subject:"#41899 \[Opn\-Csd\]\: Can't open files with leading relative path of '..' and '..' is not readable"

#41899 [Opn->Csd]: Can't open files with leading relative path of '..' and '..' is not readable

2007-10-10 Thread ab5602

 ID:   41899
 Updated by:   [EMAIL PROTECTED]
 Reported By:  geoffwa at cs dot rmit dot edu dot au
-Status:   Open
+Status:   Closed
 Bug Type: Streams related
 Operating System: Solaris 10
 PHP Version:  5.2.3
 Assigned To:  ab5602
 New Comment:

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:


[2007-10-10 21:21:21] [EMAIL PROTECTED]


Verified w/ Geoffrey that the above patch fixes the problem.  I am
currently working on a final patch to apply to CVS and testing to make
sure it does not break safe_mode.

--

> 1) Please try with the most recent snapshot (200710100230) there has
> > been recent patches to code (main/fopen_wrappers.c) that effects
this,
> > as recent as today.  Noticed that binary you are using is 10-08
4:30.
> > 

The 200710100230 snapshot + your patch appears to work:

$ ./php5.2-200710100430-patched -n -dsafe_mode-1 test.php
Current working directory is: /home/g/geoffwa/work/test
Opened /home/g/geoffwa/work/test/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file




[2007-10-10 02:42:22] geoffwa at cs dot rmit dot edu dot au

PHP5.2-200710080430 + your patch still doesn't work for either test
case (also, shouldn't sizeof(filename) be sizeof(filename_test)?).

$ ./php5.2-200710080430-fixed -dsafe_mode=1 test2.php

Warning: mkdir(): Unable to access ./a in /pathto/test2.php on line 3
mkdir failed

(so the initial mkdir("./a/b", 0700, true) call is failing)

Stepping through the non-patched PHP5.2-200710080430 the error message
is being generated from:

if (mode != CHECKUID_ALLOW_ONLY_FILE) {
   /* check directory */
   ret = VCWD_STAT(path, &sb);
   if (ret < 0) {
  if ((flags & CHECKUID_NO_ERRORS) == 0) {
 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access
%s", filename);
  }
  return 0;
   }

(line 147 in safe_mode.c)



[2007-10-10 01:01:42] [EMAIL PROTECTED]

Geoffwa, when you get a chance, please let me know if applying the
patch below to the current snapshot fixes the issue for you.

[EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1
./test2.php
Current working directory is: /export/home/rob/mkdirtest
Opened /export/home/rob/mkdirtest/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test.php
SUCCESS



--- ./safe_mode.c.old   2007-09-23 10:19:21.0 -0500
+++ ./safe_mode.c   2007-10-09 19:39:44.0 -0500
@@ -86,7 +86,15 @@
 * If that fails, passthrough and check directory...
 */
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
-   expand_filepath(filename, path TSRMLS_CC);
+
+char filename_test[MAXPATHLEN];
+strcpy(filename_test,filename);
+if (VCWD_GETCWD(filename_test, sizeof(filename)) ==
NULL) {
+strcpy(path,filename);
+} else {
+expand_filepath(filename, path TSRMLS_CC);
+}
+
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS)
{




[2007-10-09 20:34:59] [EMAIL PROTECTED]


Thanks, that was it.  I am able to reproduce the situation now.

Have tracked the issue down to safe_mode.c, php_checkuid_ex(), as is
shown above in the thread and am working with it.




[2007-10-09 16:07:47] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi





The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

#41899 [Opn->Csd]: Can't open files with leading relative path of '..' and '..' is not readable

2007-07-06 Thread sniper

 ID:   41899
 Updated by:   [EMAIL PROTECTED]
 Reported By:  geoffwa at cs dot rmit dot edu dot au
-Status:   Open
+Status:   Closed
 Bug Type: Streams related
 Operating System: Solaris 10
 PHP Version:  5.2.3
 New Comment:

Since it's fixed in CVS -> closed.


Previous Comments:


[2007-07-06 01:03:53] geoffwa at cs dot rmit dot edu dot au

Is also broken in 5.2.0 and 5.2.2.

Appears to be fixed in latest snapshot:
> ./php-5.2-200707060030 -v
PHP 5.2.4-dev (cli) (built: Jul  6 2007 10:59:53) 
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

> ./php-5.2-200707060030 -f test.php
Current working directory is: /home/g/geoffwa/test
Opened /home/g/geoffwa/test/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file



[2007-07-05 21:59:45] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi





[2007-07-05 06:34:06] geoffwa at cs dot rmit dot edu dot au

Description:

(possibly related to bug #39953 or bug #39351)

If a relative path to a file has '..' as a leading path component,
and the directory referred to by '..' is not readable by the user,
then opening a file using the relative path fails.

Using an absolute path or a path with a non-'..' leading component
opens said file just fine.



Reproduce code:
---
See http://goanna.cs.rmit.edu.au/~geoffwa/relative_path_bug.php
for a large test script.

Expected result:

(Using PHP 5.1.4)
Current working directory is: /home/g/geoffwa/test
Opened /home/g/geoffwa/test/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file


Actual result:
--
(Using PHP 5.2.3 + suhosin patch)
Opened /home/g/geoffwa/test/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Failed to open ./a/b/file from ./a/b/c using ../file
Failed to open ./a/b/file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Failed to open ./a/b/c/file from ./a/b/c using ../c/file






-- 
Edit this bug report at http://bugs.php.net/?id=41899&edit=1

#41899 [Opn->Csd]: Can't open files with leading relative path of '..' and '..' is not readable

#41899 [Opn->Csd]: Can't open files with leading relative path of '..' and '..' is not readable

2 matches

Site Navigation

Mail list logo

Footer information