File: CVE-2010-3436.patch

package info (click to toggle)
php5 5.3.3-7%2Bsqueeze19
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 122,836 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (18 lines) | stat: -rw-r--r-- 677 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -239,8 +239,13 @@ PHPAPI int php_check_specific_open_based
 #else
 		if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
 #endif
-			/* File is in the right directory */
-			return 0;
+			if (resolved_name_len > resolved_basedir_len &&
+				resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) {
+				return -1;
+			} else {
+				/* File is in the right directory */
+				return 0;
+			}
 		} else {
 			/* /openbasedir/ and /openbasedir are the same directory */
 			if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {