version 1.1.1.3, 2013/07/22 01:32:00
|
version 1.1.1.4, 2014/06/15 20:03:55
|
Line 2
|
Line 2
|
+----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| PHP Version 5 | |
| PHP Version 5 | |
+----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| Copyright (c) 1997-2013 The PHP Group | | | Copyright (c) 1997-2014 The PHP Group | |
+----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| This source file is subject to version 3.01 of the PHP license, | |
| This source file is subject to version 3.01 of the PHP license, | |
| that is bundled with this package in the file LICENSE, and is | |
| that is bundled with this package in the file LICENSE, and is | |
Line 50
|
Line 50
|
|
|
#define FILE_PREFIX "sess_" |
#define FILE_PREFIX "sess_" |
|
|
|
#ifdef PHP_WIN32 |
|
# ifndef O_NOFOLLOW |
|
# define O_NOFOLLOW 0 |
|
# endif |
|
#endif |
|
|
typedef struct { |
typedef struct { |
int fd; |
int fd; |
char *lastkey; |
char *lastkey; |
Line 146 static void ps_files_close(ps_files *data)
|
Line 152 static void ps_files_close(ps_files *data)
|
static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) |
static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) |
{ |
{ |
char buf[MAXPATHLEN]; |
char buf[MAXPATHLEN]; |
|
struct stat sbuf; |
|
|
if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) { |
if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) { |
if (data->lastkey) { |
if (data->lastkey) { |
Line 166 static void ps_files_open(ps_files *data, const char *
|
Line 173 static void ps_files_open(ps_files *data, const char *
|
|
|
data->lastkey = estrdup(key); |
data->lastkey = estrdup(key); |
|
|
|
/* O_NOFOLLOW to prevent us from following evil symlinks */ |
|
#ifdef O_NOFOLLOW |
|
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode); |
|
#else |
|
/* Check to make sure that the opened file is not outside of allowable dirs. |
|
This is not 100% safe but it's hard to do something better without O_NOFOLLOW */ |
|
if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { |
|
return; |
|
} |
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); |
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); |
|
#endif |
|
|
if (data->fd != -1) { |
if (data->fd != -1) { |
#ifndef PHP_WIN32 |
#ifndef PHP_WIN32 |
/* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */ | /* check that this session file was created by us or root – we |
if (PG(open_basedir)) { | don't want to end up accepting the sessions of another webapp */ |
struct stat sbuf; | if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) { |
| close(data->fd); |
if (fstat(data->fd, &sbuf)) { | data->fd = -1; |
close(data->fd); | return; |
return; | |
} | |
if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { | |
close(data->fd); | |
return; | |
} | |
} |
} |
#endif |
#endif |
flock(data->fd, LOCK_EX); |
flock(data->fd, LOCK_EX); |