MFB: Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass)

author: Jani Taskinen <jani@php.net> 2007-08-23 13:38:49 +0000
committer: Jani Taskinen <jani@php.net> 2007-08-23 13:38:49 +0000
commit: 24c98f8aa32f08067e426cd80e89689599e72dde (patch)
tree: 939698251374cf9267edb474036734fa9bf14d05
parent: 197b51e796a197bc8991e2dec0899f524f5f00ca (diff)
download: php-git-24c98f8aa32f08067e426cd80e89689599e72dde.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 8072a0f563..f9d8f227fd 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -189,6 +189,24 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 		data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode);
 
 		if (data->fd != -1) {
+#ifndef PHP_WIN32
+			/* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */
+			if (PG(open_basedir)) {
+				struct stat sbuf;
+
+				if (fstat(data->fd, &sbuf)) {
+					close(data->fd);
+					return;
+				}
+				if (
+					S_ISLNK(sbuf.st_mode) && 
+					 php_check_open_basedir(buf TSRMLS_CC)
+				) {
+					close(data->fd);
+					return;
+				}
+			}
+#endif
 			flock(data->fd, LOCK_EX);
 
 #ifdef F_SETFD
author	Jani Taskinen <jani@php.net>	2007-08-23 13:38:49 +0000
committer	Jani Taskinen <jani@php.net>	2007-08-23 13:38:49 +0000
commit	24c98f8aa32f08067e426cd80e89689599e72dde (patch)
tree	939698251374cf9267edb474036734fa9bf14d05
parent	197b51e796a197bc8991e2dec0899f524f5f00ca (diff)
download	php-git-24c98f8aa32f08067e426cd80e89689599e72dde.tar.gz