- Fixed possible flaw in open_basedir (CVE-2010-3436)

author Pierre Joye <pajoye@php.net>

Tue, 28 Sep 2010 13:29:33 +0000 (13:29 +0000)

committer Pierre Joye <pajoye@php.net>

Tue, 28 Sep 2010 13:29:33 +0000 (13:29 +0000)
author Pierre Joye <pajoye@php.net>
Tue, 28 Sep 2010 13:29:33 +0000 (13:29 +0000)
committer Pierre Joye <pajoye@php.net>
Tue, 28 Sep 2010 13:29:33 +0000 (13:29 +0000)
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c

index daed11bc7314d494cf761960fe6e3626af6afe52..f8679d567575ce8e792d29b24aec704763a1b547 100644 (file)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -249,8 +249,13 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path
  #else
                 if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
  #endif
-                       /* File is in the right directory */
-                       return 0;
+                       if (resolved_name_len > resolved_basedir_len &&
+                               resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) {
+                               return -1;
+                       } else {
+                               /* File is in the right directory */
+                               return 0;
+                       }
                 } else {
                         /* /openbasedir/ and /openbasedir are the same directory */
                         if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
author	Pierre Joye <pajoye@php.net>
	Tue, 28 Sep 2010 13:29:33 +0000 (13:29 +0000)
committer	Pierre Joye <pajoye@php.net>
	Tue, 28 Sep 2010 13:29:33 +0000 (13:29 +0000)