Skip to content

Commit 1b803bc

Browse files
nielsdosnielsdos
committed
Merge branch 'PHP-8.3' into PHP-8.4
* PHP-8.3: Fix GH-16802: open_basedir bypass using curl extension
2 parents 6a55bee + 179ca2b commit 1b803bc

File tree

2 files changed

+35
-1
lines changed

2 files changed

+35
-1
lines changed

ext/curl/interface.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1938,7 +1938,10 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
19381938
zend_string *str = zval_get_tmp_string(zvalue, &tmp_str);
19391939
#if LIBCURL_VERSION_NUM >= 0x075500 /* Available since 7.85.0 */
19401940
if ((option == CURLOPT_PROTOCOLS_STR || option == CURLOPT_REDIR_PROTOCOLS_STR) &&
1941-
(PG(open_basedir) && *PG(open_basedir)) && php_memnistr(ZSTR_VAL(str), "file", sizeof("file") - 1, ZSTR_VAL(str) + ZSTR_LEN(str)) != NULL) {
1941+
(PG(open_basedir) && *PG(open_basedir))
1942+
&& (php_memnistr(ZSTR_VAL(str), "file", sizeof("file") - 1, ZSTR_VAL(str) + ZSTR_LEN(str)) != NULL
1943+
|| php_memnistr(ZSTR_VAL(str), "all", sizeof("all") - 1, ZSTR_VAL(str) + ZSTR_LEN(str)) != NULL)) {
1944+
zend_tmp_string_release(tmp_str);
19421945
php_error_docref(NULL, E_WARNING, "The FILE protocol cannot be activated when an open_basedir is set");
19431946
return FAILURE;
19441947
}

ext/curl/tests/gh16802.phpt

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
--TEST--
2+
GH-16802 (open_basedir bypass using curl extension)
3+
--EXTENSIONS--
4+
curl
5+
--SKIPIF--
6+
<?php
7+
$curl_version = curl_version();
8+
if ($curl_version['version_number'] < 0x075500) {
9+
die("skip: blob options not supported for curl < 7.85.0");
10+
}
11+
?>
12+
--INI--
13+
open_basedir=/nowhere
14+
--FILE--
15+
<?php
16+
$ch = curl_init("file:///etc/passwd");
17+
curl_setopt($ch, CURLOPT_PROTOCOLS_STR, "all");
18+
curl_setopt($ch, CURLOPT_PROTOCOLS_STR, "ftp,all");
19+
curl_setopt($ch, CURLOPT_PROTOCOLS_STR, "all,ftp");
20+
curl_setopt($ch, CURLOPT_PROTOCOLS_STR, "all,file,ftp");
21+
var_dump(curl_exec($ch));
22+
?>
23+
--EXPECTF--
24+
Warning: curl_setopt(): The FILE protocol cannot be activated when an open_basedir is set in %s on line %d
25+
26+
Warning: curl_setopt(): The FILE protocol cannot be activated when an open_basedir is set in %s on line %d
27+
28+
Warning: curl_setopt(): The FILE protocol cannot be activated when an open_basedir is set in %s on line %d
29+
30+
Warning: curl_setopt(): The FILE protocol cannot be activated when an open_basedir is set in %s on line %d
31+
bool(false)

0 commit comments

Comments
 (0)