From: Ilia Alshanetsky Date: Sat, 16 Sep 2006 18:10:32 +0000 (+0000) Subject: Added missing validation checks around expand_filepath() X-Git-Tag: php-5.2.0RC5~149 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4c65e0e1cd4c4907b203c8dedaab726e162292db;p=php Added missing validation checks around expand_filepath() --- diff --git a/ext/com_dotnet/com_persist.c b/ext/com_dotnet/com_persist.c index 8408d619d9..8738938f1f 100755 --- a/ext/com_dotnet/com_persist.c +++ b/ext/com_dotnet/com_persist.c @@ -390,15 +390,16 @@ CPH_METHOD(SaveToFile) if (filename) { fullpath = expand_filepath(filename, NULL TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (!fullpath) { RETURN_FALSE; } - - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + + if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || + php_check_open_basedir(fullpath TSRMLS_CC)) { + efree(fullpath); RETURN_FALSE; } - + olefilename = php_com_string_to_olestring(filename, strlen(fullpath), helper->codepage TSRMLS_CC); efree(fullpath); } @@ -452,13 +453,13 @@ CPH_METHOD(LoadFromFile) return; } - fullpath = expand_filepath(filename, NULL TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { RETURN_FALSE; } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || + php_check_open_basedir(fullpath TSRMLS_CC)) { + efree(fullpath); RETURN_FALSE; } diff --git a/ext/sqlite/pdo_sqlite2.c b/ext/sqlite/pdo_sqlite2.c index 7788b3f8b3..0df676fec4 100644 --- a/ext/sqlite/pdo_sqlite2.c +++ b/ext/sqlite/pdo_sqlite2.c @@ -518,6 +518,10 @@ static char *make_filename_safe(const char *filename TSRMLS_DC) if (strncmp(filename, ":memory:", sizeof(":memory:")-1)) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); + if (!fullpath) { + return NULL; + } + if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { efree(fullpath); return NULL; diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index c499fa530c..b7a9483342 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1237,13 +1237,13 @@ PHP_FUNCTION(sqlite_popen) if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { /* resolve the fully-qualified path name to use as the hash key */ - fullpath = expand_filepath(filename, NULL TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { RETURN_FALSE; } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || + php_check_open_basedir(fullpath TSRMLS_CC)) { + efree(fullpath); RETURN_FALSE; } } else { @@ -1313,11 +1313,8 @@ PHP_FUNCTION(sqlite_open) if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { /* resolve the fully-qualified path name to use as the hash key */ - fullpath = expand_filepath(filename, NULL TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { php_std_error_handling(); - efree(fullpath); if (object) { RETURN_NULL(); } else { @@ -1325,7 +1322,8 @@ PHP_FUNCTION(sqlite_open) } } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || + php_check_open_basedir(fullpath TSRMLS_CC)) { php_std_error_handling(); efree(fullpath); if (object) { @@ -1334,7 +1332,6 @@ PHP_FUNCTION(sqlite_open) RETURN_FALSE; } } - } php_sqlite_open(fullpath ? fullpath : filename, (int)mode, NULL, return_value, errmsg, object TSRMLS_CC); @@ -1368,15 +1365,13 @@ PHP_FUNCTION(sqlite_factory) if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { /* resolve the fully-qualified path name to use as the hash key */ - fullpath = expand_filepath(filename, NULL TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(fullpath); + if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { php_std_error_handling(); RETURN_NULL(); } - if (php_check_open_basedir(fullpath TSRMLS_CC)) { + if ((PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || + php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); php_std_error_handling(); RETURN_NULL();