[Pkg-php-commits] [php/debian-sid] More updates to open_basedir (Closes: #605391)
Ondřej Surý
ondrej at sury.org
Tue Nov 30 11:04:16 UTC 2010
---
.../fix-open_basedir-with-separator-r305698.patch | 21 ++++++++++++++++++++
.../reject-filenames-with-null-r305507.patch | 13 ++++++++++++
debian/patches/series | 2 +
3 files changed, 36 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/fix-open_basedir-with-separator-r305698.patch
create mode 100644 debian/patches/reject-filenames-with-null-r305507.patch
diff --git a/debian/patches/fix-open_basedir-with-separator-r305698.patch b/debian/patches/fix-open_basedir-with-separator-r305698.patch
new file mode 100644
index 0000000..9ae37d3
--- /dev/null
+++ b/debian/patches/fix-open_basedir-with-separator-r305698.patch
@@ -0,0 +1,21 @@
+--- a/main/fopen_wrappers.c
++++ b/main/fopen_wrappers.c
+@@ -223,6 +223,9 @@ PHPAPI int php_check_specific_open_based
+ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
+ resolved_basedir[++resolved_basedir_len] = '\0';
+ }
++ } else {
++ resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR;
++ resolved_basedir[resolved_basedir_len] = '\0';
+ }
+
+ resolved_name_len = strlen(resolved_name);
+@@ -240,7 +243,7 @@ PHPAPI int php_check_specific_open_based
+ if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
+ #endif
+ if (resolved_name_len > resolved_basedir_len &&
+- resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) {
++ resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
+ return -1;
+ } else {
+ /* File is in the right directory */
diff --git a/debian/patches/reject-filenames-with-null-r305507.patch b/debian/patches/reject-filenames-with-null-r305507.patch
new file mode 100644
index 0000000..4596ae6
--- /dev/null
+++ b/debian/patches/reject-filenames-with-null-r305507.patch
@@ -0,0 +1,13 @@
+--- a/main/fopen_wrappers.c
++++ b/main/fopen_wrappers.c
+@@ -519,6 +519,10 @@ PHPAPI char *php_resolve_path(const char
+ return NULL;
+ }
+
++ if (strlen(filename) != filename_length) {
++ return NULL;
++ }
++
+ /* Don't resolve paths which contain protocol (except of file://) */
+ for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+ if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
diff --git a/debian/patches/series b/debian/patches/series
index da3fd3c..c164691 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -69,3 +69,5 @@ bug52947.patch
fix_crash_in_GC.patch
bug53070.patch
bug53323.patch
+reject-filenames-with-null-r305507.patch
+fix-open_basedir-with-separator-r305698.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list