RE: [PHP-CVS] cvs: php-src /ext/standard dir.c
It seems you've broken ext/standard/tests/file/bug41655_1.phpt Thanks. Dmitry. -Original Message- From: Ilia Alshanetsky [mailto:[EMAIL PROTECTED] Sent: Thursday, September 20, 2007 2:40 AM To: php-cvs@lists.php.net Subject: [PHP-CVS] cvs: php-src /ext/standard dir.c iliaa Wed Sep 19 22:40:02 2007 UTC Modified files: /php-src/ext/standard dir.c Log: MFB: Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*' http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1. 169r2=1.170diff_format=u Index: php-src/ext/standard/dir.c diff -u php-src/ext/standard/dir.c:1.169 php-src/ext/standard/dir.c:1.170 --- php-src/ext/standard/dir.c:1.169 Wed Sep 5 12:55:36 2007 +++ php-src/ext/standard/dir.cWed Sep 19 22:40:02 2007 @@ -16,7 +16,7 @@ +- -+ */ -/* $Id: dir.c,v 1.169 2007/09/05 12:55:36 iliaa Exp $ */ +/* $Id: dir.c,v 1.170 2007/09/19 22:40:02 iliaa Exp $ */ /* {{{ includes/startup/misc */ @@ -421,6 +421,7 @@ glob_t globbuf; unsigned int n; int ret; + zend_bool basedir_limit = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|l, pppattern, flags) == FAILURE || php_stream_path_param_encode(pppattern, pattern, pattern_len, REPORT_ERRORS, FG(default_context)) == FAILURE) { @@ -455,18 +456,6 @@ } #endif - if (PG(open_basedir) *PG(open_basedir)) { - int pattern_len = strlen(pattern); - char *basename = estrndup(pattern, pattern_len); - - php_dirname(basename, pattern_len); - if (php_check_open_basedir(basename TSRMLS_CC)) { - efree(basename); - RETURN_FALSE; - } - efree(basename); - } - memset(globbuf, 0, sizeof(glob_t)); globbuf.gl_offs = 0; if (0 != (ret = glob(pattern, flags GLOB_FLAGMASK, NULL, globbuf))) { @@ -480,8 +469,7 @@ can be used for simple glob() calls without further error checking. */ - array_init(return_value); - return; + goto no_results; } #endif RETURN_FALSE; @@ -489,12 +477,26 @@ /* now catch the FreeBSD style of no matches */ if (!globbuf.gl_pathc || !globbuf.gl_pathv) { +no_results: + if (PG(open_basedir) *PG(open_basedir)) { + struct stat s; + + if (0 != VCWD_STAT(pattern, s) || S_IFDIR != (s.st_mode S_IFMT)) { + RETURN_FALSE; + } + } array_init(return_value); return; } array_init(return_value); for (n = 0; n globbuf.gl_pathc; n++) { + if (PG(open_basedir) *PG(open_basedir)) { + if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { + basedir_limit = 1; + continue; + } + } /* we need to do this everytime since GLOB_ONLYDIR does not guarantee that * all directories will be filtered. GNU libc documentation states the * following: @@ -531,6 +533,11 @@ } globfree(globbuf); + + if (basedir_limit !zend_hash_num_elements(Z_ARRVAL_P(return_value))) { + zval_dtor(return_value); + RETURN_FALSE; + } } /* }}} */ #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/standard dir.c
On 9/20/07, Dmitry Stogov [EMAIL PROTECTED] wrote: It seems you've broken ext/standard/tests/file/bug41655_1.phpt The test has to be updated. The last fix seems to be the only way to actually fix what was reported in #41655 (one can test if a file exists outside open_basedir using glob) and to do not break old applications: having glob returning false (error). We can introduce again the warning but it may defeat again the main purpose of this fix. Cheers, --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/standard dir.c /ext/standard/tests/file bug41655_1.phpt
Hi Dmitry, On 6/25/07, Dmitry Stogov [EMAIL PROTECTED] wrote: dmitry Mon Jun 25 08:40:37 2007 UTC Modified files: /php-src/ext/standard dir.c /php-src/ext/standard/tests/filebug41655_1.phpt Log: Better fix for bug #41655 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.163r2=1.164diff_format=u Index: php-src/ext/standard/dir.c diff -u php-src/ext/standard/dir.c:1.163 php-src/ext/standard/dir.c:1.164 --- php-src/ext/standard/dir.c:1.163Tue Jun 12 13:42:04 2007 +++ php-src/ext/standard/dir.c Mon Jun 25 08:40:36 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: dir.c,v 1.163 2007/06/12 13:42:04 scottmac Exp $ */ +/* $Id: dir.c,v 1.164 2007/06/25 08:40:36 dmitry Exp $ */ /* {{{ includes/startup/misc */ @@ -423,16 +423,15 @@ #endif if (PG(open_basedir) *PG(open_basedir)) { - size_t base_len = php_dirname(pattern, strlen(pattern)); - char pos = pattern[base_len]; - - pattern[base_len] = '\0'; - + int pattern_len = strlen(pattern); + char *basename = estrndup(pattern, pattern_len); + + php_dirname(basename, pattern_len); Why is it a better fix? In these versions (head and 5.2), we don't need to duplicate the pattern. I applied in 4.4 as dirname modifies the pattern. Cheers, --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-CVS] cvs: php-src /ext/standard dir.c /ext/standard/tests/file bug41655_1.phpt
/php-src/ext/standard/tests/file/bug41655_2.phpt was broken because pattern was truncated by php_dirname(). Dmitry. -Original Message- From: Pierre [mailto:[EMAIL PROTECTED] Sent: Monday, June 25, 2007 12:52 PM To: Dmitry Stogov Cc: php-cvs@lists.php.net Subject: Re: [PHP-CVS] cvs: php-src /ext/standard dir.c /ext/standard/tests/file bug41655_1.phpt Hi Dmitry, On 6/25/07, Dmitry Stogov [EMAIL PROTECTED] wrote: dmitry Mon Jun 25 08:40:37 2007 UTC Modified files: /php-src/ext/standard dir.c /php-src/ext/standard/tests/filebug41655_1.phpt Log: Better fix for bug #41655 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.163r2=1 .164diff_format=u Index: php-src/ext/standard/dir.c diff -u php-src/ext/standard/dir.c:1.163 php-src/ext/standard/dir.c:1.164 --- php-src/ext/standard/dir.c:1.163Tue Jun 12 13:42:04 2007 +++ php-src/ext/standard/dir.c Mon Jun 25 08:40:36 2007 @@ -16,7 +16,7 @@ +- -+ */ -/* $Id: dir.c,v 1.163 2007/06/12 13:42:04 scottmac Exp $ */ +/* $Id: dir.c,v 1.164 2007/06/25 08:40:36 dmitry Exp $ */ /* {{{ includes/startup/misc */ @@ -423,16 +423,15 @@ #endif if (PG(open_basedir) *PG(open_basedir)) { - size_t base_len = php_dirname(pattern, strlen(pattern)); - char pos = pattern[base_len]; - - pattern[base_len] = '\0'; - + int pattern_len = strlen(pattern); + char *basename = estrndup(pattern, pattern_len); + + php_dirname(basename, pattern_len); Why is it a better fix? In these versions (head and 5.2), we don't need to duplicate the pattern. I applied in 4.4 as dirname modifies the pattern. Cheers, --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php