diff options
| author | Pierre Joye <pajoye@php.net> | 2007-06-22 12:28:06 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2007-06-22 12:28:06 +0000 |
| commit | 7869d9d068e1f35f07f06aa824914ae3a664752a (patch) | |
| tree | f524b217451747b4f4b7b12a609a41b38f7b0edb | |
| parent | 60588cbdd55005012e68d3794b46782e87a9bda4 (diff) | |
| download | php-git-7869d9d068e1f35f07f06aa824914ae3a664752a.tar.gz | |
- fix build
- fix regression in glob introduced by #41655 fix and add test cases
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/standard/dir.c | 15 | ||||
| -rw-r--r-- | ext/standard/tests/file/bug41655_1.phpt | 10 | ||||
| -rw-r--r-- | ext/standard/tests/file/bug41655_2.phpt | 16 |
4 files changed, 35 insertions, 8 deletions
@@ -5,6 +5,8 @@ PHP 4 NEWS - Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner. (Ilia) - Fixed integer overlow in str[c]spn(). (Stas) +- Fixed regression in glob when open_basedir is on introduced by #41655 fix + (Pierre) - Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia) - Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007. (Stas) diff --git a/ext/standard/dir.c b/ext/standard/dir.c index fd1fac5c51..7a28b5c8ed 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -384,19 +384,18 @@ PHP_FUNCTION(glob) #endif if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { - size_t base_len = php_dirname(pattern, strlen(pattern)); - char pos = pattern[base_len]; + char *dirname = estrdup(pattern); + php_dirname(dirname, strlen(dirname)); - pattern[base_len] = '\0'; - - if (PG(safe_mode) && (!php_checkuid(pattern, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (PG(safe_mode) && (!php_checkuid(dirname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + efree(dirname); RETURN_FALSE; } - if (php_check_open_basedir(pattern TSRMLS_CC)) { + if (php_check_open_basedir(dirname TSRMLS_CC)) { + efree(dirname); RETURN_FALSE; } - - pattern[base_len] = pos; + efree(dirname); } globbuf.gl_offs = 0; diff --git a/ext/standard/tests/file/bug41655_1.phpt b/ext/standard/tests/file/bug41655_1.phpt new file mode 100644 index 0000000000..9b047bcace --- /dev/null +++ b/ext/standard/tests/file/bug41655_1.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #41655: open_basedir bypass via glob() +--INI-- +open_basedir=/tmp +--FILE-- +<?php + $a=glob("./*.jpeg"); +?> +--EXPECTF-- +Warning: glob() [%s]: open_basedir restriction in effect. File(.) is not within the allowed path(s): (/tmp) in %s on line %d diff --git a/ext/standard/tests/file/bug41655_2.phpt b/ext/standard/tests/file/bug41655_2.phpt new file mode 100644 index 0000000000..a675d599a1 --- /dev/null +++ b/ext/standard/tests/file/bug41655_2.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #41655: open_basedir bypass via glob() +--INI-- +open_basedir=/ +--FILE-- +<?php + $dir = dirname(__FILE__); + $a=glob($dir . "/bug41655*.*"); + print_r($a); +?> +--EXPECTF-- +Array +( + [%d] => %sbug41655_1.phpt + [%d] => %sbug41655_2.phpt +) |