From 38553e853b65eb84f919e4f5c5b9e702f1842b62 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Fri, 9 Sep 2016 11:30:33 +0900 Subject: Fixed Bug #68015 Session does not report invalid uid for files save handler --- ext/session/mod_files.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'ext/session/mod_files.c') diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 7e373812d7..80eb658c11 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -138,6 +138,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) } if (!ps_files_path_create(buf, sizeof(buf), data, key)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session data file path. Too short session ID, invalid save_path or path lentgth exceeds MAXPATHLEN(%d)", MAXPATHLEN); return; } @@ -147,7 +148,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) #ifdef O_NOFOLLOW data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode); #else - /* Check to make sure that the opened file is not outside of allowable dirs. + /* Check to make sure that the opened file is not outside of allowable dirs. This is not 100% safe but it's hard to do something better without O_NOFOLLOW */ if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { return; @@ -162,6 +163,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) { close(data->fd); data->fd = -1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session data file is not created by your uid"); return; } #endif -- cgit v1.2.1