[Pkg-php-commits] [php/debian-sid] More updates to open_basedir (Closes: #605391)

Tue Nov 30 11:04:16 UTC 2010

---
 .../fix-open_basedir-with-separator-r305698.patch  |   21 ++++++++++++++++++++
 .../reject-filenames-with-null-r305507.patch       |   13 ++++++++++++
 debian/patches/series                              |    2 +
 3 files changed, 36 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/fix-open_basedir-with-separator-r305698.patch
 create mode 100644 debian/patches/reject-filenames-with-null-r305507.patch

diff --git a/debian/patches/fix-open_basedir-with-separator-r305698.patch b/debian/patches/fix-open_basedir-with-separator-r305698.patch
new file mode 100644
index 0000000..9ae37d3
--- /dev/null
+++ b/debian/patches/fix-open_basedir-with-separator-r305698.patch
@@ -0,0 +1,21 @@
+--- a/main/fopen_wrappers.c
++++ b/main/fopen_wrappers.c
+@@ -223,6 +223,9 @@ PHPAPI int php_check_specific_open_based
+ 				resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
+ 				resolved_basedir[++resolved_basedir_len] = '\0';
+ 			}
++		} else {
++				resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR;
++				resolved_basedir[resolved_basedir_len] = '\0';
+ 		}
+ 
+ 		resolved_name_len = strlen(resolved_name);
+@@ -240,7 +243,7 @@ PHPAPI int php_check_specific_open_based
+ 		if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
+ #endif
+ 			if (resolved_name_len > resolved_basedir_len &&
+-				resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) {
++				resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
+ 				return -1;
+ 			} else {
+ 				/* File is in the right directory */
diff --git a/debian/patches/reject-filenames-with-null-r305507.patch b/debian/patches/reject-filenames-with-null-r305507.patch
new file mode 100644
index 0000000..4596ae6
--- /dev/null
+++ b/debian/patches/reject-filenames-with-null-r305507.patch
@@ -0,0 +1,13 @@
+--- a/main/fopen_wrappers.c
++++ b/main/fopen_wrappers.c
+@@ -519,6 +519,10 @@ PHPAPI char *php_resolve_path(const char
+ 		return NULL;
+ 	}
+ 
++	if (strlen(filename) != filename_length) {
++		return NULL;
++	}
++
+ 	/* Don't resolve paths which contain protocol (except of file://) */
+ 	for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
+ 	if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
diff --git a/debian/patches/series b/debian/patches/series
index da3fd3c..c164691 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -69,3 +69,5 @@ bug52947.patch
 fix_crash_in_GC.patch
 bug53070.patch
 bug53323.patch
+reject-filenames-with-null-r305507.patch
+fix-open_basedir-with-separator-r305698.patch
-- 
1.7.1



