Fixed bug #42952 (soap cache file is created with insecure permissions)

diff --git a/ext/soap/php_sdl.c b/ext/soap/php_sdl.c
index b791e9b2232ea50fa3d104487251c90b7f2168c9..b3c619429d2ad668c1e2a2eeae186b96b0311017 100644 (file)
--- a/ext/soap/php_sdl.c
+++ b/ext/soap/php_sdl.c
@@ -2015,7 +2015,7 @@ static void add_sdl_to_cache(const char *fn, const char *uri, time_t t, sdlPtr s
 #ifdef ZEND_WIN32
        f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
 #else
-       f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE|S_IROTH|S_IWOTH|S_IRGRP|S_IWGRP);
+       f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
 #endif
        if (f < 0) {return;}
 
@@ -3117,16 +3117,24 @@ sdlPtr get_sdl(zval *this_ptr, char *uri, long cache_wsdl TSRMLS_DC)
                unsigned char digest[16];
                int len = strlen(SOAP_GLOBAL(cache_dir));
                time_t cached;
+               char *user = php_get_current_user();
+               int user_len = user ? strlen(user) + 1 : 0;
 
                md5str[0] = '\0';
                PHP_MD5Init(&context);
                PHP_MD5Update(&context, (unsigned char*)uri, uri_len);
                PHP_MD5Final(digest, &context);
                make_digest(md5str, digest);
-               key = emalloc(len+sizeof("/wsdl-")-1+sizeof(md5str));
+               key = emalloc(len+sizeof("/wsdl-")-1+user_len+sizeof(md5str));
                memcpy(key,SOAP_GLOBAL(cache_dir),len);
                memcpy(key+len,"/wsdl-",sizeof("/wsdl-")-1);
-               memcpy(key+len+sizeof("/wsdl-")-1,md5str,sizeof(md5str));
+               len += sizeof("/wsdl-")-1;
+               if (user_len) {
+                       memcpy(key+len, user, user_len-1);
+                       len += user_len-1;
+                       key[len++] = '-';
+               }
+               memcpy(key+len,md5str,sizeof(md5str));
 
                if ((sdl = get_sdl_from_cache(key, uri, t-SOAP_GLOBAL(cache_ttl), &cached TSRMLS_CC)) != NULL) {
                        t = cached;