summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristoph M. Becker <cmbecker69@gmx.de>2020-04-19 14:22:24 +0200
committerChristoph M. Becker <cmbecker69@gmx.de>2020-04-20 10:56:36 +0200
commitfa10abd6d75aeb9fde1f53cf80116e39577a4555 (patch)
tree4ff804b92d5b701b6131db3d8c5b3a5262899824
parentf62571c121ce2874858b5e7dd33642755ee9309c (diff)
downloadphp-git-fa10abd6d75aeb9fde1f53cf80116e39577a4555.tar.gz
Fix #79491: Search for .user.ini extends up to root dir
The `start` parameter of `php_cgi_ini_activate_user_config` is supposed to hold the byte offset of the doc root in the given `path`. However, the current expression which fixes a potential type incompatibility will ever only evaluate to zero or one, because it uses the *logical* and operator (`&&`). Furthermore we notice that subtracting one from `doc_root_len` is not necessary, so there is even no need for the `start` parameter at all.
-rw-r--r--NEWS3
-rw-r--r--sapi/cgi/cgi_main.c6
2 files changed, 6 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index 8f00881b29..84b0a46b1a 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ PHP NEWS
. Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
(cmb)
+- FCGI:
+ . Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
+
- MBString:
. Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
(Girgias)
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index d6449ba228..8c8e1463d5 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -789,7 +789,7 @@ static void sapi_cgi_log_message(char *message, int syslog_type_int)
/* {{{ php_cgi_ini_activate_user_config
*/
-static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len, int start)
+static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len)
{
user_config_cache_entry *new_entry, *entry;
time_t request_time = (time_t)sapi_get_request_time();
@@ -842,7 +842,7 @@ static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const
#else
if (strncmp(s1, s2, s_len) == 0) {
#endif
- char *ptr = s2 + start; /* start is the point where doc_root ends! */
+ char *ptr = s2 + doc_root_len;
while ((ptr = strchr(ptr, DEFAULT_SLASH)) != NULL) {
*ptr = 0;
php_parse_user_ini_file(path, PG(user_ini_filename), entry->user_config);
@@ -938,7 +938,7 @@ static int sapi_cgi_activate(void)
doc_root = estrndup(doc_root, doc_root_len);
zend_str_tolower(doc_root, doc_root_len);
#endif
- php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len, (doc_root_len > 0 && (doc_root_len - 1)));
+ php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len);
#ifdef PHP_WIN32
efree(doc_root);