From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 6 Jan 2008 17:12:29 +0000 (+0000)
Subject: Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
X-Git-Tag: php-5.2.6RC1~190
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0b25a9fb8c64a59f9dc23bcdc2f9fce26f7583fc;p=php

Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
---

diff --git a/NEWS b/NEWS
index 403b62902a..46fab777f1 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2008, PHP 5.2.6
 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
+- Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
+  (Ilia)
 
 - Fixed bug #43663 (Extending PDO class with a __call() function doesn't work). 
   (David Soria Parra)
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 5f7de2bcc7..f832d5bbd5 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -173,7 +173,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 			php_curl_ret(__ret);											\
 		} 													\
 															\
-		if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {				\
+		if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {				\
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str);	\
 			php_url_free(tmp_url); 																\
 			php_curl_ret(__ret);											\