Skip to content

Commit fa3f14f

Browse files
nielsdosnielsdos
committed
Fix GH-19480: error_log php.ini cannot be unset when open_basedir is configured
Since the ini message handlers already check for basedir, we need to drop the basedir check from ini_set. Then we also fix the exceptional case for the empty string: it should bypass the basedir check. Furthermore, there was a regression introduced with the error_log "syslog" check in ddfe269 (inverted check), so we fix that as well.
1 parent a3de2ce commit fa3f14f

File tree

3 files changed

+21
-8
lines changed

3 files changed

+21
-8
lines changed

ext/standard/basic_functions.c

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2037,10 +2037,8 @@ PHP_FUNCTION(ini_set)
20372037
#define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini))
20382038
/* open basedir check */
20392039
if (PG(open_basedir)) {
2040-
if (_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "error_log") ||
2041-
_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.class.path") ||
2040+
if (_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.class.path") ||
20422041
_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.home") ||
2043-
_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "mail.log") ||
20442042
_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.library.path") ||
20452043
_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "vpopmail.directory")) {
20462044
if (php_check_open_basedir(ZSTR_VAL(new_value_str))) {

main/main.c

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -625,26 +625,28 @@ static PHP_INI_MH(OnUpdateErrorLog)
625625
{
626626
/* Only do the safemode/open_basedir check at runtime */
627627
if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) &&
628-
new_value && zend_string_equals_literal(new_value, "syslog")) {
628+
new_value && !zend_string_equals_literal(new_value, "syslog") && ZSTR_LEN(new_value) > 0) {
629629
if (PG(open_basedir) && php_check_open_basedir(ZSTR_VAL(new_value))) {
630630
return FAILURE;
631631
}
632632
}
633-
OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
633+
char **p = (char **) ZEND_INI_GET_ADDR();
634+
*p = new_value && ZSTR_LEN(new_value) > 0 ? ZSTR_VAL(new_value) : NULL;
634635
return SUCCESS;
635636
}
636637
/* }}} */
637638

638639
/* {{{ PHP_INI_MH */
639640
static PHP_INI_MH(OnUpdateMailLog)
640641
{
641-
/* Only do the safemode/open_basedir check at runtime */
642-
if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value) {
642+
/* Only do the open_basedir check at runtime */
643+
if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value && ZSTR_LEN(new_value) > 0) {
643644
if (PG(open_basedir) && php_check_open_basedir(ZSTR_VAL(new_value))) {
644645
return FAILURE;
645646
}
646647
}
647-
OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
648+
char **p = (char **) ZEND_INI_GET_ADDR();
649+
*p = new_value && ZSTR_LEN(new_value) > 0 ? ZSTR_VAL(new_value) : NULL;
648650
return SUCCESS;
649651
}
650652
/* }}} */

tests/security/error_log_special_values.phpt

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
--TEST--
2+
Setting error_log to special values with open_basedir enabled
3+
--INI--
4+
open_basedir=foo
5+
error_log=
6+
--FILE--
7+
<?php
8+
var_dump(ini_set("error_log", "syslog"));
9+
var_dump(ini_set("error_log", ""));
10+
?>
11+
--EXPECT--
12+
string(0) ""
13+
string(6) "syslog"

0 commit comments

Comments
 (0)