curl curl.c

Jani Taskinen Mon, 14 Mar 2005 01:03:23 -0800

sniper          Mon Mar 14 04:03:11 2005 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src    NEWS 
    /php-src/ext/curl   curl.c 
  Log:
  MFH: - Fixed bug #30609 (cURL functions bypass open_basedir)
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.854&r2=1.1247.2.855&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.854 php-src/NEWS:1.1247.2.855
--- php-src/NEWS:1.1247.2.854   Sun Mar 13 15:18:42 2005
+++ php-src/NEWS        Mon Mar 14 04:03:08 2005
@@ -77,6 +77,7 @@
 - Fixed bug #31055 (apache2filter: per request leak proportional to the full
   path of the request URI). (kameshj at fastmail dot fm)
 - Fixed bug #30726 (-.1 like numbers are not being handled correctly). (Ilia)
+- Fixed bug #30609 (cURL functions bypass open_basedir). (Jani)
 - Fixed bug #30446 (apache2handler: virtual() includes files out of sequence)
 - Fixed bug #30430 (odbc_next_result() doesn't bind values and that results 
   in segfault). (pdan-php at esync dot org, Tony)
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.28&r2=1.124.2.29&ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.28 php-src/ext/curl/curl.c:1.124.2.29
--- php-src/ext/curl/curl.c:1.124.2.28  Thu Jan  6 05:34:03 2005
+++ php-src/ext/curl/curl.c     Mon Mar 14 04:03:09 2005
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: curl.c,v 1.124.2.28 2005/01/06 10:34:03 jorton Exp $ */
+/* $Id: curl.c,v 1.124.2.29 2005/03/14 09:03:09 sniper Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -50,6 +50,7 @@
 #include "ext/standard/php_smart_str.h"
 #include "ext/standard/info.h"
 #include "ext/standard/file.h"
+#include "ext/standard/url.h"
 #include "php_curl.h"
 
 static int  le_curl;
@@ -64,6 +65,26 @@
 #define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s), (char *) v, 
1);
 #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
 
+#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)                                  
                                                                \
+       if (PG(open_basedir) && *PG(open_basedir) &&                            
                    \
+           strncasecmp(str, "file://", sizeof("file://") - 1) == 0)            
                                                \
+       {                                                                       
                                                                                
                                \
+               php_url *tmp_url;                                               
                                                                                
                \
+                                                                               
                                                                                
                                \
+               if (!(tmp_url = php_url_parse_ex(str, len))) {                  
                                                                \
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 
url '%s'", str);                           \
+                       RETURN_FALSE;                                           
                                                                                
                \
+               }                                                               
                                                                                
                                \
+                                                                               
                                                                                
                                \
+               if (php_check_open_basedir(tmp_url->path TSRMLS_CC) ||          
                                                        \
+                       (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", 
CHECKUID_CHECK_MODE_PARAM))       \
+               ) {                                                             
                                                                                
                        \
+                       php_url_free(tmp_url);                                  
                                                                                
        \
+                       RETURN_FALSE;                                           
                                                                                
                \
+               }                                                               
                                                                                
                                \
+               php_url_free(tmp_url);                                          
                                                                                
        \
+       }
+
 /* {{{ curl_functions[]
  */
 function_entry curl_functions[] = {
@@ -682,6 +703,11 @@
                WRONG_PARAM_COUNT;
        }
 
+       if (argc > 0) {
+               convert_to_string_ex(url);
+               PHP_CURL_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
+       }
+
        alloc_curl_handle(&ch);
 
        ch->cp = curl_easy_init();
@@ -712,7 +738,6 @@
 
        if (argc > 0) {
                char *urlcopy;
-               convert_to_string_ex(url);
 
                urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
                curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy);
@@ -724,7 +749,7 @@
 }
 /* }}} */
 
-/* {{{ proto bool curl_setopt(resource ch, string option, mixed value)
+/* {{{ proto bool curl_setopt(resource ch, int option, mixed value)
    Set an option for a CURL transfer */
 PHP_FUNCTION(curl_setopt)
 {
@@ -819,8 +844,12 @@
                        char *copystr = NULL;
        
                        convert_to_string_ex(zvalue);
-                       copystr = estrndup(Z_STRVAL_PP(zvalue), 
Z_STRLEN_PP(zvalue));
 
+                       if (option == CURLOPT_URL) {
+                               
PHP_CURL_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue));
+                       }
+
+                       copystr = estrndup(Z_STRVAL_PP(zvalue), 
Z_STRLEN_PP(zvalue));
                        error = curl_easy_setopt(ch->cp, option, copystr);
                        zend_llist_add_element(&ch->to_free.str, &copystr);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/curl curl.c

Reply via email to