]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 981faa6)
Fixed a possible open_basedir/safe_mode bypass in session extension identified by...
authorIlia Alshanetsky <iliaa@php.net>
Sun, 31 Jan 2010 18:06:29 +0000 (18:06 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Sun, 31 Jan 2010 18:06:29 +0000 (18:06 +0000)
ext/session/session.c patch | blob | history

diff --git a/ext/session/session.c b/ext/session/session.c
index cd53cf1ac638e60ba0165d9e31222d8608194205..2004b2de138567addc4764c76417656182eca6fb 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -563,8 +563,13 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
                        return FAILURE;
                }
 
-               if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+               /* we do not use zend_memrchr() since path can contain ; itself */
+               if ((p = strchr(new_value, ';'))) {
+                       char *p2;
                        p++;
+                       if ((p2 = strchr(p, ';'))) {
+                               p = p2 + 1;
+                       }
                } else {
                        p = new_value;
                }
Unnamed repository; edit this file 'description' to name the repository.