php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31054 [PATCH] include_path is not traversed fully when open_basedir nonmatching
Submitted: 2004-12-10 16:14 UTC Modified: 2005-06-20 17:59 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: kameshj at fastmail dot fm Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 5CVS-2005-03-06 OS: *
Private report: No CVE-ID: None
 [2004-12-10 16:14 UTC] kameshj at fastmail dot fm
Description:
------------
include_path is not traversed fully when open_basedir have a nonmatching entries with respect to include_path entries matching from the beginning.
For example:
include_path=/kameshj:/usr/local/lib/php/includes
open_base_dir=/mageshj:/usr/local/lib/php/includes
Even though I have "include.php" under /usr/local/lib/php/includes and /usr/local/lib/php/includes is also under open_basedir include fails because of open_basedir check.

Analysed the cause and found the cause to be 
_php_stream_fopen_with_path in 
php-src/main/streams/plain_wrapper.c

In this function 
php_check_open_basedir is called for each include_path_entry/filename if for any of the include_path it fails further include_path is not tried at all.

Attaching the patch at 
http://puggy.symonds.net/~kameshj/incpath.patch

Reproduce code:
---------------
main.php
<?php
echo __FILE__;
echo "\n";
include(include.php);
echo "\n";
?>
include.php
<?php
echo __FILE__;
?>
Keep this include.php in a second entry the include path for example keep this include.php in /my/inc and have include_path as "/non/existent:/my/inc"
Make sure this "/non/existent" is not present in open_basedir and run main.php.

Expected result:
----------------
main.php should include 'include.php' successfully.

Actual result:
--------------
You will get a include failure message and whole host of open_basedir failure messages.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-03-04 16:18 UTC] kameshj at fastmail dot fm
This is reproducible with both php-5.0.4-dev as well as php-5.1.0-dev.
 [2005-06-20 17:59 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 10:01:30 2024 UTC