archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

- rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without

Browse source 
confusing in head without confusion)
- Add safemode and open basedir checks in zip:// wrapper (revert Ilia's
  patch). Bug found by Stefan Esser in his MOPB-20-2007
This commit is contained in:
Pierre Joye 2007-03-14 11:08:57 +00:00
parent 4f5303ab92
commit 1c0b8e6f15
4 changed files with 18 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -14,6 +14,7 @@ PHP NEWS
. Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath(). . Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
- Added --ri switch to CLI which allows to check extension information. (Marcus) - Added --ri switch to CLI which allows to check extension information. (Marcus)
- Added tidyNode::getParent() method (John, Nuno) - Added tidyNode::getParent() method (John, Nuno)
- Added openbasedir and safemode checks in zip:// stream wrapper (Pierre)
- Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
- Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
- Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)

13
ext/zip/php_zip.c
View file

@ -49,11 +49,6 @@ static int le_zip_entry;
#define le_zip_entry_name "Zip Entry" #define le_zip_entry_name "Zip Entry"
/* }}} */ /* }}} */
/* {{{ SAFEMODE_CHECKFILE(filename) */
#define SAFEMODE_CHECKFILE(filename) \
(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
/* }}} */
/* {{{ PHP_ZIP_STAT_INDEX(za, index, flags, sb) */ /* {{{ PHP_ZIP_STAT_INDEX(za, index, flags, sb) */
#define PHP_ZIP_STAT_INDEX(za, index, flags, sb) \ #define PHP_ZIP_STAT_INDEX(za, index, flags, sb) \
if (zip_stat_index(za, index, flags, &sb) != 0) { \ if (zip_stat_index(za, index, flags, &sb) != 0) { \
@ -127,7 +122,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC); php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC);
if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) { if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
efree(file_dirname_fullpath); efree(file_dirname_fullpath);
efree(file_basename); efree(file_basename);
return 0; return 0;
@ -164,7 +159,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
* is required, does a file can have a different * is required, does a file can have a different
* safemode status as its parent folder? * safemode status as its parent folder?
*/ */
if (SAFEMODE_CHECKFILE(fullpath)) { if (OPENBASEDIR_CHECKPATH(fullpath)) {
efree(file_dirname_fullpath); efree(file_dirname_fullpath);
efree(file_basename); efree(file_basename);
return 0; return 0;
@ -627,7 +622,7 @@ static PHP_FUNCTION(zip_open)
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) {
return; return;
} }
if (SAFEMODE_CHECKFILE(filename)) { if (OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE; RETURN_FALSE;
} }
@ -1032,7 +1027,7 @@ static ZIPARCHIVE_METHOD(addFile)
entry_name_len = filename_len; entry_name_len = filename_len;
} }
if (SAFEMODE_CHECKFILE(filename)) { if (OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE; RETURN_FALSE;
} }

10
ext/zip/php_zip.h
View file

@ -30,6 +30,16 @@ extern zend_module_entry zip_module_entry;
#include "lib/zip.h" #include "lib/zip.h"
/* {{{ OPENBASEDIR_CHECKPATH(filename) */
#if (PHP_MAJOR_VERSION < 6)
#define OPENBASEDIR_CHECKPATH(filename) \
(PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
#else
#define OPENBASEDIR_CHECKPATH(filename) \
php_check_open_basedir(filename TSRMLS_CC)
#endif
/* }}} */
typedef struct _ze_zip_rsrc { typedef struct _ze_zip_rsrc {
struct zip *za; struct zip *za;
int index_current; int index_current;

5
ext/zip/zip_stream.c
View file

@ -12,6 +12,7 @@
#include "ext/standard/file.h" #include "ext/standard/file.h"
#include "ext/standard/php_string.h" #include "ext/standard/php_string.h"
#include "fopen_wrappers.h" #include "fopen_wrappers.h"
#include "php_zip.h"
#include "ext/standard/url.h" #include "ext/standard/url.h"
@ -112,7 +113,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D
} }
if (filename) { if (filename) {
if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { if (OPENBASEDIR_CHECKPATH(filename)) {
return NULL; return NULL;
} }
@ -193,7 +194,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper,
php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC); php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
fragment++; fragment++;
if ((PG(safe_mode) && (!php_checkuid(file_dirname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file_dirname TSRMLS_CC)) { if (OPENBASEDIR_CHECKPATH(file_dirname)) {
efree(file_basename); efree(file_basename);
return NULL; return NULL;
} }