From: Ilia Alshanetsky Date: Sat, 16 Sep 2006 18:23:05 +0000 (+0000) Subject: MFB: Added missing validation checks around expand_filepath() X-Git-Tag: RELEASE_1_0_0RC1~1649 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1ed7d584c641246bb6cc0ecd728b880f5e536498;p=php MFB: Added missing validation checks around expand_filepath() --- diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c index f9e327fbb2..c87b5a5774 100755 --- a/ext/com_dotnet/com_persist.c +++ b/ext/com_dotnet/com_persist.c @@ -389,9 +389,12 @@ CPH_METHOD(SaveToFile) } if (filename) { - fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + RETURN_FALSE; + } if (php_check_open_basedir(fullpath TSRMLS_CC)) { + efree(fullpath); RETURN_FALSE; } @@ -448,7 +451,9 @@ CPH_METHOD(LoadFromFile) return; } - fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + RETURN_FALSE; + } if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c index 15a10de4c5..912896486e 100644 --- a/ext/sqlite/pdo_sqlite2.c +++ b/ext/sqlite/pdo_sqlite2.c @@ -518,6 +518,10 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!fullpath) { + return NULL; + } + if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 1c12d79437..812e8f08ea 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1233,7 +1233,9 @@ PHP_FUNCTION(sqlite_popen) if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { /* resolve the fully-qualified path name to use as the hash key */ - fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + RETURN_FALSE; + } if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); @@ -1306,7 +1308,14 @@ PHP_FUNCTION(sqlite_open) if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { /* resolve the fully-qualified path name to use as the hash key */ - fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + php_std_error_handling(); + if (object) { + RETURN_NULL(); + } else { + RETURN_FALSE; + } + } if (php_check_open_basedir(fullpath TSRMLS_CC)) { php_std_error_handling(); @@ -1317,7 +1326,6 @@ PHP_FUNCTION(sqlite_open) RETURN_FALSE; } } - } php_sqlite_open(fullpath ? fullpath : filename, (int)mode, NULL, return_value, errmsg, object TSRMLS_CC); @@ -1351,7 +1359,10 @@ PHP_FUNCTION(sqlite_factory) if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { /* resolve the fully-qualified path name to use as the hash key */ - fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { + php_std_error_handling(); + RETURN_NULL(); + } if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath);