pajoye Wed Mar 14 11:08:58 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src NEWS
/php-src/ext/zip zip_stream.c php_zip.c php_zip.h
Log:
- rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without
confusing in head without confusion)
- Add safemode and open basedir checks in zip:// wrapper (revert Ilia's
patch). Bug found by Stefan Esser in his MOPB-20-2007
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.587&r2=1.2027.2.547.2.588&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.587 php-src/NEWS:1.2027.2.547.2.588
--- php-src/NEWS:1.2027.2.547.2.587 Mon Mar 12 16:59:51 2007
+++ php-src/NEWS Wed Mar 14 11:08:57 2007
@@ -14,6 +14,7 @@
. Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
- Added --ri switch to CLI which allows to check extension information.
(Marcus)
- Added tidyNode::getParent() method (John, Nuno)
+- Added openbasedir and safemode checks in zip:// stream wrapper (Pierre)
- Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
- Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
- Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/zip_stream.c?r1=1.1.2.4&r2=1.1.2.5&diff_format=u
Index: php-src/ext/zip/zip_stream.c
diff -u php-src/ext/zip/zip_stream.c:1.1.2.4
php-src/ext/zip/zip_stream.c:1.1.2.5
--- php-src/ext/zip/zip_stream.c:1.1.2.4 Wed Mar 14 03:50:18 2007
+++ php-src/ext/zip/zip_stream.c Wed Mar 14 11:08:57 2007
@@ -1,4 +1,4 @@
-/* $Id: zip_stream.c,v 1.1.2.4 2007/03/14 03:50:18 iliaa Exp $ */
+/* $Id: zip_stream.c,v 1.1.2.5 2007/03/14 11:08:57 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
@@ -12,6 +12,7 @@
#include "ext/standard/file.h"
#include "ext/standard/php_string.h"
#include "fopen_wrappers.h"
+#include "php_zip.h"
#include "ext/standard/url.h"
@@ -112,7 +113,7 @@
}
if (filename) {
- if ((PG(safe_mode) && (!php_checkuid(filename, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) {
+ if (OPENBASEDIR_CHECKPATH(filename)) {
return NULL;
}
@@ -193,7 +194,7 @@
php_basename(path, path_len - fragment_len, NULL, 0, &file_basename,
&file_basename_len TSRMLS_CC);
fragment++;
- if ((PG(safe_mode) && (!php_checkuid(file_dirname, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file_dirname
TSRMLS_CC)) {
+ if (OPENBASEDIR_CHECKPATH(file_dirname)) {
efree(file_basename);
return NULL;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.27&r2=1.1.2.28&diff_format=u
Index: php-src/ext/zip/php_zip.c
diff -u php-src/ext/zip/php_zip.c:1.1.2.27 php-src/ext/zip/php_zip.c:1.1.2.28
--- php-src/ext/zip/php_zip.c:1.1.2.27 Mon Jan 29 15:25:06 2007
+++ php-src/ext/zip/php_zip.c Wed Mar 14 11:08:57 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_zip.c,v 1.1.2.27 2007/01/29 15:25:06 pajoye Exp $ */
+/* $Id: php_zip.c,v 1.1.2.28 2007/03/14 11:08:57 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -49,11 +49,6 @@
#define le_zip_entry_name "Zip Entry"
/* }}} */
-/* {{{ SAFEMODE_CHECKFILE(filename) */
-#define SAFEMODE_CHECKFILE(filename) \
- (PG(safe_mode) && (!php_checkuid(filename, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
-/* }}} */
-
/* {{{ PHP_ZIP_STAT_INDEX(za, index, flags, sb) */
#define PHP_ZIP_STAT_INDEX(za, index, flags, sb) \
if (zip_stat_index(za, index, flags, &sb) != 0) { \
@@ -127,7 +122,7 @@
php_basename(file, file_len, NULL, 0, &file_basename, (unsigned
int *)&file_basename_len TSRMLS_CC);
- if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) {
+ if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
efree(file_dirname_fullpath);
efree(file_basename);
return 0;
@@ -164,7 +159,7 @@
* is required, does a file can have a different
* safemode status as its parent folder?
*/
- if (SAFEMODE_CHECKFILE(fullpath)) {
+ if (OPENBASEDIR_CHECKPATH(fullpath)) {
efree(file_dirname_fullpath);
efree(file_basename);
return 0;
@@ -627,7 +622,7 @@
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename,
&filename_len) == FAILURE) {
return;
}
- if (SAFEMODE_CHECKFILE(filename)) {
+ if (OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -1032,7 +1027,7 @@
entry_name_len = filename_len;
}
- if (SAFEMODE_CHECKFILE(filename)) {
+ if (OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -2016,7 +2011,7 @@
php_info_print_table_start();
php_info_print_table_row(2, "Zip", "enabled");
- php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v
1.1.2.27 2007/01/29 15:25:06 pajoye Exp $");
+ php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v
1.1.2.28 2007/03/14 11:08:57 pajoye Exp $");
php_info_print_table_row(2, "Zip version", "2.0.0");
php_info_print_table_row(2, "Libzip version", "0.7.1");
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.h?r1=1.10.2.2&r2=1.10.2.3&diff_format=u
Index: php-src/ext/zip/php_zip.h
diff -u php-src/ext/zip/php_zip.h:1.10.2.2 php-src/ext/zip/php_zip.h:1.10.2.3
--- php-src/ext/zip/php_zip.h:1.10.2.2 Mon Jan 1 09:36:10 2007
+++ php-src/ext/zip/php_zip.h Wed Mar 14 11:08:57 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_zip.h,v 1.10.2.2 2007/01/01 09:36:10 sebastian Exp $ */
+/* $Id: php_zip.h,v 1.10.2.3 2007/03/14 11:08:57 pajoye Exp $ */
#ifndef PHP_ZIP_H
#define PHP_ZIP_H
@@ -30,6 +30,16 @@
#include "lib/zip.h"
+/* {{{ OPENBASEDIR_CHECKPATH(filename) */
+#if (PHP_MAJOR_VERSION < 6)
+#define OPENBASEDIR_CHECKPATH(filename) \
+ (PG(safe_mode) && (!php_checkuid(filename, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
+#else
+#define OPENBASEDIR_CHECKPATH(filename) \
+ php_check_open_basedir(filename TSRMLS_CC)
+#endif
+/* }}} */
+
typedef struct _ze_zip_rsrc {
struct zip *za;
int index_current;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
