MFB: Added missing validation checks around expand_filepath()

diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c
index f9e327fbb252c66af1615e8170f376cd263bcf22..c87b5a57744d22ef68c89431998d3710056527df 100755 (executable)
--- a/ext/com_dotnet/com_persist.c
+++ b/ext/com_dotnet/com_persist.c
@@ -389,9 +389,12 @@ CPH_METHOD(SaveToFile)
                }
 
                if (filename) {
-                       fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+                       if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+                               RETURN_FALSE;
+                       }
 
                        if (php_check_open_basedir(fullpath TSRMLS_CC)) {
+                               efree(fullpath);
                                RETURN_FALSE;
                        }
                        
@@ -448,7 +451,9 @@ CPH_METHOD(LoadFromFile)
                        return;
                }
 
-               fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+               if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+                       RETURN_FALSE;
+               }
 
                if (php_check_open_basedir(fullpath TSRMLS_CC)) {
                        efree(fullpath);

diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c
index 15a10de4c59ac7cb4b54aced0f739a75b77bd675..912896486eebfea538525d28b31becb499ce91e6 100644 (file)
--- a/ext/sqlite/pdo_sqlite2.c
+++ b/ext/sqlite/pdo_sqlite2.c
@@ -518,6 +518,10 @@ static char *make_filename_safe(const char *filename TSRMLS_DC)
        if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) {
                char *fullpath = expand_filepath(filename, NULL TSRMLS_CC);
 
+               if (!fullpath) {
+                       return NULL;
+               }
+
                if (php_check_open_basedir(fullpath TSRMLS_CC)) {
                        efree(fullpath);
                        return NULL;

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 1c12d7943720b472fb4c697e09e7a12f68453c47..812e8f08ead260724e4fc89ce4e75566720a1c68 100644 (file)
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -1233,7 +1233,9 @@ PHP_FUNCTION(sqlite_popen)
 
        if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
                /* resolve the fully-qualified path name to use as the hash key */
-               fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+               if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+                       RETURN_FALSE;
+               }
 
                if (php_check_open_basedir(fullpath TSRMLS_CC)) {
                        efree(fullpath);
@@ -1306,7 +1308,14 @@ PHP_FUNCTION(sqlite_open)
 
        if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
                /* resolve the fully-qualified path name to use as the hash key */
-               fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+               if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+                       php_std_error_handling();
+                       if (object) {
+                               RETURN_NULL();
+                       } else {
+                               RETURN_FALSE;
+                       }
+               }
 
                if (php_check_open_basedir(fullpath TSRMLS_CC)) {
                        php_std_error_handling();
@@ -1317,7 +1326,6 @@ PHP_FUNCTION(sqlite_open)
                                RETURN_FALSE;
                        }
                }
-
        }
 
        php_sqlite_open(fullpath ? fullpath : filename, (int)mode, NULL, return_value, errmsg, object TSRMLS_CC);
@@ -1351,7 +1359,10 @@ PHP_FUNCTION(sqlite_factory)
 
        if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
                /* resolve the fully-qualified path name to use as the hash key */
-               fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+               if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+                       php_std_error_handling();
+                       RETURN_NULL();
+               }
 
                if (php_check_open_basedir(fullpath TSRMLS_CC)) {
                        efree(fullpath);