diff options
author | Jani Taskinen <jani@php.net> | 2007-08-23 13:38:49 +0000 |
---|---|---|
committer | Jani Taskinen <jani@php.net> | 2007-08-23 13:38:49 +0000 |
commit | 24c98f8aa32f08067e426cd80e89689599e72dde (patch) | |
tree | 939698251374cf9267edb474036734fa9bf14d05 | |
parent | 197b51e796a197bc8991e2dec0899f524f5f00ca (diff) | |
download | php-git-24c98f8aa32f08067e426cd80e89689599e72dde.tar.gz |
MFB: Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass)
-rw-r--r-- | ext/session/mod_files.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 8072a0f563..f9d8f227fd 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -189,6 +189,24 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); if (data->fd != -1) { +#ifndef PHP_WIN32 + /* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */ + if (PG(open_basedir)) { + struct stat sbuf; + + if (fstat(data->fd, &sbuf)) { + close(data->fd); + return; + } + if ( + S_ISLNK(sbuf.st_mode) && + php_check_open_basedir(buf TSRMLS_CC) + ) { + close(data->fd); + return; + } + } +#endif flock(data->fd, LOCK_EX); #ifdef F_SETFD |