clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug #77967 - Bypassing open_basedir restrictions via file uris

Browse Source
This commit is contained in:
Stanislav Malyshev 2019-05-27 18:04:00 -07:00
parent 73ff4193be
commit c34895e837
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -14,6 +14,9 @@ PHP NEWS
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam) due to integer overflow). (CVE-2019-11039). (maris dot adam)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
03 May 2019, PHP 7.1.29 03 May 2019, PHP 7.1.29
- EXIF: - EXIF:

9
ext/sqlite3/sqlite3.c
View File

@ -2034,6 +2034,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar
case SQLITE_ATTACH: case SQLITE_ATTACH:
{ {
if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) { if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
if (strncmp(arg3, "file:", 5) == 0) {
/* starts with "file:" */
if (!arg3[5]) {
return SQLITE_DENY;
}
if (php_check_open_basedir(arg3 + 5)) {
return SQLITE_DENY;
}
}
if (php_check_open_basedir(arg3)) { if (php_check_open_basedir(arg3)) {
return SQLITE_DENY; return SQLITE_DENY;
} }