Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)

author Erik Lax <erik@datahack.se>

Tue, 1 May 2018 16:16:53 +0000 (18:16 +0200)

committer Jakub Zelenka <bukka@php.net>

Fri, 18 May 2018 16:15:22 +0000 (17:15 +0100)
author Erik Lax <erik@datahack.se>
Tue, 1 May 2018 16:16:53 +0000 (18:16 +0200)
committer Jakub Zelenka <bukka@php.net>
Fri, 18 May 2018 16:15:22 +0000 (17:15 +0100)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c

index 7651e64da6e837f8082a7d64ca33d84a198c3c2b..e6eeedbf553a9ebc7b5ccced2a5244c3240907c1 100644 (file)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3785,6 +3785,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(
  
                 if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) {
                         filename = Z_STRVAL_P(val) + (sizeof("file://") - 1);
+                       if (php_openssl_open_base_dir_chk(filename)) {
+                               TMP_CLEAN;
+                       }
                 }
                 /* it's an X509 file/cert of some kind, and we need to extract the data from that */
                 if (public_key) {
@@ -3811,9 +3814,6 @@ static EVP_PKEY * php_openssl_evp_from_zval(
                         BIO *in;
  
                         if (filename) {
-                               if (php_openssl_open_base_dir_chk(filename)) {
-                                       TMP_CLEAN;
-                               }
                                 in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
                         } else {
                                 in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));
author	Erik Lax <erik@datahack.se>
	Tue, 1 May 2018 16:16:53 +0000 (18:16 +0200)
committer	Jakub Zelenka <bukka@php.net>
	Fri, 18 May 2018 16:15:22 +0000 (17:15 +0100)