php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21564 corrupted paths coming to open_basedir
Submitted: 2003-01-10 03:32 UTC Modified: 2004-01-28 14:23 UTC
From: r at orcafat dot com Assigned:
Status: Not a bug Package: Apache related
PHP Version: 4.3.0 OS: freebsd 4.6
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: r at orcafat dot com
New email:
PHP Version: OS:

 

 [2003-01-10 03:32 UTC] r at orcafat dot com
If one is having open_basedir on in one virtualhost, that open_basedir is sometimes applied to another virtualhost without open_basedir restriction. This is NOT a bug in the open_basedir code, but the open_basedir function is feed with the wrong path, and triggers on that one. Looks like some mem corruption or init problem that doesn't clean the variables correctly before serving a new request.

Problem occours when a apache child that has served a open_basedir restriced virtualhost, and the next request doesn't have open_basedir on or does have a different open_basedir path. Looks like this only applies to newly started apache childs also.

This is critical.

'./configure' '--with-apxs=/usr/local/sbin/apxs' '--with-config-file-path=/usr/local/etc' '--enable-versioning' '--with-regex=system' '--without-gd' '--without-mysql' '--with-gd=/usr/local' '--enable-gd-native-ttf' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-zlib' '--with-mysql=/usr/local' '--with-pspell=/usr/local' '--prefix=/usr/local' 'i386-portbld-freebsd4.6'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-04 00:52 UTC] sniper@php.net
See bug #25753 (placeholder for all these reports about leaking php ini settings)


 [2004-01-28 14:23 UTC] sniper@php.net
This should now be fixed in CVS. Fix scheduled for PHP 4.3.5.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 21:01:28 2024 UTC