diff options
| author | Andrey Hristov <andrey@php.net> | 2014-04-14 23:11:01 +0300 |
|---|---|---|
| committer | Andrey Hristov <andrey@php.net> | 2014-04-14 23:11:01 +0300 |
| commit | f1c70fbbd6fdcabf004ee3fc074c3d36cf27f19d (patch) | |
| tree | cd21583a00e398984f76c466c4a23e942f66ca52 /ext/session/mod_files.c | |
| parent | 0705bfc3a3519f628008721f187f6b3439a119fe (diff) | |
| parent | 8bf77370e9536cd865a9b670a2f4701bf7a3be3e (diff) | |
| download | php-git-f1c70fbbd6fdcabf004ee3fc074c3d36cf27f19d.tar.gz | |
Merge branch 'master' of git.php.net:php-src
Diffstat (limited to 'ext/session/mod_files.c')
| -rw-r--r-- | ext/session/mod_files.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 47140436e7..76f5d4c7c6 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -115,6 +115,7 @@ static void ps_files_close(ps_files *data) static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) { char buf[MAXPATHLEN]; + struct stat sbuf; if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) { if (data->lastkey) { @@ -134,26 +135,28 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) } data->lastkey = estrdup(key); - - data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); + + /* O_NOFOLLOW to prevent us from following evil symlinks */ +#ifdef O_NOFOLLOW + data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode); +#else + /* Check to make sure that the opened file is not outside of allowable dirs. + This is not 100% safe but it's hard to do something better without O_NOFOLLOW */ + if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { + return; + } + data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); +#endif if (data->fd != -1) { #ifndef PHP_WIN32 - /* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */ - if (PG(open_basedir)) { - struct stat sbuf; - - if (fstat(data->fd, &sbuf)) { - close(data->fd); - data->fd = -1; - return; - } - if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { - close(data->fd); - data->fd = -1; - return; - } - } + /* check that this session file was created by us or root – we + don't want to end up accepting the sessions of another webapp */ + if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) { + close(data->fd); + data->fd = -1; + return; + } #endif flock(data->fd, LOCK_EX); |