Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 12 Oct 2009 10:57:03 +0200
From: Oden Eriksson <oeriksson@...driva.com>
To: oss-security@...ts.openwall.com
Subject: presumptive php sec holes

Hello.

Attached are some php patches that to me looks security related (unknown 
impact). I hope someone with insight can classify and possible assign CVE 
numbers. The patches were taken from their svn repo, so it's "official".

Cheers.
-- 
Regards // Oden Eriksson


 http://svn.php.net/viewvc?view=revision&revision=288945

Index: ext/standard/file.c
===================================================================
--- ext/standard/file.c	(revision 288705)
+++ ext/standard/file.c	(revision 288945)
@@ -846,6 +846,10 @@
 		return;
 	}
 
+	if (PG(safe_mode) &&(!php_checkuid(dir, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+		RETURN_FALSE;
+	}
+
 	if (php_check_open_basedir(dir TSRMLS_CC)) {
 		RETURN_FALSE;
 	}


http://svn.php.net/viewvc?view=revision&revision=288945

Index: ext/standard/file.c
===================================================================
--- ext/standard/file.c	(revision 288706)
+++ ext/standard/file.c	(revision 288971)
@@ -838,6 +838,10 @@
 	convert_to_string_ex(arg1);
 	convert_to_string_ex(arg2);
 
+	if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+		RETURN_FALSE;
+	}
+
 	if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
 		RETURN_FALSE;
 	}


 http://svn.php.net/viewvc?view=revision&revision=288943

Index: ext/posix/posix.c
===================================================================
--- ext/posix/posix.c	(revision 286880)
+++ ext/posix/posix.c	(revision 288943)
@@ -679,7 +679,8 @@
 		RETURN_FALSE;
 	}
 
-	if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
+			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
 		RETURN_FALSE;
 	}
 


 http://svn.php.net/viewvc?view=revision&revision=288943

Index: ext/posix/posix.c
===================================================================
--- ext/posix/posix.c	(revision 286880)
+++ ext/posix/posix.c	(revision 288943)
@@ -840,7 +840,8 @@
 		RETURN_FALSE;
 	}
 
-	if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
+			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
 		RETURN_FALSE;
 	}

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ