- rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without

  confusing in head without confusion)
- Add safemode and open basedir checks in zip:// wrapper (revert Ilia's
  patch). Bug found by Stefan Esser in his MOPB-20-2007

diff --git a/NEWS b/NEWS
index 26f998b9258eb2b6aef5c762665d80ae35f303ef..ec1c4145ec8cb5bd7c033582222c504e312e6f4a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ PHP                                                                        NEWS
   . Added SplFileInfo::getLinkTarget(), SplFileInfo::getRealPath().
 - Added --ri switch to CLI which allows to check extension information. (Marcus)
 - Added tidyNode::getParent() method (John, Nuno)
+- Added openbasedir and safemode checks in zip:// stream wrapper (Pierre)
 - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
 - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 745bcf60823e36239505cd111b3f6300c63e8719..e618d8b9e7128014c95d9a0d456b5a3e3bebb058 100644 (file)
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -49,11 +49,6 @@ static int le_zip_entry;
 #define le_zip_entry_name "Zip Entry"
 /* }}} */
 
-/* {{{ SAFEMODE_CHECKFILE(filename) */
-#define SAFEMODE_CHECKFILE(filename) \
-       (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
-/* }}} */
-
 /* {{{ PHP_ZIP_STAT_INDEX(za, index, flags, sb) */
 #define PHP_ZIP_STAT_INDEX(za, index, flags, sb) \
        if (zip_stat_index(za, index, flags, &sb) != 0) { \
@@ -127,7 +122,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 
                php_basename(file, file_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC);
 
-               if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) {
+               if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
                        efree(file_dirname_fullpath);
                        efree(file_basename);
                        return 0;
@@ -164,7 +159,7 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
         * is required, does a file can have a different
         * safemode status as its parent folder?
         */
-       if (SAFEMODE_CHECKFILE(fullpath)) {
+       if (OPENBASEDIR_CHECKPATH(fullpath)) {
                efree(file_dirname_fullpath);
                efree(file_basename);
                return 0;
@@ -627,7 +622,7 @@ static PHP_FUNCTION(zip_open)
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) {
                return;
        }
-       if (SAFEMODE_CHECKFILE(filename)) {
+       if (OPENBASEDIR_CHECKPATH(filename)) {
                RETURN_FALSE;
        }
 
@@ -1032,7 +1027,7 @@ static ZIPARCHIVE_METHOD(addFile)
                entry_name_len = filename_len;
        }
 
-       if (SAFEMODE_CHECKFILE(filename)) {
+       if (OPENBASEDIR_CHECKPATH(filename)) {
                RETURN_FALSE;
        }
 

diff --git a/ext/zip/php_zip.h b/ext/zip/php_zip.h
index cbfc9b9502f615dfb80bb25219796402776e7bce..f19415194134ca5ef5b0c977d52bc13e8acc1e17 100644 (file)
--- a/ext/zip/php_zip.h
+++ b/ext/zip/php_zip.h
@@ -30,6 +30,16 @@ extern zend_module_entry zip_module_entry;
 
 #include "lib/zip.h"
 
+/* {{{ OPENBASEDIR_CHECKPATH(filename) */
+#if (PHP_MAJOR_VERSION < 6)
+#define OPENBASEDIR_CHECKPATH(filename) \
+       (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)
+#else 
+#define OPENBASEDIR_CHECKPATH(filename) \
+       php_check_open_basedir(filename TSRMLS_CC)
+#endif
+/* }}} */
+
 typedef struct _ze_zip_rsrc {
        struct zip *za;
        int index_current;

diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c
index d4b511cc09a0d99210c506cae9d78b31da81cd8a..1f305509ea26bf54c50540f17da6cf3cad743c74 100644 (file)
--- a/ext/zip/zip_stream.c
+++ b/ext/zip/zip_stream.c
@@ -12,6 +12,7 @@
 #include "ext/standard/file.h"
 #include "ext/standard/php_string.h"
 #include "fopen_wrappers.h"
+#include "php_zip.h"
 
 #include "ext/standard/url.h"
 
@@ -112,7 +113,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D
        }
 
        if (filename) {
-               if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) {
+               if (OPENBASEDIR_CHECKPATH(filename)) {
                        return NULL;
                }
 
@@ -193,7 +194,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper,
        php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
        fragment++;
 
-       if ((PG(safe_mode) && (!php_checkuid(file_dirname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file_dirname TSRMLS_CC)) {
+       if (OPENBASEDIR_CHECKPATH(file_dirname)) {
                efree(file_basename);
                return NULL;
        }