php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76296 openssl_pkey_get_public does not respect open_basedir
Submitted: 2018-05-02 20:39 UTC Modified: -
From: erik at datahack dot se Assigned:
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: erik at datahack dot se
New email:
PHP Version: OS:

 

 [2018-05-02 20:39 UTC] erik at datahack dot se 
Description:
------------
Not all paths check for open_basedir, move the check to make sure it's always done.

https://github.com/php/php-src/pull/3230

Test script:
---------------
<?php
ini_set('open_basedir', '/xyz/');
var_dump(openssl_pkey_get_public("file://cert.pem")); // cert.pem must exist

Expected result:
----------------
Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(cert.pem) is not within the allowed path(s): (/xyz/) in ... on line 3
bool(false)

Actual result:
--------------
Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(cert.pem) is not within the allowed path(s): (/xyz/) in ... on line 3
resource(4) of type (OpenSSL key)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-05-18 16:22 UTC] bukka@php.net 
Automatic comment on behalf of erik@datahack.se
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6bc266ba057743f18a95c1727493f161257fe41
Log: Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
 [2018-05-18 16:22 UTC] bukka@php.net
-Status: Open +Status: Closed
 [2018-05-18 16:23 UTC] bukka@php.net 
Automatic comment on behalf of erik@datahack.se
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6bc266ba057743f18a95c1727493f161257fe41
Log: Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
 [2018-05-18 16:25 UTC] bukka@php.net 
Automatic comment on behalf of erik@datahack.se
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6bc266ba057743f18a95c1727493f161257fe41
Log: Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 11:01:29 2024 UTC