Skip to content

Commit c465761

Browse files
dstogovdstogov
committed
Merge branch 'PHP-5.5'
* PHP-5.5: Fixed issue #78 (incorrect file path validation)
2 parents feefd2a + 031553c commit c465761

File tree

1 file changed

+35
-20
lines changed

1 file changed

+35
-20
lines changed

ext/opcache/ZendAccelerator.c

Lines changed: 35 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,10 @@ static char *(*accelerator_orig_zend_resolve_path)(const char *filename, int fil
108108
static void (*orig_chdir)(INTERNAL_FUNCTION_PARAMETERS) = NULL;
109109
static ZEND_INI_MH((*orig_include_path_on_modify)) = NULL;
110110

111+
#if ZEND_EXTENSION_API_NO < PHP_5_3_X_API_NO
112+
static char *accel_php_resolve_path(const char *filename, int filename_length, const char *path TSRMLS_DC);
113+
#endif
114+
111115
#ifdef ZEND_WIN32
112116
# define INCREMENT(v) InterlockedIncrement(&ZCSG(v))
113117
# define DECREMENT(v) InterlockedDecrement(&ZCSG(v))
@@ -196,28 +200,31 @@ static ZEND_INI_MH(accel_include_path_on_modify)
196200
ZCG(include_path_len) = new_value_length;
197201

198202
if (ZCG(enabled) && accel_startup_ok &&
199-
(ZCG(counted) || ZCSG(accelerator_enabled)) &&
200-
!zend_accel_hash_is_full(&ZCSG(include_paths))) {
201-
202-
SHM_UNPROTECT();
203-
zend_shared_alloc_lock(TSRMLS_C);
203+
(ZCG(counted) || ZCSG(accelerator_enabled))) {
204204

205205
ZCG(include_path_key) = zend_accel_hash_find(&ZCSG(include_paths), ZCG(include_path), ZCG(include_path_len) + 1);
206206
if (!ZCG(include_path_key) &&
207-
!zend_accel_hash_is_full(&ZCSG(include_paths))) {
208-
char *key;
207+
!zend_accel_hash_is_full(&ZCSG(include_paths))) {
208+
SHM_UNPROTECT();
209+
zend_shared_alloc_lock(TSRMLS_C);
209210

210-
key = zend_shared_alloc(ZCG(include_path_len) + 2);
211-
if (key) {
212-
memcpy(key, ZCG(include_path), ZCG(include_path_len) + 1);
213-
key[ZCG(include_path_len) + 1] = 'A' + ZCSG(include_paths).num_entries;
214-
ZCG(include_path_key) = key + ZCG(include_path_len) + 1;
215-
zend_accel_hash_update(&ZCSG(include_paths), key, ZCG(include_path_len) + 1, 0, ZCG(include_path_key));
216-
}
217-
}
211+
ZCG(include_path_key) = zend_accel_hash_find(&ZCSG(include_paths), ZCG(include_path), ZCG(include_path_len) + 1);
212+
if (!ZCG(include_path_key) &&
213+
!zend_accel_hash_is_full(&ZCSG(include_paths))) {
214+
char *key;
218215

219-
zend_shared_alloc_unlock(TSRMLS_C);
220-
SHM_PROTECT();
216+
key = zend_shared_alloc(ZCG(include_path_len) + 2);
217+
if (key) {
218+
memcpy(key, ZCG(include_path), ZCG(include_path_len) + 1);
219+
key[ZCG(include_path_len) + 1] = 'A' + ZCSG(include_paths).num_entries;
220+
ZCG(include_path_key) = key + ZCG(include_path_len) + 1;
221+
zend_accel_hash_update(&ZCSG(include_paths), key, ZCG(include_path_len) + 1, 0, ZCG(include_path_key));
222+
}
223+
}
224+
225+
zend_shared_alloc_unlock(TSRMLS_C);
226+
SHM_PROTECT();
227+
}
221228
} else {
222229
ZCG(include_path_check) = 1;
223230
}
@@ -807,7 +814,6 @@ static accel_time_t zend_get_file_handle_timestamp(zend_file_handle *file_handle
807814
static inline int do_validate_timestamps(zend_persistent_script *persistent_script, zend_file_handle *file_handle TSRMLS_DC)
808815
{
809816
zend_file_handle ps_handle;
810-
char actualpath [MAXPATHLEN + 1];
811817
char *full_path_ptr = NULL;
812818

813819
/** check that the persistant script is indeed the same file we cached
@@ -818,28 +824,36 @@ static inline int do_validate_timestamps(zend_persistent_script *persistent_scri
818824
if (strcmp(persistent_script->full_path, file_handle->opened_path) != 0) {
819825
return FAILURE;
820826
}
821-
} else {
822-
full_path_ptr = VCWD_REALPATH(file_handle->filename, actualpath);
827+
} else {
828+
#if ZEND_EXTENSION_API_NO < PHP_5_3_X_API_NO
829+
full_path_ptr = accel_php_resolve_path(file_handle->filename, strlen(file_handle->filename), ZCG(include_path) TSRMLS_CC);
830+
#else
831+
full_path_ptr = accelerator_orig_zend_resolve_path(file_handle->filename, strlen(file_handle->filename) TSRMLS_CC);
832+
#endif
823833
if (full_path_ptr && strcmp(persistent_script->full_path, full_path_ptr) != 0) {
834+
efree(full_path_ptr);
824835
return FAILURE;
825836
}
826837
file_handle->opened_path = full_path_ptr;
827838
}
828839

829840
if (persistent_script->timestamp == 0) {
830841
if (full_path_ptr) {
842+
efree(full_path_ptr);
831843
file_handle->opened_path = NULL;
832844
}
833845
return FAILURE;
834846
}
835847

836848
if (zend_get_file_handle_timestamp(file_handle, NULL TSRMLS_CC) == persistent_script->timestamp) {
837849
if (full_path_ptr) {
850+
efree(full_path_ptr);
838851
file_handle->opened_path = NULL;
839852
}
840853
return SUCCESS;
841854
}
842855
if (full_path_ptr) {
856+
efree(full_path_ptr);
843857
file_handle->opened_path = NULL;
844858
}
845859

@@ -938,6 +952,7 @@ char *accel_make_persistent_key_ex(zend_file_handle *file_handle, int path_lengt
938952
if (ZCG(include_path_check) &&
939953
ZCG(enabled) && accel_startup_ok &&
940954
(ZCG(counted) || ZCSG(accelerator_enabled)) &&
955+
!zend_accel_hash_find(&ZCSG(include_paths), ZCG(include_path), ZCG(include_path_len) + 1) &&
941956
!zend_accel_hash_is_full(&ZCSG(include_paths))) {
942957

943958
SHM_UNPROTECT();

0 commit comments

Comments
 (0)