mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Fix bug #77967 - Bypassing open_basedir restrictions via file uris
This commit is contained in:
parent
73ff4193be
commit
c34895e837
9
NEWS
9
NEWS
@ -3,7 +3,7 @@ PHP NEWS
|
|||||||
?? ??? 2019, PHP 7.1.30
|
?? ??? 2019, PHP 7.1.30
|
||||||
|
|
||||||
- EXIF:
|
- EXIF:
|
||||||
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
|
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
|
||||||
(CVE-2019-11040) (Stas)
|
(CVE-2019-11040) (Stas)
|
||||||
|
|
||||||
- GD:
|
- GD:
|
||||||
@ -14,6 +14,9 @@ PHP NEWS
|
|||||||
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
|
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
|
||||||
due to integer overflow). (CVE-2019-11039). (maris dot adam)
|
due to integer overflow). (CVE-2019-11039). (maris dot adam)
|
||||||
|
|
||||||
|
- SQLite:
|
||||||
|
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
|
||||||
|
|
||||||
03 May 2019, PHP 7.1.29
|
03 May 2019, PHP 7.1.29
|
||||||
|
|
||||||
- EXIF:
|
- EXIF:
|
||||||
@ -28,8 +31,8 @@ PHP NEWS
|
|||||||
- EXIF:
|
- EXIF:
|
||||||
. Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
|
. Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
|
||||||
(Stas)
|
(Stas)
|
||||||
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
|
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
|
||||||
(CVE-2019-11035) (Stas)
|
(CVE-2019-11035) (Stas)
|
||||||
|
|
||||||
- SQLite3:
|
- SQLite3:
|
||||||
. Added sqlite3.defensive INI directive. (BohwaZ)
|
. Added sqlite3.defensive INI directive. (BohwaZ)
|
||||||
|
@ -2034,6 +2034,15 @@ static int php_sqlite3_authorizer(void *autharg, int access_type, const char *ar
|
|||||||
case SQLITE_ATTACH:
|
case SQLITE_ATTACH:
|
||||||
{
|
{
|
||||||
if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
|
if (memcmp(arg3, ":memory:", sizeof(":memory:")) && *arg3) {
|
||||||
|
if (strncmp(arg3, "file:", 5) == 0) {
|
||||||
|
/* starts with "file:" */
|
||||||
|
if (!arg3[5]) {
|
||||||
|
return SQLITE_DENY;
|
||||||
|
}
|
||||||
|
if (php_check_open_basedir(arg3 + 5)) {
|
||||||
|
return SQLITE_DENY;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (php_check_open_basedir(arg3)) {
|
if (php_check_open_basedir(arg3)) {
|
||||||
return SQLITE_DENY;
|
return SQLITE_DENY;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user