From 24f3d55f3c9410cc2319d22eacaf842172ce3932 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sun, 21 May 2006 16:31:57 +0000 Subject: [PATCH] Added control character checks for cURL extension's open_basedir/safe_mode checks. --- NEWS | 2 ++ ext/curl/interface.c | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 6b8575ee48..63bdef303f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2006, PHP 5.2.0 +- Added control character checks for cURL extension's open_basedir/safe_mode + checks. (Ilia) - Disable realpath cache when open_basedir or safe_mode are enabled on a per-request basis. (Ilia) - Optimized zend_try/zend_catch macroses (eliminated memcpy()). (Dmitry) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 62375483e0..bf8b804f5c 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -161,11 +161,16 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); strncasecmp(str, "file:", sizeof("file:") - 1) == 0) \ { \ php_url *tmp_url; \ - \ + \ if (!(tmp_url = php_url_parse_ex(str, len))) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid url '%s'", str); \ RETURN_FALSE; \ } \ + \ + if (php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Url '%s' contains unencoded control characters.", str); \ + RETURN_FALSE; \ + } \ \ if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ -- 2.40.0