php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10960 coding error in fopen_wrappers.c
Submitted: 2001-05-18 14:12 UTC Modified: 2005-01-31 23:31 UTC
From: egan at sevenkings dot net Assigned:
Status: Closed Package: Safe Mode/open_basedir
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: egan at sevenkings dot net
New email:
PHP Version: OS:

 

 [2001-05-18 14:12 UTC] egan at sevenkings dot net
From previous bug report 10322 submitted by Paul Gregg:

In main/fopen_wrappers.c I see that there is a function:
PHPAPI int php_check_specific_open_basedir(char *basedir, char *path PLS_DC)

However "basedir" is never used in this function at all,
only PG(open_basedir).  Surely this negates the point of the function being > called individually for each tokenised entry on  open_basedir/php.ini?

--- end of bug report 10322

Although Paul was correct, "Jason Greene" <jason@php.net> marked his report as bogus, apparently because it was included as part of a larger patch which Jason claimed was plagarizing his (Jason's) earlier patch, and Jason did not notice the one-line correction dealing with the logical error.

Paul's report of the logical error was not bogus, and his one-line correction was obviously correct.  Here it is again:

--- fopen_wrappers.c.orig	Mon Feb 26 00:07:31 2001
+++ fopen_wrappers.c	Fri May 18 12:40:54 2001
@@ -147,7 +147,7 @@
 	SLS_FETCH();
 	
 	/* Special case basedir==".": Use script-directory */
-	if ((strcmp(PG(open_basedir), ".") == 0) && 
+	if ((strcmp(basedir), ".") == 0) && 
 		SG(request_info).path_translated &&
 		*SG(request_info).path_translated
 		) {



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-18 16:29 UTC] egan at sevenkings dot net
Sorry, left in an extra paren.  The fix should be:


+	if ((strcmp(basedir, ".") == 0) && 
 
 [2001-05-23 02:36 UTC] sniper@php.net
patch applied.

--Jani

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 16:01:29 2024 UTC