Browse Source

Fixed bug #42952 (soap cache file is created with insecure permissions)

experimental/phar_tar
Dmitry Stogov 19 years ago
parent
commit
86eaf4bd1e
  1. 14
      ext/soap/php_sdl.c

14
ext/soap/php_sdl.c

@ -2015,7 +2015,7 @@ static void add_sdl_to_cache(const char *fn, const char *uri, time_t t, sdlPtr s
#ifdef ZEND_WIN32
f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
#else
f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE|S_IROTH|S_IWOTH|S_IRGRP|S_IWGRP);
f = open(fn,O_CREAT|O_WRONLY|O_EXCL|O_BINARY,S_IREAD|S_IWRITE);
#endif
if (f < 0) {return;}
@ -3117,16 +3117,24 @@ sdlPtr get_sdl(zval *this_ptr, char *uri, long cache_wsdl TSRMLS_DC)
unsigned char digest[16];
int len = strlen(SOAP_GLOBAL(cache_dir));
time_t cached;
char *user = php_get_current_user();
int user_len = user ? strlen(user) + 1 : 0;
md5str[0] = '\0';
PHP_MD5Init(&context);
PHP_MD5Update(&context, (unsigned char*)uri, uri_len);
PHP_MD5Final(digest, &context);
make_digest(md5str, digest);
key = emalloc(len+sizeof("/wsdl-")-1+sizeof(md5str));
key = emalloc(len+sizeof("/wsdl-")-1+user_len+sizeof(md5str));
memcpy(key,SOAP_GLOBAL(cache_dir),len);
memcpy(key+len,"/wsdl-",sizeof("/wsdl-")-1);
memcpy(key+len+sizeof("/wsdl-")-1,md5str,sizeof(md5str));
len += sizeof("/wsdl-")-1;
if (user_len) {
memcpy(key+len, user, user_len-1);
len += user_len-1;
key[len++] = '-';
}
memcpy(key+len,md5str,sizeof(md5str));
if ((sdl = get_sdl_from_cache(key, uri, t-SOAP_GLOBAL(cache_ttl), &cached TSRMLS_CC)) != NULL) {
t = cached;

Loading…
Cancel
Save