jani Thu Aug 23 13:38:49 2007 UTC
Modified files:
/php-src/ext/session mod_files.c
Log:
MFB: Fixed bug #37273 (Symlinks and mod_files session handler allow
open_basedir bypass)
http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.114&r2=1.115&diff_format=u
Index: php-src/ext/session/mod_files.c
diff -u php-src/ext/session/mod_files.c:1.114
php-src/ext/session/mod_files.c:1.115
--- php-src/ext/session/mod_files.c:1.114 Thu Aug 23 13:09:27 2007
+++ php-src/ext/session/mod_files.c Thu Aug 23 13:38:49 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mod_files.c,v 1.114 2007/08/23 13:09:27 jani Exp $ */
+/* $Id: mod_files.c,v 1.115 2007/08/23 13:38:49 jani Exp $ */
#include "php.h"
@@ -189,6 +189,24 @@
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY,
data->filemode);
if (data->fd != -1) {
+#ifndef PHP_WIN32
+ /* check to make sure that the opened file is not a
symlink, linking to data outside of allowable dirs */
+ if (PG(open_basedir)) {
+ struct stat sbuf;
+
+ if (fstat(data->fd, &sbuf)) {
+ close(data->fd);
+ return;
+ }
+ if (
+ S_ISLNK(sbuf.st_mode) &&
+ php_check_open_basedir(buf TSRMLS_CC)
+ ) {
+ close(data->fd);
+ return;
+ }
+ }
+#endif
flock(data->fd, LOCK_EX);
#ifdef F_SETFD
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
