ID: 41899
Updated by: [EMAIL PROTECTED]
Reported By: geoffwa at cs dot rmit dot edu dot au
-Status: Open
+Status: Closed
Bug Type: Streams related
Operating System: Solaris 10
PHP Version: 5.2.3
Assigned To: ab5602
New Comment:
This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Previous Comments:
[2007-10-10 21:21:21] [EMAIL PROTECTED]
Verified w/ Geoffrey that the above patch fixes the problem. I am
currently working on a final patch to apply to CVS and testing to make
sure it does not break safe_mode.
--
> 1) Please try with the most recent snapshot (200710100230) there has
> > been recent patches to code (main/fopen_wrappers.c) that effects
this,
> > as recent as today. Noticed that binary you are using is 10-08
4:30.
> >
The 200710100230 snapshot + your patch appears to work:
$ ./php5.2-200710100430-patched -n -dsafe_mode-1 test.php
Current working directory is: /home/g/geoffwa/work/test
Opened /home/g/geoffwa/work/test/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file
[2007-10-10 02:42:22] geoffwa at cs dot rmit dot edu dot au
PHP5.2-200710080430 + your patch still doesn't work for either test
case (also, shouldn't sizeof(filename) be sizeof(filename_test)?).
$ ./php5.2-200710080430-fixed -dsafe_mode=1 test2.php
Warning: mkdir(): Unable to access ./a in /pathto/test2.php on line 3
mkdir failed
(so the initial mkdir("./a/b", 0700, true) call is failing)
Stepping through the non-patched PHP5.2-200710080430 the error message
is being generated from:
if (mode != CHECKUID_ALLOW_ONLY_FILE) {
/* check directory */
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access
%s", filename);
}
return 0;
}
(line 147 in safe_mode.c)
[2007-10-10 01:01:42] [EMAIL PROTECTED]
Geoffwa, when you get a chance, please let me know if applying the
patch below to the current snapshot fixes the issue for you.
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1
./test2.php
Current working directory is: /export/home/rob/mkdirtest
Opened /export/home/rob/mkdirtest/a/b/file
Opened ./a/b/file from ./a using ./b/file
Opened ./a/b/file from ./a using ./b/c/../file
Opened ./a/b/file from ./a/b/c using ../file
Opened ../file from ./a/b/c using ./../file
Opened ./a/b/file from ./a/b using ./file
Opened ./a/file from ./a/b using ./c/../../file
Opened ./a/b/c/file from ./a/b/c using ../c/file
[EMAIL PROTECTED]:~/mkdirtest]$ ./php-solfix -dsafe_mode=1 ./test.php
SUCCESS
--- ./safe_mode.c.old 2007-09-23 10:19:21.0 -0500
+++ ./safe_mode.c 2007-10-09 19:39:44.0 -0500
@@ -86,7 +86,15 @@
* If that fails, passthrough and check directory...
*/
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
- expand_filepath(filename, path TSRMLS_CC);
+
+char filename_test[MAXPATHLEN];
+strcpy(filename_test,filename);
+if (VCWD_GETCWD(filename_test, sizeof(filename)) ==
NULL) {
+strcpy(path,filename);
+} else {
+expand_filepath(filename, path TSRMLS_CC);
+}
+
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS)
{
[2007-10-09 20:34:59] [EMAIL PROTECTED]
Thanks, that was it. I am able to reproduce the situation now.
Have tracked the issue down to safe_mode.c, php_checkuid_ex(), as is
shown above in the thread and am working with it.
[2007-10-09 16:07:47] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows (zip):
http://snaps.php.net/win32/php5.2-win32-latest.zip
For Windows (installer):
http://snaps.php.net/win32/php5.2-win32-installer-latest.msi
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at