ID: 41899 User updated by: geoffwa at cs dot rmit dot edu dot au Reported By: geoffwa at cs dot rmit dot edu dot au -Status: Feedback +Status: Open Bug Type: Streams related Operating System: Solaris 10 PHP Version: 5.2.3 Assigned To: ab5602 New Comment:
PHP5.2-200710080430 + your patch still doesn't work for either test case (also, shouldn't sizeof(filename) be sizeof(filename_test)?). $ ./php5.2-200710080430-fixed -dsafe_mode=1 test2.php Warning: mkdir(): Unable to access ./a in /pathto/test2.php on line 3 mkdir failed (so the initial mkdir("./a/b", 0700, true) call is failing) Stepping through the non-patched PHP5.2-200710080430 the error message is being generated from: if (mode != CHECKUID_ALLOW_ONLY_FILE) { /* check directory */ ret = VCWD_STAT(path, &sb); if (ret < 0) { if ((flags & CHECKUID_NO_ERRORS) == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); } return 0; } (line 147 in safe_mode.c) Previous Comments: ------------------------------------------------------------------------ [2007-10-10 01:01:42] [EMAIL PROTECTED] Geoffwa, when you get a chance, please let me know if applying the patch below to the current snapshot fixes the issue for you. [EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test2.php Current working directory is: /export/home/rob/mkdirtest Opened /export/home/rob/mkdirtest/a/b/file Opened ./a/b/file from ./a using ./b/file Opened ./a/b/file from ./a using ./b/c/../file Opened ./a/b/file from ./a/b/c using ../file Opened ../file from ./a/b/c using ./../file Opened ./a/b/file from ./a/b using ./file Opened ./a/file from ./a/b using ./c/../../file Opened ./a/b/c/file from ./a/b/c using ../c/file [EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test.php SUCCESS --- ./safe_mode.c.old 2007-09-23 10:19:21.000000000 -0500 +++ ./safe_mode.c 2007-10-09 19:39:44.000000000 -0500 @@ -86,7 +86,15 @@ * If that fails, passthrough and check directory... */ if (mode != CHECKUID_ALLOW_ONLY_DIR) { - expand_filepath(filename, path TSRMLS_CC); + + char filename_test[MAXPATHLEN]; + strcpy(filename_test,filename); + if (VCWD_GETCWD(filename_test, sizeof(filename)) == NULL) { + strcpy(path,filename); + } else { + expand_filepath(filename, path TSRMLS_CC); + } + ret = VCWD_STAT(path, &sb); if (ret < 0) { if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) { ------------------------------------------------------------------------ [2007-10-09 20:34:59] [EMAIL PROTECTED] Thanks, that was it. I am able to reproduce the situation now. Have tracked the issue down to safe_mode.c, php_checkuid_ex(), as is shown above in the thread and am working with it. ------------------------------------------------------------------------ [2007-10-09 16:07:47] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi ------------------------------------------------------------------------ [2007-10-09 06:58:42] geoffwa at cs dot rmit dot edu dot au Err are you running with safe mode on? $ ./php5.2-200710080430-debug -dsafe_mode=0 test2.php SUCCESS ------------------------------------------------------------------------ [2007-10-09 06:56:17] geoffwa at cs dot rmit dot edu dot au I can send you a tar, but I doubt that'll help matters. Here's the directory: ------- drwxrwxrwx 2 geoffwa staff 512 Oct 9 16:44 . drwx------ 8 geoffwa staff 512 Oct 8 15:14 .. -rwx------ 1 geoffwa staff 3.7M Oct 9 16:23 php5.2-200710080430 -rwx------ 1 geoffwa staff 11M Oct 9 16:44 php5.2-200710080430-debug -rw------- 1 geoffwa staff 2.7K Oct 8 15:17 test.php -rw------- 1 geoffwa staff 301 Oct 8 15:21 test2.php ------- (set . to 0777 for demonstration purposes) (run the smaller of the two example scripts) $ ./php5.2-200710080430-debug test2.php Warning: mkdir(): Unable to access ./a in /homedir/test2.php on line 3 mkdir failed ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/41899 -- Edit this bug report at http://bugs.php.net/?id=41899&edit=1