mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
- prevent unexpectable behaviors (for the user) with invalid path
This commit is contained in:
parent
c58f63a38a
commit
658e86b847
@ -99,7 +99,8 @@ OK
|
|||||||
-- Iteration 4 --
|
-- Iteration 4 --
|
||||||
OK
|
OK
|
||||||
-- Iteration 5 --
|
-- Iteration 5 --
|
||||||
OK
|
Failed, not created in the correct directory %s vs %s
|
||||||
|
0
|
||||||
-- Iteration 6 --
|
-- Iteration 6 --
|
||||||
OK
|
OK
|
||||||
-- Iteration 7 --
|
-- Iteration 7 --
|
||||||
|
@ -113,6 +113,13 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char **
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef PHP_WIN32
|
||||||
|
if (!php_win32_check_trailing_space(pfx, (const int)strlen(pfx))) {
|
||||||
|
SetLastError(ERROR_INVALID_NAME);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!VCWD_GETCWD(cwd, MAXPATHLEN)) {
|
if (!VCWD_GETCWD(cwd, MAXPATHLEN)) {
|
||||||
cwd[0] = '\0';
|
cwd[0] = '\0';
|
||||||
}
|
}
|
||||||
@ -138,12 +145,14 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char **
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef PHP_WIN32
|
#ifdef PHP_WIN32
|
||||||
|
|
||||||
if (GetTempFileName(new_state.cwd, pfx, 0, opened_path)) {
|
if (GetTempFileName(new_state.cwd, pfx, 0, opened_path)) {
|
||||||
/* Some versions of windows set the temp file to be read-only,
|
/* Some versions of windows set the temp file to be read-only,
|
||||||
* which means that opening it will fail... */
|
* which means that opening it will fail... */
|
||||||
VCWD_CHMOD(opened_path, 0600);
|
VCWD_CHMOD(opened_path, 0600);
|
||||||
fd = VCWD_OPEN_MODE(opened_path, open_flags, 0600);
|
fd = VCWD_OPEN_MODE(opened_path, open_flags, 0600);
|
||||||
}
|
}
|
||||||
|
|
||||||
#elif defined(HAVE_MKSTEMP)
|
#elif defined(HAVE_MKSTEMP)
|
||||||
fd = mkstemp(opened_path);
|
fd = mkstemp(opened_path);
|
||||||
#else
|
#else
|
||||||
@ -151,6 +160,7 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char **
|
|||||||
fd = VCWD_OPEN(opened_path, open_flags);
|
fd = VCWD_OPEN(opened_path, open_flags);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (fd == -1 || !opened_path_p) {
|
if (fd == -1 || !opened_path_p) {
|
||||||
efree(opened_path);
|
efree(opened_path);
|
||||||
} else {
|
} else {
|
||||||
|
@ -38,11 +38,10 @@
|
|||||||
#endif
|
#endif
|
||||||
#include "SAPI.h"
|
#include "SAPI.h"
|
||||||
|
|
||||||
#ifdef PHP_WIN32
|
|
||||||
# include "ext/standard/php_string.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "php_streams_int.h"
|
#include "php_streams_int.h"
|
||||||
|
#ifdef PHP_WIN32
|
||||||
|
# include "win32/winutil.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC)
|
#define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC)
|
||||||
#define php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_REL_CC TSRMLS_CC)
|
#define php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_REL_CC TSRMLS_CC)
|
||||||
@ -1065,25 +1064,14 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, char *url_from, c
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef PHP_WIN32
|
#ifdef PHP_WIN32
|
||||||
/* Prevent bad things to happen when invalid path are used with MoveFileEx */
|
if (!php_win32_check_trailing_space(url_from, strlen(url_from))) {
|
||||||
{
|
|
||||||
int url_from_len = strlen(url_from);
|
|
||||||
int url_to_len = strlen(url_to);
|
|
||||||
char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC);
|
|
||||||
int trimed_len = strlen(trimed);
|
|
||||||
|
|
||||||
if (trimed_len == 0 || trimed_len != url_from_len) {
|
|
||||||
php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC);
|
php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
if (!php_win32_check_trailing_space(url_to, strlen(url_to))) {
|
||||||
trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC);
|
|
||||||
trimed_len = strlen(trimed);
|
|
||||||
if (trimed_len == 0 || trimed_len != url_to_len) {
|
|
||||||
php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC);
|
php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if ((p = strstr(url_from, "://")) != NULL) {
|
if ((p = strstr(url_from, "://")) != NULL) {
|
||||||
@ -1251,6 +1239,9 @@ static int php_plain_files_mkdir(php_stream_wrapper *wrapper, char *dir, int mod
|
|||||||
|
|
||||||
static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int options, php_stream_context *context TSRMLS_DC)
|
static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int options, php_stream_context *context TSRMLS_DC)
|
||||||
{
|
{
|
||||||
|
#if PHP_WIN32
|
||||||
|
int url_len = strlen(url);
|
||||||
|
#endif
|
||||||
if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
|
if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1259,6 +1250,13 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int opt
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if PHP_WIN32
|
||||||
|
if (!php_win32_check_trailing_space(url, url_len)) {
|
||||||
|
php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(ENOENT));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (VCWD_RMDIR(url) < 0) {
|
if (VCWD_RMDIR(url) < 0) {
|
||||||
php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(errno));
|
php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(errno));
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -31,3 +31,18 @@ PHPAPI char *php_win_err(int error)
|
|||||||
|
|
||||||
return (buf ? (char *) buf : "");
|
return (buf ? (char *) buf : "");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int php_win32_check_trailing_space(const char * path, const int path_len) {
|
||||||
|
if (path_len < 1) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (path) {
|
||||||
|
if (path[0] == ' ' || path[path_len - 1] == ' ') {
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -19,3 +19,4 @@
|
|||||||
PHPAPI char *php_win_err(int error);
|
PHPAPI char *php_win_err(int error);
|
||||||
|
|
||||||
#define php_win_err() php_win_err(GetLastError())
|
#define php_win_err() php_win_err(GetLastError())
|
||||||
|
int php_win32_check_trailing_space(const char * path, const int path_len);
|
||||||
|
Loading…
Reference in New Issue
Block a user