From: foobar <sniper@php.net>
Date: Sat, 13 Jul 2002 00:52:18 +0000 (+0000)
Subject: Fix bug: #18285, php_checkuid() mangled the passed path.
X-Git-Tag: dev~330
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6f1011623781366359aa236388956872143bf2d2;p=php

Fix bug: #18285, php_checkuid() mangled the passed path.
---

diff --git a/main/safe_mode.c b/main/safe_mode.c
index d3ffab6a3f..6f42c62f19 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -49,9 +49,12 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
 	int ret, nofile=0;
 	long uid=0L, gid=0L, duid=0L, dgid=0L;
 	char path[MAXPATHLEN];
-	char *s;
+	char *s, filenamecopy[MAXPATHLEN];
 	TSRMLS_FETCH();
 
+	strlcpy(filenamecopy, filename, MAXPATHLEN);
+	filename=(char *)&filenamecopy;
+
 	if (!filename) {
 		return 0; /* path must be provided */
 	}
@@ -67,7 +70,7 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
 	/* 
 	 * If given filepath is a URL, allow - safe mode stuff
 	 * related to URL's is checked in individual functions
-     */	
+	 */
 	if (!strncasecmp(filename,"http://", 7) || !strncasecmp(filename,"ftp://", 6)) {
 		return 1;
 	}
@@ -116,7 +119,7 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
 			VCWD_REALPATH(filename, path);
 			*s = DEFAULT_SLASH;
 		} else {
-			VCWD_GETCWD(path, MAXPATHLEN);
+			VCWD_GETCWD(path, sizeof(path));
  		}
 	} /* end CHECKUID_ALLOW_ONLY_DIR */