Bug #53577 [Dup]: Regression (5.3.3-5.3.4) in open_basedir with a trailing forward slash

[lekensteyn at gmail dot com]

Edit report at http://bugs.php.net/bug.php?id=53577&edit=1

 ID:                 53577
 User updated by:    lekensteyn at gmail dot com
 Reported by:        lekensteyn at gmail dot com
 Summary:            Regression (5.3.3-5.3.4) in open_basedir with a
                     trailing forward slash
 Status:             Duplicate
 Type:               Bug
 Package:            Safe Mode/open_basedir
 Operating System:   Windows 7
 PHP Version:        5.3.4
 Block user comment: N
 Private report:     N

 New Comment:

This is related to bug #53352 , but not an exact duplicate.



I've just added a patch on fopen_wrappers.c from the PHP 5.3 branch,
r305698 (
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?view=markup&pathrev=305698
)

The patch fixed it for me.


Previous Comments:
------------------------------------------------------------------------
[2010-12-20 07:34:40] ahar...@php.net

Duplicate of bug #53352.

------------------------------------------------------------------------
[2010-12-19 23:58:32] lekensteyn at gmail dot com

I'm just guessing, replacing the following:

-- snip --

                if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {

                        if (resolved_basedir[resolved_basedir_len - 1] != 
PHP_DIR_SEPARATOR)
{

                                resolved_basedir[resolved_basedir_len] = 
PHP_DIR_SEPARATOR;

                                resolved_basedir[++resolved_basedir_len] = '\0';

                        }

                } else {

                                resolved_basedir[resolved_basedir_len++] = 
PHP_DIR_SEPARATOR;

                                resolved_basedir[resolved_basedir_len] = '\0';

                }

-- snip --

with

-- snip --

                if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {

                        if (resolved_basedir[resolved_basedir_len - 1] != 
PHP_DIR_SEPARATOR)
{

                                resolved_basedir[resolved_basedir_len] = 
PHP_DIR_SEPARATOR;

                                resolved_basedir[++resolved_basedir_len] = '\0';

                        }

#if defined(PHP_WIN32) || defined(NETWARE)

                } else if (basedir[strlen(basedir) - 1] != '/') {

#else

                } else {        

#endif

                                resolved_basedir[resolved_basedir_len++] = 
PHP_DIR_SEPARATOR;

                                resolved_basedir[resolved_basedir_len] = '\0';

                }

-- snip --

should work.



Under Windows, PHP_DIR_SEPARATOR is a backslash. So we check here if it
is a forward slash.

------------------------------------------------------------------------
[2010-12-19 23:44:46] lekensteyn at gmail dot com

Description:
------------
Downloaded PHP 5.3.3 from:
http://windows.php.net/downloads/releases/archives/php-5.3.3-nts-Win32-VC9-x86.zip

Downloaded PHP 5.3.4 from:
http://windows.php.net/downloads/releases/php-5.3.4-nts-Win32-VC9-x86.zip



The following settings has the expected results in both PHP 5.3.3 and
PHP 5.3.4

open_basedir="C:\twlan\"

open_basedir="C:\twlan"

open_basedir="C:/twlan"

open_basedir="C:/twlan\"



The following setting breaks open_basedir in PHP 5.3.4, but works fine
in 5.3.3.

open_basedir="C:/twlan/"



So, the trailing forward slash on open_basedir makes every path
invalid.



Changes between 5.3.3 and 5.3.4:

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/fopen_wrappers.c?r1=301440&r2=306091



I think the bug was introduced in
http://svn.php.net/viewvc/php/php-src/trunk/main/fopen_wrappers.c?r1=305098&r2=305698

--- begin code ---

@@ -228,6 +234,9 @@

                                resolved_basedir[resolved_basedir_len] = 
PHP_DIR_SEPARATOR;

                                resolved_basedir[++resolved_basedir_len] = '\0';

                        }

+               } else {

+                               resolved_basedir[resolved_basedir_len++] = 
PHP_DIR_SEPARATOR;

+                               resolved_basedir[resolved_basedir_len] = '\0';

                }

 

                resolved_name_len = strlen(resolved_name);

--- end code ---

PHP_DIR_SEPARATOR is "\\" on Windows.

Test script:
---------------
<?php

// open_basedir="C:/twlan/"

header("Content-Type: text/plain");

error_reporting(E_ALL | E_STRICT);

ini_set('html_errors', 0);

var_dump(realpath('.'));

var_dump(realpath('..'));

var_dump(realpath('../..'));

var_dump(realpath('../../..'));

?>

Expected result:
----------------
string(22) "C:\twlan\htdocs\combot"

string(15) "C:\twlan\htdocs"

string(8) "C:\twlan"



Warning: realpath(): open_basedir restriction in effect. File(C:\) is
not within the allowed path(s): (C:/twlan/) in
C:\twlan\htdocs\combot\php-bug.php on line 7

bool(false)



Actual result:
--------------
Warning: realpath(): open_basedir restriction in effect.
File(C:\twlan\htdocs) is not within the allowed path(s): (C:/twlan/) in
C:\twlan\htdocs\combot\php-bug.php on line 5

bool(false)



Warning: realpath(): open_basedir restriction in effect.
File(C:\twlan\htdocs) is not within the allowed path(s): (C:/twlan/) in
C:\twlan\htdocs\combot\php-bug.php on line 5

bool(false)



Warning: realpath(): open_basedir restriction in effect. File(C:\twlan)
is not within the allowed path(s): (C:/twlan/) in
C:\twlan\htdocs\combot\php-bug.php on line 6

bool(false)



Warning: realpath(): open_basedir restriction in effect. File(C:\) is
not within the allowed path(s): (C:/twlan/) in
C:\twlan\htdocs\combot\php-bug.php on line 7

bool(false)




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53577&edit=1