Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:13589 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 60835 invoked by uid 1010); 29 Oct 2004 08:19:48 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 60801 invoked from network); 29 Oct 2004 08:19:47 -0000 Received: from unknown (HELO smtp.unet.ru) (213.219.244.56) by pb1.pair.com with SMTP; 29 Oct 2004 08:19:47 -0000 Received: from host.phpclub.net by smtp.unet.ru (8.12.9/Unet) with ESMTP id i9T8Jk2f074168 for ; Fri, 29 Oct 2004 12:19:46 +0400 (MSD) Received: from s17.hibet.ru by host.phpclub.net (8.12.6/Unet) with ESMTP id i9T8JkN0076160 for ; Fri, 29 Oct 2004 12:19:46 +0400 (MSD) Date: Fri, 29 Oct 2004 12:18:44 +0400 To: internals@lists.php.net Message-ID: <20041029121844.43292f8c.tony2001@phpclub.net> In-Reply-To: <20041029105149.3b150c7d.tony2001@phpclub.net> References: <41811956.4050405@caedmon.net> <20041029105149.3b150c7d.tony2001@phpclub.net> X-Mailer: Sylpheed version 0.9.99 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart=_Fri__29_Oct_2004_12_18_44_+0400_pcd4jPMIyW/wi6W=" Subject: Re: [PHP-DEV] curl_init() is bypassing safe_mode & open_basedir restrictions From: tony2001@phpclub.net (Antony Dovgal) --Multipart=_Fri__29_Oct_2004_12_18_44_+0400_pcd4jPMIyW/wi6W= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 29 Oct 2004 10:51:49 +0400 Antony Dovgal wrote: > On Thu, 28 Oct 2004 12:07:50 -0400 > Sean Coates wrote: > > > Is this legitimate? > > I took a (very) quick look at bugs, and didn't see it. > > you can find patches for all branches in attachment. > comments are welcome. sorry, fixed some leaks. now all patches should be ok. -- Wbr, Antony Dovgal aka tony2001 tony2001@phpclub.net || antony@dovgal.com --Multipart=_Fri__29_Oct_2004_12_18_44_+0400_pcd4jPMIyW/wi6W= Content-Type: text/plain; name="curl.4_3.diff.txt" Content-Disposition: attachment; filename="curl.4_3.diff.txt" Content-Transfer-Encoding: 7bit Index: ext/curl/curl.c =================================================================== RCS file: /repository/php-src/ext/curl/Attic/curl.c,v retrieving revision 1.124.2.26 diff -u -r1.124.2.26 curl.c --- ext/curl/curl.c 18 Oct 2004 22:43:29 -0000 1.124.2.26 +++ ext/curl/curl.c 29 Oct 2004 08:14:48 -0000 @@ -682,6 +682,42 @@ WRONG_PARAM_COUNT; } + if (argc > 0) { + char *tmp; + int tmp_len; + + convert_to_string_ex(url); + + if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) { + tmp_len = Z_STRLEN_PP(url) - 7; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) { + tmp_len = Z_STRLEN_PP(url) - 16; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + } + alloc_curl_handle(&ch); ch->cp = curl_easy_init(); @@ -689,7 +725,7 @@ php_error(E_WARNING, "%s(): Cannot initialize a new cURL handle", get_active_function_name(TSRMLS_C)); RETURN_FALSE; } - + ch->handlers->write->method = PHP_CURL_STDOUT; ch->handlers->write->type = PHP_CURL_ASCII; ch->handlers->read->method = PHP_CURL_DIRECT; @@ -711,8 +747,7 @@ if (argc > 0) { char *urlcopy; - convert_to_string_ex(url); - + urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); zend_llist_add_element(&ch->to_free.str, &urlcopy); --Multipart=_Fri__29_Oct_2004_12_18_44_+0400_pcd4jPMIyW/wi6W= Content-Type: text/plain; name="curl.5_0.diff.txt" Content-Disposition: attachment; filename="curl.5_0.diff.txt" Content-Transfer-Encoding: 7bit Index: ext/curl/interface.c =================================================================== RCS file: /repository/php-src/ext/curl/interface.c,v retrieving revision 1.46.2.4 diff -u -r1.46.2.4 interface.c --- ext/curl/interface.c 18 Oct 2004 22:42:16 -0000 1.46.2.4 +++ ext/curl/interface.c 29 Oct 2004 08:14:30 -0000 @@ -773,12 +773,48 @@ WRONG_PARAM_COUNT; } + if (argc > 0) { + char *tmp; + int tmp_len; + + convert_to_string_ex(url); + + if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) { + tmp_len = Z_STRLEN_PP(url) - 7; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) { + tmp_len = Z_STRLEN_PP(url) - 16; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + } + cp = curl_easy_init(); if (!cp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not initialize a new cURL handle"); RETURN_FALSE; } - + alloc_curl_handle(&ch); TSRMLS_SET_CTX(ch->thread_ctx); @@ -808,7 +844,6 @@ if (argc > 0) { char *urlcopy; - convert_to_string_ex(url); urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); --Multipart=_Fri__29_Oct_2004_12_18_44_+0400_pcd4jPMIyW/wi6W= Content-Type: text/plain; name="curl.HEAD.diff.txt" Content-Disposition: attachment; filename="curl.HEAD.diff.txt" Content-Transfer-Encoding: 7bit Index: ext/curl/interface.c =================================================================== RCS file: /repository/php-src/ext/curl/interface.c,v retrieving revision 1.50 diff -u -r1.50 interface.c --- ext/curl/interface.c 18 Oct 2004 22:41:24 -0000 1.50 +++ ext/curl/interface.c 29 Oct 2004 08:14:21 -0000 @@ -772,6 +772,42 @@ WRONG_PARAM_COUNT; } + if (argc > 0) { + char *tmp; + int tmp_len; + + convert_to_string_ex(url); + + if (strncasecmp(Z_STRVAL_PP(url), "file:///",8) == 0) { + tmp_len = Z_STRLEN_PP(url) - 7; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 7, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + else if (strncasecmp(Z_STRVAL_PP(url), "file://localhost/",17) == 0) { + tmp_len = Z_STRLEN_PP(url) - 16; + + tmp = emalloc(tmp_len + 1); + memcpy(tmp, Z_STRVAL_PP(url) + 16, tmp_len); + tmp[tmp_len] = '\0'; + + if (php_check_open_basedir(tmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + efree(tmp); + RETURN_FALSE; + } + + efree(tmp); + } + } + cp = curl_easy_init(); if (!cp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not initialize a new cURL handle"); @@ -807,7 +843,6 @@ if (argc > 0) { char *urlcopy; - convert_to_string_ex(url); urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); --Multipart=_Fri__29_Oct_2004_12_18_44_+0400_pcd4jPMIyW/wi6W=--