 @@ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } + } else { + resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR; + resolved_basedir[resolved_basedir_len] = '\0'; } resolved_name_len = strlen(resolved_name); @@ -250,7 +253,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 28 Sep 2010 13:29:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303824 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev 303823) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev 303824) @@ -250,8 +250,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len resolved_basedir_len + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { /* /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev 303823) +++ php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev 303824) @@ -249,8 +249,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len resolved_basedir_len + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { /* /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php