Added missing validation checks around expand_filepath()

1 files changed, 10 insertions, 9 deletions

diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c
index 8408d619d9..8738938f1f 100755
--- a/ext/com_dotnet/com_persist.c
+++ b/ext/com_dotnet/com_persist.c
@@ -390,15 +390,16 @@ CPH_METHOD(SaveToFile)
 
 		if (filename) {
 			fullpath = expand_filepath(filename, NULL TSRMLS_CC);
-	
-			if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+			if (!fullpath) {
 				RETURN_FALSE;
 			}
-
-			if (php_check_open_basedir(fullpath TSRMLS_CC)) {
+	
+			if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || 
+					php_check_open_basedir(fullpath TSRMLS_CC)) {
+				efree(fullpath);
 				RETURN_FALSE;
 			}
-			
+
 			olefilename = php_com_string_to_olestring(filename, strlen(fullpath), helper->codepage TSRMLS_CC);
 			efree(fullpath);
 		}
@@ -452,13 +453,13 @@ CPH_METHOD(LoadFromFile)
 			return;
 		}
 
-		fullpath = expand_filepath(filename, NULL TSRMLS_CC);
-
-		if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+		if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
 			RETURN_FALSE;
 		}
 
-		if (php_check_open_basedir(fullpath TSRMLS_CC)) {
+		if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) ||
+				php_check_open_basedir(fullpath TSRMLS_CC)) {
+			efree(fullpath);
 			RETURN_FALSE;
 		}