Annotation of embedaddon/php/ext/libxml/tests/bug61367-read.phpt, revision 1.1.1.1
1.1 misho 1: --TEST--
2: Bug #61367: open_basedir bypass in libxml RSHUTDOWN: read test
3: --SKIPIF--
4: <?php if(!extension_loaded('dom')) echo 'skip'; ?>
5: --INI--
6: open_basedir=.
7: ; Suppress spurious "Trying to get property of non-object" notices
8: error_reporting=E_ALL & ~E_NOTICE
9: --FILE--
10: <?php
11:
12: class StreamExploiter {
13: public function stream_close ( ) {
14: $doc = new DOMDocument;
15: $doc->resolveExternals = true;
16: $doc->substituteEntities = true;
17: $dir = htmlspecialchars(dirname(getcwd()));
18: $doc->loadXML( <<<XML
19: <!DOCTYPE doc [
20: <!ENTITY file SYSTEM "file:///$dir/bad">
21: ]>
22: <doc>&file;</doc>
23: XML
24: );
25: print $doc->documentElement->firstChild->nodeValue;
26: }
27:
28: public function stream_open ( $path , $mode , $options , &$opened_path ) {
29: return true;
30: }
31: }
32:
33: var_dump(mkdir('test_bug_61367'));
34: var_dump(mkdir('test_bug_61367/base'));
35: var_dump(file_put_contents('test_bug_61367/bad', 'blah'));
36: var_dump(chdir('test_bug_61367/base'));
37:
38: stream_wrapper_register( 'exploit', 'StreamExploiter' );
39: $s = fopen( 'exploit://', 'r' );
40:
41: ?>
42: --CLEAN--
43: <?php
44: unlink('test_bug_61367/bad');
45: rmdir('test_bug_61367/base');
46: rmdir('test_bug_61367');
47: ?>
48: --EXPECTF--
49: bool(true)
50: bool(true)
51: int(4)
52: bool(true)
53:
54: Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file:///%s/test_bug_61367/bad" in %s on line %d
55:
56: Warning: DOMDocument::loadXML(): Failure to process entity file in Entity, line: 4 in %s on line %d
57:
58: Warning: DOMDocument::loadXML(): Entity 'file' not defined in Entity, line: 4 in %s on line %d
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>