Fixed bug #42952 (soap cache file is created with insecure permissions)

1 files changed, 11 insertions, 3 deletions

diff --git a/ext/soap/php_sdl.c b/ext/soap/php_sdl.c
index b02629a437..6817ce7833 100644
--- a/ext/soap/php_sdl.c
+++ b/ext/soap/php_sdl.c
@@ -2015,7 +2015,7 @@ static void add_sdl_to_cache(const char *fn, const char *uri, time_t t, sdlPtr s
 #ifdef ZEND_WIN32
 	f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
 #else
-	f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE|S_IROTH|S_IWOTH|S_IRGRP|S_IWGRP);
+	f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
 #endif
 	if (f < 0) {return;}
 
@@ -3117,16 +3117,24 @@ sdlPtr get_sdl(zval *this_ptr, char *uri, long cache_wsdl TSRMLS_DC)
 		unsigned char digest[16];
 		int len = strlen(SOAP_GLOBAL(cache_dir));
 		time_t cached;
+		char *user = php_get_current_user();
+		int user_len = user ? strlen(user) + 1 : 0;
 
 		md5str[0] = '\0';
 		PHP_MD5Init(&context);
 		PHP_MD5Update(&context, (unsigned char*)uri, uri_len);
 		PHP_MD5Final(digest, &context);
 		make_digest(md5str, digest);
-		key = emalloc(len+sizeof("/wsdl-")-1+sizeof(md5str));
+		key = emalloc(len+sizeof("/wsdl-")-1+user_len+sizeof(md5str));
 		memcpy(key,SOAP_GLOBAL(cache_dir),len);
 		memcpy(key+len,"/wsdl-",sizeof("/wsdl-")-1);
-		memcpy(key+len+sizeof("/wsdl-")-1,md5str,sizeof(md5str));
+		len += sizeof("/wsdl-")-1;
+		if (user_len) {
+			memcpy(key+len, user, user_len-1);
+			len += user_len-1;
+			key[len++] = '-';
+		}
+		memcpy(key+len,md5str,sizeof(md5str));
 
 		if ((sdl = get_sdl_from_cache(key, uri, t-SOAP_GLOBAL(cache_ttl), &cached TSRMLS_CC)) != NULL) {
 			t = cached;