clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug #77967 - Bypassing open_basedir restrictions via file uris

Browse Source
This commit is contained in:
Stanislav Malyshev 2019-05-27 18:04:00 -07:00
parent 73ff4193be
commit c34895e837
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
NEWS
View File

@ -3,7 +3,7 @@ PHP NEWS
?? ??? 2019, PHP 7.1.30
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- GD:
@ -14,6 +14,9 @@ PHP NEWS
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
03 May 2019, PHP 7.1.29
- EXIF:
@ -28,8 +31,8 @@ PHP NEWS
- EXIF:
. Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
(Stas)
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
(CVE-2019-11035) (Stas)
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
(CVE-2019-11035) (Stas)
- SQLite3:
. Added sqlite3.defensive INI directive. (BohwaZ)

9
ext/sqlite3/sqlite3.c
View File

@ -2034,6 +2034,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar
case SQLITE_ATTACH:
{
if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
if (strncmp(arg3, "file:", 5) == 0) {
/* starts with "file:" */
if (!arg3[5]) {
return SQLITE_DENY;
}
if (php_check_open_basedir(arg3 + 5)) {
return SQLITE_DENY;
}
}
if (php_check_open_basedir(arg3)) {
return SQLITE_DENY;
}