iliaa Sun May 21 16:32:51 2006 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/curl curl.c
/php-src NEWS
Log:
MFH: Added control character checks for cURL extension's
open_basedir/safe_mode checks.
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/curl.c?r1=1.124.2.30.2.9&r2=1.124.2.30.2.10&diff_format=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.9
php-src/ext/curl/curl.c:1.124.2.30.2.10
--- php-src/ext/curl/curl.c:1.124.2.30.2.9 Tue Jan 31 10:57:52 2006
+++ php-src/ext/curl/curl.c Sun May 21 16:32:51 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: curl.c,v 1.124.2.30.2.9 2006/01/31 10:57:52 tony2001 Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.10 2006/05/21 16:32:51 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -162,11 +162,16 @@
strncasecmp(str, "file:", sizeof("file:") - 1) == 0)
\
{
\
php_url *tmp_url;
\
-
\
+
\
if (!(tmp_url = php_url_parse_ex(str, len))) {
\
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid
url '%s'", str); \
RETURN_FALSE;
\
}
\
+
\
+ if (php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str
+ len)) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Url '%s'
contains unencoded control characters.", str); \
+ RETURN_FALSE;
\
+ }
\
\
if (tmp_url->query || tmp_url->fragment ||
php_check_open_basedir(tmp_url->path TSRMLS_CC) ||
\
(PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+",
CHECKUID_CHECK_MODE_PARAM)) \
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.130&r2=1.1247.2.920.2.131&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.130 php-src/NEWS:1.1247.2.920.2.131
--- php-src/NEWS:1.1247.2.920.2.130 Sun May 21 16:10:28 2006
+++ php-src/NEWS Sun May 21 16:32:51 2006
@@ -1,6 +1,8 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2006, Version 4.4.3
+- Added control character checks for cURL extension's open_basedir/safe_mode
+ checks. (Ilia)
- Fixed a possible buffer overflow inside create_named_pipe() for Win32 systems
in libmysql.c. (Ilia)
- Updated PCRE to version 6.6. (Andrei)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
