Sophie

Sophie

distrib > Mandriva > 2009.0 > i586 > by-pkgid > 85e22736dde948b4af8fc20c2ecb80cd > files > 8

php-5.2.6-18.14mdv2009.0.src.rpm


 Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak.
 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272&view=patch

--- ext/session/session.c	2010-02-22 09:56:36.000000000 -0500
+++ ext/session/session.c.oden	2010-02-22 09:56:46.000000000 -0500
@@ -158,8 +158,13 @@ static PHP_INI_MH(OnUpdateSaveDir)
 			return FAILURE;
 		}
 
-		if ((p = zend_memrchr(new_value, ';', new_value_length))) {
+		/* we do not use zend_memrchr() since path can contain ; itself */
+		if ((p = strchr(new_value, ';'))) {
+			char *p2;
 			p++;
+			if ((p2 = strchr(p, ';'))) {
+				p = p2 + 1;
+			}
 		} else {
 			p = new_value;
 		}

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional