php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76296 openssl_pkey_get_public does not respect open_basedir
Submitted: 2018-05-02 20:39 UTC Modified: -
From: erik at datahack dot se Assigned:
Status: Closed Package: OpenSSL related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2018-05-02 20:39 UTC] erik at datahack dot se
Description:
------------
Not all paths check for open_basedir, move the check to make sure it's always done.

https://github.com/php/php-src/pull/3230

Test script:
---------------
<?php
ini_set('open_basedir', '/xyz/');
var_dump(openssl_pkey_get_public("file://cert.pem")); // cert.pem must exist

Expected result:
----------------
Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(cert.pem) is not within the allowed path(s): (/xyz/) in ... on line 3
bool(false)

Actual result:
--------------
Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(cert.pem) is not within the allowed path(s): (/xyz/) in ... on line 3
resource(4) of type (OpenSSL key)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-05-18 16:22 UTC] bukka@php.net
Automatic comment on behalf of erik@datahack.se
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6bc266ba057743f18a95c1727493f161257fe41
Log: Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
 [2018-05-18 16:22 UTC] bukka@php.net
-Status: Open +Status: Closed
 [2018-05-18 16:23 UTC] bukka@php.net
Automatic comment on behalf of erik@datahack.se
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6bc266ba057743f18a95c1727493f161257fe41
Log: Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
 [2018-05-18 16:25 UTC] bukka@php.net
Automatic comment on behalf of erik@datahack.se
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d6bc266ba057743f18a95c1727493f161257fe41
Log: Fix bug #76296 (openssl_pkey_get_public does not respect open_basedir)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 11:01:29 2024 UTC