diff options
| author | Jakub Zelenka <bukka@php.net> | 2018-05-18 17:23:17 +0100 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2018-05-18 17:23:17 +0100 |
| commit | b027071688ef60e0c62cfa09d1e30c7121667632 (patch) | |
| tree | f3c16a8840667e794994e732f7f5f3fba60c800c | |
| parent | e470068293c925b3286574f51f2b93957b146145 (diff) | |
| parent | 33382dc7eef4714d6dc5fd2ed6db97bdba999e54 (diff) | |
| download | php-git-b027071688ef60e0c62cfa09d1e30c7121667632.tar.gz | |
Merge branch 'PHP-7.1' into PHP-7.2
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/openssl/openssl.c | 6 | ||||
| -rw-r--r-- | ext/openssl/tests/bug76296.phpt | 22 |
3 files changed, 29 insertions, 3 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters). (Anatol) +- OpenSSL: + . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir). + (Erik Lax, Jakub Zelenka) + - Standard: . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path). (Anatol) diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 524192a020..b681d61a57 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -3809,6 +3809,9 @@ static EVP_PKEY * php_openssl_evp_from_zval( if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) { filename = Z_STRVAL_P(val) + (sizeof("file://") - 1); + if (php_openssl_open_base_dir_chk(filename)) { + TMP_CLEAN; + } } /* it's an X509 file/cert of some kind, and we need to extract the data from that */ if (public_key) { @@ -3835,9 +3838,6 @@ static EVP_PKEY * php_openssl_evp_from_zval( BIO *in; if (filename) { - if (php_openssl_open_base_dir_chk(filename)) { - TMP_CLEAN; - } in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)); } else { in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); diff --git a/ext/openssl/tests/bug76296.phpt b/ext/openssl/tests/bug76296.phpt new file mode 100644 index 0000000000..7ab15dfbf3 --- /dev/null +++ b/ext/openssl/tests/bug76296.phpt @@ -0,0 +1,22 @@ +--TEST-- +Bug #76296 openssl_pkey_get_public does not respect open_basedir +--SKIPIF-- +<?php if (!extension_loaded("openssl")) print "skip"; ?> +--FILE-- +<?php +$dir = __DIR__ . '/bug76296_openbasedir'; +$pem = 'file://' . __DIR__ . '/public.key'; +if (!is_dir($dir)) { + mkdir($dir); +} + +ini_set('open_basedir', $dir); + +var_dump(openssl_pkey_get_public($pem)); +?> +--EXPECTF-- + +Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d +bool(false) +--CLEAN-- +@rmdir(__DIR__ . '/bug76296_openbasedir'); |