[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/main/ fopen_wrappers.c
laruence Tue, 09 Aug 2011 13:04:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=314645 Log: Fixed built (missing 2nd arg for strncpy) Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-08-09 12:34:15 UTC (rev 314644) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-08-09 13:04:35 UTC (rev 314645) @@ -473,7 +473,7 @@ if (IS_SLASH(path_info[0])) { length--; } - strncpy(filename + length, path_len + 1); + strncpy(filename + length, path_info, path_len + 1); } } else { filename = SG(request_info).path_translated; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 18 Jan 2011 22:20:09 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307563 Log: - fix regression introduced in 5.3.4 in open_basedir on windows/novell with trailing fwd slash Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-01-18 19:56:09 UTC (rev 307562) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-01-18 22:20:09 UTC (rev 307563) @@ -229,7 +229,11 @@ if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); +#if defined(PHP_WIN32) || defined(NETWARE) + if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') { +#else if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { +#endif if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2011-01-18 19:56:09 UTC (rev 307562) +++ php/php-src/trunk/main/fopen_wrappers.c 2011-01-18 22:20:09 UTC (rev 307563) @@ -228,7 +228,11 @@ if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); +#if defined(PHP_WIN32) || defined(NETWARE) + if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR || basedir[strlen(basedir) - 1] == '/') { +#else if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { +#endif if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 23 Nov 2010 22:14:54 + Revision: http://svn.php.net/viewvc?view=revisionrevision=305698 Log: - fixed #53352 Bug: http://bugs.php.net/53352 (Assigned) open_basedir does not pass through files with matching path Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-11-23 21:49:18 UTC (rev 305697) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-11-23 22:14:54 UTC (rev 305698) @@ -234,6 +234,9 @@ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } + } else { + resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR; + resolved_basedir[resolved_basedir_len] = '\0'; } resolved_name_len = strlen(resolved_name); @@ -251,7 +254,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2010-11-23 21:49:18 UTC (rev 305697) +++ php/php-src/trunk/main/fopen_wrappers.c 2010-11-23 22:14:54 UTC (rev 305698) @@ -233,6 +233,9 @@ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } + } else { + resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR; + resolved_basedir[resolved_basedir_len] = '\0'; } resolved_name_len = strlen(resolved_name); @@ -250,7 +253,7 @@ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif if (resolved_name_len resolved_basedir_len - resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { return -1; } else { /* File is in the right directory */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c trunk/main/fopen_wrappers.c
pajoye Tue, 28 Sep 2010 13:29:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=303824 Log: - Fixed possible flaw in open_basedir (CVE-2010-3436) Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/trunk/main/fopen_wrappers.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev 303823) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev 303824) @@ -250,8 +250,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len resolved_basedir_len + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { /* /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { Modified: php/php-src/trunk/main/fopen_wrappers.c === --- php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:28:55 UTC (rev 303823) +++ php/php-src/trunk/main/fopen_wrappers.c 2010-09-28 13:29:33 UTC (rev 303824) @@ -249,8 +249,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - /* File is in the right directory */ - return 0; + if (resolved_name_len resolved_basedir_len + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + /* File is in the right directory */ + return 0; + } } else { /* /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/fopen_wrappers.c branches/PHP_5_3/sapi/cgi/cgi_main.c trunk/main/fopen_wrappers.c trunk/sapi/cgi/cgi_main.c
jani Thu, 10 Sep 2009 16:19:42 + Revision: http://svn.php.net/viewvc?view=revisionrevision=288246 Log: - Simplified a bit and fixed possible memory corruption and definate leak. Changed paths: U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c U php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c U php/php-src/trunk/main/fopen_wrappers.c U php/php-src/trunk/sapi/cgi/cgi_main.c Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c === --- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2009-09-10 15:05:49 UTC (rev 288245) +++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2009-09-10 16:19:42 UTC (rev 288246) @@ -485,6 +485,7 @@ file_handle-opened_path = expand_filepath(filename, NULL TSRMLS_CC); + STR_FREE(SG(request_info).path_translated); /* for same reason as above */ SG(request_info).path_translated = filename; file_handle-filename = SG(request_info).path_translated; Modified: php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c === --- php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c2009-09-10 15:05:49 UTC (rev 288245) +++ php/php-src/branches/PHP_5_3/sapi/cgi/cgi_main.c2009-09-10 16:19:42 UTC (rev 288246) @@ -1280,9 +1280,6 @@ if (pt) { efree(pt); } - if (is_valid_path(script_path_translated)) { - SG(request_info).path_translated = estrdup(script_path_translated); - } } else { /* make sure path_info/translated are empty */ if (!orig_script_filename || @@ -1311,9 +1308,6 @@ } else { SG(request_info).request_uri = env_script_name; } - if (is_valid_path(script_path_translated)) { - SG(request_info).path_translated = estrdup(script_path_translated); - } free(real_path); } } else { @@ -1326,11 +1320,12 @@ if (!CGIG(discard_path) env_path_translated) { script_path_translated = env_path_translated; } - if (is_valid_path(script_path_translated)) { - SG(request_info).path_translated = estrdup(script_path_translated); - } } + if (is_valid_path(script_path_translated)) { + SG(request_info).path_translated = estrdup(script_path_translated); + } + SG(request_info).request_method = sapi_cgibin_getenv(REQUEST_METHOD, sizeof(REQUEST_METHOD)-1 TSRMLS_CC); /* FIXME - Work out proto_num here */ SG(request_info).query_string = sapi_cgibin_getenv(QUERY_STRING, sizeof(QUERY_STRING)-1 TSRMLS_CC); @@ -2131,26 +2126,14 @@ fastcgi_request_done: { - char *path_translated; + STR_FREE(SG(request_info).path_translated); - /* Go through this trouble so that the memory manager doesn't warn -* about SG(request_info).path_translated leaking -*/ - if (SG(request_info).path_translated) { - path_translated = strdup(SG(request_info).path_translated); - STR_FREE(SG(request_info).path_translated); - SG(request_info).path_translated = path_translated; - } - php_request_shutdown((void *) 0); + if (exit_status == 0) { exit_status = EG(exit_status); } - if (SG(request_info).path_translated) { - free(SG(request_info).path_translated); - SG(request_info).path_translated = NULL; - } if (free_query_string SG(request_info).query_string) { free(SG(request_info).query_string); SG(request_info).query_string = NULL; Modified: php/php-src/trunk/main/fopen_wrappers.c === ---