PHP :: Bug #31305 :: The cURL function bypasses open

Bug #31305	The cURL function bypasses open_basedir restriction
Submitted:	2004-12-26 23:52 UTC	Modified:	2004-12-27 01:22 UTC
From:	pavel at msmu dot ru	Assigned:
Status:	Not a bug	Package:	cURL related
PHP Version:	4.3.10	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2004-12-26 23:52 UTC] pavel at msmu dot ru

Description:
------------
It is possible to access a file which is outside directory specified in open_basedir directive.

This bug is really easy to reproduce - just set some open_basedir and try to read the contents of, for example, /etc/passwd

I didn't find this bug, I read about it on security-related web-site, checked it, and it worked :(

Reproduce code:
---------------
<?php
$var1 = curl_init("file:///etc/passwd");
$anyfile=curl_exec($var1);
echo $anyfile
?>


Expected result:
----------------
I would expect an error in the log saying about open_basedir restriction and access to the file being denied.

Actual result:
--------------
you'll get the contents of /etc/passwd

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-12-27 01:22 UTC] derick@php.net

Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

Dup of #30609

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 05:01:27 2025 UTC