On Thu, 28 Oct 2004 12:07:50 -0400 Sean Coates <[EMAIL PROTECTED]> wrote:
> Is this legitimate? > I took a (very) quick look at bugs, and didn't see it. you can find patches for all branches in attachment. comments are welcome. -- Wbr, Antony Dovgal aka tony2001 [EMAIL PROTECTED] || [EMAIL PROTECTED]
Index: ext/curl/interface.c =================================================================== RCS file: /repository/php-src/ext/curl/interface.c,v retrieving revision 1.46.2.4 diff -u -r1.46.2.4 interface.c --- ext/curl/interface.c 18 Oct 2004 22:42:16 -0000 1.46.2.4 +++ ext/curl/interface.c 29 Oct 2004 06:45:23 -0000 @@ -808,8 +808,40 @@ if (argc > 0) { char *urlcopy; + char *tmp; + int tmp_len; + convert_to_string_ex(url); + + if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) { + tmp_len = Z_STRLEN_PP(url) - 7; + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) { + tmp_len = Z_STRLEN_PP(url) - 16; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); zend_llist_add_element(&ch->to_free.str, &urlcopy);
Index: ext/curl/interface.c =================================================================== RCS file: /repository/php-src/ext/curl/interface.c,v retrieving revision 1.50 diff -u -r1.50 interface.c --- ext/curl/interface.c 18 Oct 2004 22:41:24 -0000 1.50 +++ ext/curl/interface.c 29 Oct 2004 06:45:37 -0000 @@ -807,7 +807,39 @@ if (argc > 0) { char *urlcopy; + char *tmp; + int tmp_len; + convert_to_string_ex(url); + + if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) { + tmp_len = Z_STRLEN_PP(url) - 7; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) { + tmp_len = Z_STRLEN_PP(url) - 16; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy);
Index: ext/curl/curl.c =================================================================== RCS file: /repository/php-src/ext/curl/Attic/curl.c,v retrieving revision 1.124.2.26 diff -u -r1.124.2.26 curl.c --- ext/curl/curl.c 18 Oct 2004 22:43:29 -0000 1.124.2.26 +++ ext/curl/curl.c 29 Oct 2004 06:45:05 -0000 @@ -711,8 +711,40 @@ if (argc > 0) { char *urlcopy; + char *tmp; + int tmp_len; + convert_to_string_ex(url); + + if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) { + tmp_len = Z_STRLEN_PP(url) - 7; + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) { + tmp_len = Z_STRLEN_PP(url) - 16; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); zend_llist_add_element(&ch->to_free.str, &urlcopy);
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php