Merge branch 'PHP-7.1' into PHP-7.2

Author: bukka

NEWS

@@ -6,6 +6,10 @@ PHP                                                                        NEWS
   . Fixed bug #76333 (PHP built-in server does not find files if root path
     contains special characters). (Anatol)
 
+- OpenSSL:
+  . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
+    (Erik Lax, Jakub Zelenka)
+
 - Standard:
   . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
     (Anatol)

ext/openssl/openssl.c

@@ -3809,6 +3809,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 
 		if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) {
 			filename = Z_STRVAL_P(val) + (sizeof("file://") - 1);
+			if (php_openssl_open_base_dir_chk(filename)) {
+				TMP_CLEAN;
+			}
 		}
 		/* it's an X509 file/cert of some kind, and we need to extract the data from that */
 		if (public_key) {
@@ -3835,9 +3838,6 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 			BIO *in;
 
 			if (filename) {
-				if (php_openssl_open_base_dir_chk(filename)) {
-					TMP_CLEAN;
-				}
 				in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 			} else {
 				in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));

ext/openssl/tests/bug76296.phpt

@@ -0,0 +1,22 @@
+--TEST--
+Bug #76296 openssl_pkey_get_public does not respect open_basedir
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+$dir = __DIR__ . '/bug76296_openbasedir';
+$pem = 'file://' . __DIR__ . '/public.key';
+if (!is_dir($dir)) {
+	mkdir($dir);
+}
+
+ini_set('open_basedir', $dir);
+
+var_dump(openssl_pkey_get_public($pem));
+?>
+--EXPECTF--
+
+Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d
+bool(false)
+--CLEAN--
+@rmdir(__DIR__ . '/bug76296_openbasedir');