From d6bc266ba057743f18a95c1727493f161257fe41 Mon Sep 17 00:00:00 2001
From: Erik Lax <erik@datahack.se>
Date: Tue, 1 May 2018 18:16:53 +0200
Subject: Fix bug #76296 (openssl_pkey_get_public does not respect
 open_basedir)

---
 ext/openssl/openssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 7651e64da6..e6eeedbf55 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3785,6 +3785,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 
 		if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) {
 			filename = Z_STRVAL_P(val) + (sizeof("file://") - 1);
+			if (php_openssl_open_base_dir_chk(filename)) {
+				TMP_CLEAN;
+			}
 		}
 		/* it's an X509 file/cert of some kind, and we need to extract the data from that */
 		if (public_key) {
@@ -3811,9 +3814,6 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 			BIO *in;
 
 			if (filename) {
-				if (php_openssl_open_base_dir_chk(filename)) {
-					TMP_CLEAN;
-				}
 				in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 			} else {
 				in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));
-- 
cgit v1.2.1