mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 02:15:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix #79491: Search for .user.ini extends up to root dir

Browse Source 
The `start` parameter of `php_cgi_ini_activate_user_config` is supposed
to hold the byte offset of the doc root in the given `path`.  However,
the current expression which fixes a potential type incompatibility
will ever only evaluate to zero or one, because it uses the *logical*
and operator (`&&`).  Furthermore we notice that subtracting one from
`doc_root_len` is not necessary, so there is even no need for the
`start` parameter at all.
This commit is contained in:
Christoph M. Becker 2020-04-19 14:22:24 +02:00
parent f62571c121
commit fa10abd6d7
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -11,6 +11,9 @@ PHP NEWS
. Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
(cmb)
- FCGI:
. Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
- MBString:
. Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
(Girgias)

6
sapi/cgi/cgi_main.c
View File

@ -789,7 +789,7 @@ static void sapi_cgi_log_message(char *message, int syslog_type_int)
/* {{{ php_cgi_ini_activate_user_config
*/
static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len, int start)
static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len)
{
user_config_cache_entry *new_entry, *entry;
time_t request_time = (time_t)sapi_get_request_time();
@ -842,7 +842,7 @@ static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const
#else
if (strncmp(s1, s2, s_len) == 0) {
#endif
char *ptr = s2 + start; /* start is the point where doc_root ends! */
char *ptr = s2 + doc_root_len;
while ((ptr = strchr(ptr, DEFAULT_SLASH)) != NULL) {
*ptr = 0;
php_parse_user_ini_file(path, PG(user_ini_filename), entry->user_config);
@ -938,7 +938,7 @@ static int sapi_cgi_activate(void)
doc_root = estrndup(doc_root, doc_root_len);
zend_str_tolower(doc_root, doc_root_len);
#endif
php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len, (doc_root_len > 0 && (doc_root_len - 1)));
php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len);
#ifdef PHP_WIN32
efree(doc_root);