Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
5.2.17
:
monolithic
>
php5-monolithic
> php-5.2.14-CVE-2013-1635.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php-5.2.14-CVE-2013-1635.patch of Package php5-monolithic
X-Git-Url: http://git.php.net/?p=php-src.git;a=blobdiff_plain;f=ext%2Fsoap%2Fsoap.c;h=7df84e5b2a6c960d3e044f83d55b4e02411468cf;hp=13f163ab3d6a9e6c84bc0e1c81ae9fbf6432b75e;hb=702b436ef470cc02f8e2cc21f2fadeee42103c74;hpb=0a7395e009b2df94c2a3f05aef69fb1779edf8f8 Index: ext/soap/soap.c =================================================================== --- ext/soap/soap.c +++ ext/soap/soap.c @@ -594,10 +594,40 @@ ZEND_INI_MH(OnUpdateCacheMode) return SUCCESS; } +static PHP_INI_MH(OnUpdateCacheDir) +{ + /* Only do the open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; + p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } + } else { + p = new_value; + } + + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateCacheEnabled, cache_enabled, zend_soap_globals, soap_globals) -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, cache_dir, zend_soap_globals, soap_globals) STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, cache_ttl, zend_soap_globals, soap_globals)