mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Fix bug #77967 - Bypassing open_basedir restrictions via file uris
This commit is contained in:
parent
73ff4193be
commit
c34895e837
3
NEWS
3
NEWS
@ -14,6 +14,9 @@ PHP NEWS
|
|||||||
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
|
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
|
||||||
due to integer overflow). (CVE-2019-11039). (maris dot adam)
|
due to integer overflow). (CVE-2019-11039). (maris dot adam)
|
||||||
|
|
||||||
|
- SQLite:
|
||||||
|
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
|
||||||
|
|
||||||
03 May 2019, PHP 7.1.29
|
03 May 2019, PHP 7.1.29
|
||||||
|
|
||||||
- EXIF:
|
- EXIF:
|
||||||
|
@ -2034,6 +2034,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar
|
|||||||
case SQLITE_ATTACH:
|
case SQLITE_ATTACH:
|
||||||
{
|
{
|
||||||
if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
|
if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
|
||||||
|
if (strncmp(arg3, "file:", 5) == 0) {
|
||||||
|
/* starts with "file:" */
|
||||||
|
if (!arg3[5]) {
|
||||||
|
return SQLITE_DENY;
|
||||||
|
}
|
||||||
|
if (php_check_open_basedir(arg3 + 5)) {
|
||||||
|
return SQLITE_DENY;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (php_check_open_basedir(arg3)) {
|
if (php_check_open_basedir(arg3)) {
|
||||||
return SQLITE_DENY;
|
return SQLITE_DENY;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user