diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-19 14:22:24 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-04-20 10:56:36 +0200 |
commit | fa10abd6d75aeb9fde1f53cf80116e39577a4555 (patch) | |
tree | 4ff804b92d5b701b6131db3d8c5b3a5262899824 | |
parent | f62571c121ce2874858b5e7dd33642755ee9309c (diff) | |
download | php-git-fa10abd6d75aeb9fde1f53cf80116e39577a4555.tar.gz |
Fix #79491: Search for .user.ini extends up to root dir
The `start` parameter of `php_cgi_ini_activate_user_config` is supposed
to hold the byte offset of the doc root in the given `path`. However,
the current expression which fixes a potential type incompatibility
will ever only evaluate to zero or one, because it uses the *logical*
and operator (`&&`). Furthermore we notice that subtracting one from
`doc_root_len` is not necessary, so there is even no need for the
`start` parameter at all.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | sapi/cgi/cgi_main.c | 6 |
2 files changed, 6 insertions, 3 deletions
@@ -11,6 +11,9 @@ PHP NEWS . Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes). (cmb) +- FCGI: + . Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb) + - MBString: . Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported). (Girgias) diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index d6449ba228..8c8e1463d5 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -789,7 +789,7 @@ static void sapi_cgi_log_message(char *message, int syslog_type_int) /* {{{ php_cgi_ini_activate_user_config */ -static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len, int start) +static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len) { user_config_cache_entry *new_entry, *entry; time_t request_time = (time_t)sapi_get_request_time(); @@ -842,7 +842,7 @@ static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const #else if (strncmp(s1, s2, s_len) == 0) { #endif - char *ptr = s2 + start; /* start is the point where doc_root ends! */ + char *ptr = s2 + doc_root_len; while ((ptr = strchr(ptr, DEFAULT_SLASH)) != NULL) { *ptr = 0; php_parse_user_ini_file(path, PG(user_ini_filename), entry->user_config); @@ -938,7 +938,7 @@ static int sapi_cgi_activate(void) doc_root = estrndup(doc_root, doc_root_len); zend_str_tolower(doc_root, doc_root_len); #endif - php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len, (doc_root_len > 0 && (doc_root_len - 1))); + php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len); #ifdef PHP_WIN32 efree(doc_root); |