}
/* }}} */
+/* {{{ openssl safe_mode & open_basedir checks */
+inline static int php_openssl_safe_mode_chk(char *filename TSRMLS_DC)
+{
+ if (PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ return -1;
+ }
+ if (php_check_open_basedir(filename TSRMLS_CC)) {
+ return -1;
+ }
+
+ return 0;
+}
+/* }}} */
+
/* {{{ openssl -> PHP "bridging" */
/* true global; readonly after module startup */
static char default_ssl_conf_filename[MAXPATHLEN];
/* read in the oids */
str = CONF_get_string(req->req_config, NULL, "oid_file");
- if (str) {
- BIO * oid_bio = BIO_new_file(str, "r");
+ if (str && !php_openssl_safe_mode_chk(str TSRMLS_CC)) {
+ BIO *oid_bio = BIO_new_file(str, "r");
if (oid_bio) {
OBJ_create_objects(oid_bio);
BIO_free(oid_bio);
/* read cert from the named file */
BIO *in;
+ if (php_openssl_safe_mode_chk(Z_STRVAL_PP(val) + 7 TSRMLS_CC)) {
+ return NULL;
+ }
+
in = BIO_new_file(Z_STRVAL_PP(val) + 7, "r");
if (in == NULL)
return NULL;
return;
}
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ return;
+ }
+
bio_out = BIO_new_file(filename, "w");
if (bio_out) {
if (!notext)
goto end;
}
+ if (php_openssl_safe_mode_chk(certfile TSRMLS_CC)) {
+ goto end;
+ }
+
if(!(in=BIO_new_file(certfile, "r"))) {
zend_error(E_WARNING, "%s(): error opening the file, %s", get_active_function_name(TSRMLS_C), certfile);
goto end;
if (Z_STRLEN_PP(val) > 7 && memcmp(Z_STRVAL_PP(val), "file://", 7) == 0)
filename = Z_STRVAL_PP(val) + 7;
- if (filename)
+ if (filename) {
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ return NULL;
+ }
in = BIO_new_file(filename, "r");
+ }
else
in = BIO_new_mem_buf(Z_STRVAL_PP(val), Z_STRLEN_PP(val));
return;
}
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ return;
+ }
+
bio_out = BIO_new_file(filename, "w");
if (bio_out) {
if (!notext)
else {
/* we want the private key */
if (filename) {
- BIO *in = BIO_new_file(filename, "r");
+ BIO *in;
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ return NULL;
+ }
+ in = BIO_new_file(filename, "r");
if (in == NULL)
return NULL;
key = PEM_read_bio_PrivateKey(in, NULL,NULL, passphrase);
RETURN_FALSE;
}
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
+
PHP_SSL_REQ_INIT(&req);
if (PHP_SSL_REQ_PARSE(&req, args) == SUCCESS)
if (!store)
goto clean_exit;
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ goto clean_exit;
+ }
+
in = BIO_new_file(filename, (flags & PKCS7_BINARY) ? "rb" : "r");
if (in == NULL)
goto clean_exit;
RETVAL_TRUE;
- if (signersfilename) {
- BIO * certout = BIO_new_file(signersfilename, "w");
+ if (signersfilename) {
+ BIO *certout;
+
+ if (php_openssl_safe_mode_chk(filename TSRMLS_CC)) {
+ goto clean_exit;
+ }
+
+ certout = BIO_new_file(signersfilename, "w");
if (certout) {
int i;
signers = PKCS7_get0_signers(p7, NULL, flags);
&outfilename, &outfilename_len, &zrecipcerts, &zheaders, &flags) == FAILURE)
return;
+ if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+ return;
+ }
+
infile = BIO_new_file(infilename, "r");
if (infile == NULL)
goto clean_exit;
goto clean_exit;
}
+ if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+ goto clean_exit;
+ }
+
infile = BIO_new_file(infilename, "r");
if (infile == NULL) {
zend_error(E_WARNING, "%s(): error opening input file %s!", get_active_function_name(TSRMLS_C), infilename);
zend_error(E_WARNING, "%s(): unable to get private key", get_active_function_name(TSRMLS_C));
goto clean_exit;
}
+
+ if (php_openssl_safe_mode_chk(infilename TSRMLS_CC) || php_openssl_safe_mode_chk(outfilename TSRMLS_CC)) {
+ goto clean_exit;
+ }
in = BIO_new_file(infilename, "r");
if (in == NULL) {
projects / php / commitdiff