From: Arnaud Le Blanc <lbarnaud@php.net>
Date: Mon, 11 Aug 2008 15:31:01 +0000 (+0000)
Subject: MFH: Check the relevant path for open_basedir in symlink()
X-Git-Tag: php-5.2.7RC1~126
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cf273715fb64d8bb65fe8709844d0f69be3f5292;p=php

MFH: Check the relevant path for open_basedir in symlink()
---

diff --git a/ext/standard/link.c b/ext/standard/link.c
index 054a742237..5fe4b8739b 100644
--- a/ext/standard/link.c
+++ b/ext/standard/link.c
@@ -49,6 +49,7 @@
 
 #include "safe_mode.h"
 #include "php_link.h"
+#include "php_string.h"
 
 /* {{{ proto string readlink(string filename)
    Return the target of a symbolic link */
@@ -115,6 +116,8 @@ PHP_FUNCTION(symlink)
 	int ret;
 	char source_p[MAXPATHLEN];
 	char dest_p[MAXPATHLEN];
+	char dirname[MAXPATHLEN];
+	size_t len;
 
 	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &topath, &frompath) == FAILURE) {
 		WRONG_PARAM_COUNT;
@@ -122,7 +125,15 @@ PHP_FUNCTION(symlink)
 	convert_to_string_ex(topath);
 	convert_to_string_ex(frompath);
 
-	if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) || !expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+	if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC)) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory");
+		RETURN_FALSE;
+	}
+
+	memcpy(dirname, source_p, sizeof(source_p));
+	len = php_dirname(dirname, strlen(dirname));
+
+	if (!expand_filepath_ex(Z_STRVAL_PP(topath), dest_p, dirname, len TSRMLS_CC)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory");
 		RETURN_FALSE;
 	}
diff --git a/ext/standard/tests/file/symlink_to_symlink.phpt b/ext/standard/tests/file/symlink_to_symlink.phpt
index 7e2062812f..c672a5ab30 100644
--- a/ext/standard/tests/file/symlink_to_symlink.phpt
+++ b/ext/standard/tests/file/symlink_to_symlink.phpt
@@ -1,5 +1,11 @@
 --TEST--
 symlink() using a relative path, and symlink() to a symlink
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) == 'WIN') {
+    die('skip no symlinks on Windows');
+}
+?>
 --FILE--
 <?php
 $prefix = __FILE__;
diff --git a/tests/security/open_basedir_symlink.phpt b/tests/security/open_basedir_symlink.phpt
index 3b3f1d571f..3aaa07b820 100644
--- a/tests/security/open_basedir_symlink.phpt
+++ b/tests/security/open_basedir_symlink.phpt
@@ -31,6 +31,12 @@ $target = ($directory."/test/ok/ok.txt");
 
 var_dump(symlink($target, $symlink));
 var_dump(unlink($symlink));
+
+var_dump(mkdir("ok2"));
+$symlink = ($directory."/test/ok/ok2/ok.txt");
+var_dump(symlink("../ok.txt", $symlink)); // $target == (dirname($symlink)."/".$target) == ($directory."/test/ok/ok.txt");
+var_dump(unlink($symlink));
+
 test_open_basedir_after("symlink");
 ?>
 --CLEAN--
@@ -74,5 +80,8 @@ Warning: symlink(): open_basedir restriction in effect. File(%s/test/bad) is not
 bool(false)
 bool(true)
 bool(true)
+bool(true)
+bool(true)
+bool(true)
 *** Finished testing open_basedir configuration [symlink] ***