#25746 [NEW]: broken getcwd causes bailout and empty response body

Fri, 03 Oct 2003 08:51:36 -0700 

From:             neilus at dcs dot kcl dot ac dot uk
Operating system: Solaris
PHP version:      4.3.3
PHP Bug Type:     Apache related
Bug description:  broken getcwd causes bailout and empty response body

Description:
------------
The fix for bug #21310 introduced:
#if HAVE_BROKEN_GETCWD
                        /* this looks nasty to me */
                        old_cwd_fd = open(".", 0);
                        if (old_cwd_fd == -1) {
                                zend_bailout();
                        }

into php_execute_script in main/main.c.

If PHP does not have read permissions on the cwd, it bails out and the
client gets an empty response body.

This is a particular problem if the last request has chdir'd the web
server to such a directory. Apache does this when you request a file that
uses server side includes.

Reproduce code:
---------------
# mkdir -m 711 /tmp/abc
# cd /tmp/abc
# httpd -X
$ wget -q -O - http://localhost/content.php

# httpd -X
$ wget -q -O - http://localhost/no_read_perms/content.shtml
$ wget -q -O - http://localhost/content.php


Expected result:
----------------
$ wget -q -O - http://localhost/content.php
  ...
$

$ wget -q -O - http://localhost/no_read_perms/content.shtml
  ...
$ wget -q -O - http://localhost/content.php
  ...
$


Actual result:
--------------
$ wget -q -O - http://localhost/content.php
$

$ wget -q -O - http://localhost/no_read_perms/content.shtml
  ...
$ wget -q -O - http://localhost/content.php
$


-- 
Edit bug report at http://bugs.php.net/?id=25746&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=25746&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=25746&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=25746&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=25746&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=25746&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=25746&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=25746&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=25746&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=25746&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=25746&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=25746&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25746&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=25746&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=25746&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=25746&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=25746&r=float

Reply via email to