From: Arnaud Le Blanc <lbarnaud@php.net>
Date: Mon, 11 Aug 2008 15:29:06 +0000 (+0000)
Subject: Check the relevant path for open_basedir in symlink()
X-Git-Tag: BEFORE_HEAD_NS_CHANGE~772
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ea8978235047c3d3f7eb423e0136911be196f98;p=php

Check the relevant path for open_basedir in symlink()
---

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 1b97a4da03..f71579111a 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -49,6 +49,7 @@
 
 #include "php_link.h"
 #include "ext/standard/file.h"
+#include "php_string.h"
 
 /* {{{ proto string readlink(string filename) U
    Return the target of a symbolic link */
@@ -126,6 +127,8 @@ PHP_FUNCTION(symlink)
 	int ret;
 	char source_p[MAXPATHLEN];
 	char dest_p[MAXPATHLEN];
+	char dirname[MAXPATHLEN];
+	size_t len;
 
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZ", &pp_topath, &pp_frompath) == FAILURE ||
@@ -134,7 +137,15 @@ PHP_FUNCTION(symlink)
 		return;
 	}
 
-	if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) {
+	if (!expand_filepath(frompath, source_p TSRMLS_CC)) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory");
+		RETURN_FALSE;
+	}
+
+	memcpy(dirname, source_p, sizeof(source_p));
+	len = php_dirname(dirname, strlen(dirname));
+
+	if (!expand_filepath_ex(topath, dest_p, dirname, len TSRMLS_CC)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory");
 		RETURN_FALSE;
 	}
diff --git a/ext/standard/tests/file/symlink_to_symlink.phpt b/ext/standard/tests/file/symlink_to_symlink.phpt
index cf12a1d0b7..b7554f9bd0 100644
--- a/ext/standard/tests/file/symlink_to_symlink.phpt
+++ b/ext/standard/tests/file/symlink_to_symlink.phpt
@@ -1,5 +1,11 @@
 --TEST--
 symlink() using a relative path, and symlink() to a symlink
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) == 'WIN') {
+    die('skip no symlinks on Windows');
+}
+?>
 --FILE--
 <?php
 $prefix = __FILE__;
diff --git a/tests/security/open_basedir_symlink.phpt b/tests/security/open_basedir_symlink.phpt
index ab87e87b04..799e9e4c8a 100644
--- a/tests/security/open_basedir_symlink.phpt
+++ b/tests/security/open_basedir_symlink.phpt
@@ -31,6 +31,12 @@ $target = ($directory."/test/ok/ok.txt");
 
 var_dump(symlink($target, $symlink));
 var_dump(unlink($symlink));
+
+var_dump(mkdir("ok2"));
+$symlink = ($directory."/test/ok/ok2/ok.txt");
+var_dump(symlink("../ok.txt", $symlink)); // $target == (dirname($symlink)."/".$target) == ($directory."/test/ok/ok.txt");
+var_dump(unlink($symlink));
+
 test_open_basedir_after("symlink");
 ?>
 --CLEAN--
@@ -74,4 +80,7 @@ Warning: symlink(): open_basedir restriction in effect. File(%s/test/bad) is not
 bool(false)
 bool(true)
 bool(true)
+bool(true)
+bool(true)
+bool(true)
 *** Finished testing open_basedir configuration [symlink] ***