php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70362 Can't copy() large 'data://' with open_basedir
Submitted: 2015-08-26 16:04 UTC Modified: 2020-03-05 11:28 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: prochazkapp at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Filesystem function related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2015-08-26 16:04 UTC] prochazkapp at gmail dot com
Description:
------------
If open_basedir is enabled, 'data://' wrapper does not work correctly with copy() for data bigger than MAXPATHLEN.

I found this bug in php 5.5.21 but it affects all versions (even 7).
See https://3v4l.org/5h1aI

Here is why:
copy() calls php_check_open_basedir
https://github.com/php/php-src/blob/PHP-5.5.21/ext/standard/file.c#L1618
And this checks source len end trigger error.
https://github.com/php/php-src/blob/PHP-5.5.21/main/fopen_wrappers.c#L303
But source len is not relevant for e.g. 'data://' wrapper (and possible some other wrappers).

This seems fixed in some other file functions:
https://github.com/php/php-src/blob/PHP-5.5.21/ext/standard/filestat.c#L867

If data:// wrapper is not intended to work with copy, it should be mentioned in docs, but function works otherwise perfectly with disabled open_basedir or for smaller data.

This may be related to https://bugs.php.net/bug.php?id=60456 but I believe it's not duplicate.

Test script:
---------------
<?php
ini_set('open_basedir', '/');
$temp = tempnam(__DIR__, 'test');
$data = str_repeat('0', PHP_MAXPATHLEN * 2);
$data = 'data://plain/text;base64,' . base64_encode($data);
var_dump(copy($data, $temp));

Expected result:
----------------
bool(true)

Actual result:
--------------
Warning: copy(): File name is longer than the maximum allowed path length on this platform (4096): data:plain/text;base64,... in ... on line 6
bool(false)

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-03-05 11:28 UTC] cmb@php.net
-Summary: copy() not work with 'data://' and open_basedir if bigger than MAXPATHLEN +Summary: Can't copy() large 'data://' with open_basedir -Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2020-03-05 11:29 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #70362: Can't copy() large 'data://' with open_basedir
On GitHub:  https://github.com/php/php-src/pull/5237
Patch:      https://github.com/php/php-src/pull/5237.patch
 [2020-06-30 08:49 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7f3bc64287588f6a838d1a9524624deba1e5e153
Log: Fix #70362: Can't copy() large 'data://' with open_basedir
 [2020-06-30 08:49 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC