ID: 41899
User updated by: geoffwa at cs dot rmit dot edu dot au
Reported By: geoffwa at cs dot rmit dot edu dot au
-Status: Feedback
+Status: Open
Bug Type: Streams related
Operating System: Solaris 10
PHP Version: 5.2.3
Assigned To: ab5602
New Comment:
PHP5.2-200710080430 + your patch still doesn't work for either test
case (also, shouldn't sizeof(filename) be sizeof(filename_test)?).
$ ./php5.2-200710080430-fixed -dsafe_mode=1 test2.php
Warning: mkdir(): Unable to access ./a in /pathto/test2.php on line 3
mkdir failed
(so the initial mkdir("./a/b", 0700, true) call is failing)
Stepping through the non-patched PHP5.2-200710080430 the error message
is being generated from:
if (mode != CHECKUID_ALLOW_ONLY_FILE) {
/* check directory */
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access
%s", filename);
}
return 0;
}
(line 147 in safe_mode.c)
Previous Comments:
------------------------------------------------------------------------
[2007-10-10 01:01:42] [EMAIL PROTECTED]
Geoffwa, when you get a chance, please let me know if applying the
patch below to the current snapshot fixes the issue for you.
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1
./test2.php
Current working directory is: /export/home/rob/mkdirtest
Opened /export/home/rob/mkdirtest/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test.php
SUCCESS
--- ./safe_mode.c.old 2007-09-23 10:19:21.000000000 -0500
+++ ./safe_mode.c 2007-10-09 19:39:44.000000000 -0500
@@ -86,7 +86,15 @@
* If that fails, passthrough and check directory...
*/
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
- expand_filepath(filename, path TSRMLS_CC);
+
+ char filename_test[MAXPATHLEN];
+ strcpy(filename_test,filename);
+ if (VCWD_GETCWD(filename_test, sizeof(filename)) ==
NULL) {
+ strcpy(path,filename);
+ } else {
+ expand_filepath(filename, path TSRMLS_CC);
+ }
+
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS)
{
------------------------------------------------------------------------
[2007-10-09 20:34:59] [EMAIL PROTECTED]
Thanks, that was it. I am able to reproduce the situation now.
Have tracked the issue down to safe_mode.c, php_checkuid_ex(), as is
shown above in the thread and am working with it.
------------------------------------------------------------------------
[2007-10-09 16:07:47] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows (zip):
http://snaps.php.net/win32/php5.2-win32-latest.zip
For Windows (installer):
http://snaps.php.net/win32/php5.2-win32-installer-latest.msi
------------------------------------------------------------------------
[2007-10-09 06:58:42] geoffwa at cs dot rmit dot edu dot au
Err are you running with safe mode on?
$ ./php5.2-200710080430-debug -dsafe_mode=0 test2.php
SUCCESS
------------------------------------------------------------------------
[2007-10-09 06:56:17] geoffwa at cs dot rmit dot edu dot au
I can send you a tar, but I doubt that'll help matters. Here's the
directory:
-------
drwxrwxrwx 2 geoffwa staff 512 Oct 9 16:44 .
drwx------ 8 geoffwa staff 512 Oct 8 15:14 ..
-rwx------ 1 geoffwa staff 3.7M Oct 9 16:23 php5.2-200710080430
-rwx------ 1 geoffwa staff 11M Oct 9 16:44 php5.2-200710080430-debug
-rw------- 1 geoffwa staff 2.7K Oct 8 15:17 test.php
-rw------- 1 geoffwa staff 301 Oct 8 15:21 test2.php
-------
(set . to 0777 for demonstration purposes)
(run the smaller of the two example scripts)
$ ./php5.2-200710080430-debug test2.php
Warning: mkdir(): Unable to access ./a in /homedir/test2.php on line 3
mkdir failed
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/41899
--
Edit this bug report at http://bugs.php.net/?id=41899&edit=1
