archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix buffer-overflow in open_basedir()

Browse source
This commit is contained in:
Ilija Tovilo 2023-03-26 10:28:27 +02:00
parent 2b9d2bcee7
commit a7f91e37de
No known key found for this signature in database
GPG key ID: A4F5D403F118200A
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Zend/tests/gh10469.phpt
View file

@ -10,6 +10,7 @@ $tmpDir = $originalDir . '/gh10469_tmp';
chdir($tmpDir);
ini_set('open_basedir', ini_get('open_basedir') . ':./..');
ini_set('open_basedir', ini_get('open_basedir') . ':./../');
ini_set('open_basedir', ini_get('open_basedir') . ':/a/');
chdir($originalDir);
var_dump(ini_get('open_basedir'));

2
main/fopen_wrappers.c
View file

@ -103,7 +103,7 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
}
/* Don't allow paths with a parent dir component (..) to be set at runtime */
char *substr_pos = ptr;
while (true) {
while (*substr_pos) {
// Check if we have a .. path component
if (substr_pos[0] == '.'
&& substr_pos[1] == '.'