windows linkinfo lacks openbasedir check
[2018-06-11 22:51 UTC] fernando at null-life dot com
Description: ------------ linkinfo function on windows doesn't implement openbasedir check, it can be seen by reviewing the source code. This could be abused to find files on paths outside of the allowed directories. Windows: https://github.com/php/php-src/blob/master/ext/standard/link_win32.c#L88 Unix: https://github.com/php/php-src/blob/master/ext/standard/link.c#L85 Test script: --------------- <?php $var1="c:\\jump"; print "checking $var1 ...".PHP_EOL; print @linkinfo($var1).PHP_EOL; $var1="c:\\jump\\folder\\file1.txt"; print "checking $var1 ...".PHP_EOL; print @linkinfo($var1).PHP_EOL; $var1="c:\\jump\\blabla"; print "checking $var1 ...".PHP_EOL; print @linkinfo($var1).PHP_EOL; Expected result: ---------------- Warning: linkinfo(): open_basedir restriction in effect... Actual result: -------------- C:\php726\php.exe -n -dopen_basedir=C:\tools sample.php checking c:\jump ... 2 checking c:\jump\folder\file1.txt ... 2 checking c:\jump\blabla ... -1
[2018-06-12 11:07 UTC] cmb@php.net
[2018-07-16 23:57 UTC] stas@php.net
-Status: Open +Status: Closed
[2018-08-15 13:54 UTC] kaplan@php.net
-Assigned To: +Assigned To: kaplan -CVE-ID: +CVE-ID: 2018-15132
[2018-08-15 13:54 UTC] kaplan@php.net
-Assigned To: kaplan +Assigned To: ab