|
version 1.1.1.3, 2013/07/22 01:32:00
|
version 1.1.1.4, 2014/06/15 20:03:55
|
|
Line 2
|
Line 2
|
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | PHP Version 5 | |
| PHP Version 5 | |
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | Copyright (c) 1997-2013 The PHP Group | | | Copyright (c) 1997-2014 The PHP Group | |
| +----------------------------------------------------------------------+ |
+----------------------------------------------------------------------+ |
| | This source file is subject to version 3.01 of the PHP license, | |
| This source file is subject to version 3.01 of the PHP license, | |
| | that is bundled with this package in the file LICENSE, and is | |
| that is bundled with this package in the file LICENSE, and is | |
|
Line 50
|
Line 50
|
| |
|
| #define FILE_PREFIX "sess_" |
#define FILE_PREFIX "sess_" |
| |
|
| |
#ifdef PHP_WIN32 |
| |
# ifndef O_NOFOLLOW |
| |
# define O_NOFOLLOW 0 |
| |
# endif |
| |
#endif |
| |
|
| typedef struct { |
typedef struct { |
| int fd; |
int fd; |
| char *lastkey; |
char *lastkey; |
|
Line 146 static void ps_files_close(ps_files *data)
|
Line 152 static void ps_files_close(ps_files *data)
|
| static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) |
static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) |
| { |
{ |
| char buf[MAXPATHLEN]; |
char buf[MAXPATHLEN]; |
| |
struct stat sbuf; |
| |
|
| if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) { |
if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) { |
| if (data->lastkey) { |
if (data->lastkey) { |
|
Line 166 static void ps_files_open(ps_files *data, const char *
|
Line 173 static void ps_files_open(ps_files *data, const char *
|
| |
|
| data->lastkey = estrdup(key); |
data->lastkey = estrdup(key); |
| |
|
| |
/* O_NOFOLLOW to prevent us from following evil symlinks */ |
| |
#ifdef O_NOFOLLOW |
| |
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode); |
| |
#else |
| |
/* Check to make sure that the opened file is not outside of allowable dirs. |
| |
This is not 100% safe but it's hard to do something better without O_NOFOLLOW */ |
| |
if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { |
| |
return; |
| |
} |
| data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); |
data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode); |
| |
#endif |
| |
|
| if (data->fd != -1) { |
if (data->fd != -1) { |
| #ifndef PHP_WIN32 |
#ifndef PHP_WIN32 |
| /* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */ | /* check that this session file was created by us or root – we |
| if (PG(open_basedir)) { | don't want to end up accepting the sessions of another webapp */ |
| struct stat sbuf; | if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) { |
| close(data->fd); |
| if (fstat(data->fd, &sbuf)) { | data->fd = -1; |
| close(data->fd); | return; |
| return; | |
| } | |
| if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) { | |
| close(data->fd); | |
| return; | |
| } | |
| } |
} |
| #endif |
#endif |
| flock(data->fd, LOCK_EX); |
flock(data->fd, LOCK_EX); |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mod_files.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / session