From: Pierre Joye <pajoye@php.net>
Date: Tue, 28 Sep 2010 13:29:33 +0000 (+0000)
Subject: - Fixed possible flaw in open_basedir (CVE-2010-3436)
X-Git-Tag: php-5.4.0alpha1~191^2~881
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c8a717a2b19282e9a9a81b6fed976188256186ec;p=php

- Fixed possible flaw in open_basedir (CVE-2010-3436)
---

diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index daed11bc73..f8679d5675 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -249,8 +249,13 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path
 #else
 		if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
 #endif
-			/* File is in the right directory */
-			return 0;
+			if (resolved_name_len > resolved_basedir_len &&
+				resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) {
+				return -1;
+			} else {
+				/* File is in the right directory */
+				return 0;
+			}
 		} else {
 			/* /openbasedir/ and /openbasedir are the same directory */
 			if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {