diff options
| author | Erik Lax <erik@datahack.se> | 2018-05-01 18:16:53 +0200 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2018-05-18 17:15:22 +0100 |
| commit | d6bc266ba057743f18a95c1727493f161257fe41 (patch) | |
| tree | 7064f79f81a99f495ab16dff8084a7507eb7508d | |
| parent | b2429259af2d16894121066962410834f0565cbe (diff) | |
| download | php-git-d6bc266ba057743f18a95c1727493f161257fe41.tar.gz | |
Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
| -rw-r--r-- | ext/openssl/openssl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 7651e64da6..e6eeedbf55 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -3785,6 +3785,9 @@ static EVP_PKEY * php_openssl_evp_from_zval( if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) { filename = Z_STRVAL_P(val) + (sizeof("file://") - 1); + if (php_openssl_open_base_dir_chk(filename)) { + TMP_CLEAN; + } } /* it's an X509 file/cert of some kind, and we need to extract the data from that */ if (public_key) { @@ -3811,9 +3814,6 @@ static EVP_PKEY * php_openssl_evp_from_zval( BIO *in; if (filename) { - if (php_openssl_open_base_dir_chk(filename)) { - TMP_CLEAN; - } in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY)); } else { in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val)); |