From a21d56764d2cb44500fa2e4ad04bd1814da394aa Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Fri, 26 Dec 2025 00:53:27 +0100 Subject: [PATCH 1/2] Avoid output string duplication in OnUpdateBaseDir MH handler --- main/fopen_wrappers.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index 63564cc73bdfc..8ad303788d977 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -39,6 +39,7 @@ #include "zend_compile.h" #include "php_network.h" #include "zend_smart_str.h" +#include "zend_smart_string.h" #ifdef HAVE_PWD_H #include @@ -92,7 +93,7 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) } /* Is the proposed open_basedir at least as restrictive as the current setting? */ - smart_str buf = {0}; + smart_string buf = {0}; ptr = pathbuf = estrdup(ZSTR_VAL(new_value)); while (ptr && *ptr) { end = strchr(ptr, DEFAULT_DIR_SEPARATOR); @@ -103,32 +104,31 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) char resolved_name[MAXPATHLEN + 1]; if (expand_filepath(ptr, resolved_name) == NULL) { efree(pathbuf); - smart_str_free(&buf); + smart_string_free(&buf); return FAILURE; } if (php_check_open_basedir_ex(resolved_name, 0) != 0) { /* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */ efree(pathbuf); - smart_str_free(&buf); + smart_string_free(&buf); return FAILURE; } - if (smart_str_get_len(&buf) != 0) { - smart_str_appendc(&buf, DEFAULT_DIR_SEPARATOR); + if (buf.len != 0) { + smart_string_appendc(&buf, DEFAULT_DIR_SEPARATOR); } - smart_str_appends(&buf, resolved_name); + smart_string_appends(&buf, resolved_name); ptr = end; } efree(pathbuf); /* Everything checks out, set it */ - zend_string *tmp = smart_str_extract(&buf); - char *result = estrdup(ZSTR_VAL(tmp)); + smart_string_0(&buf); + char *result = buf.c; if (PG(open_basedir_modified)) { efree(*p); } *p = result; PG(open_basedir_modified) = true; - zend_string_release(tmp); return SUCCESS; } From 75e3b81b25507cc34fc9376aa39b234c00e0f3c1 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Fri, 26 Dec 2025 01:05:08 +0100 Subject: [PATCH 2/2] Avoid input string duplication in OnUpdateBaseDir MH handler --- main/fopen_wrappers.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index 8ad303788d977..b78675aa8923e 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -94,7 +94,7 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) /* Is the proposed open_basedir at least as restrictive as the current setting? */ smart_string buf = {0}; - ptr = pathbuf = estrdup(ZSTR_VAL(new_value)); + ptr = pathbuf = ZSTR_VAL(new_value); while (ptr && *ptr) { end = strchr(ptr, DEFAULT_DIR_SEPARATOR); if (end != NULL) { @@ -103,13 +103,11 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) } char resolved_name[MAXPATHLEN + 1]; if (expand_filepath(ptr, resolved_name) == NULL) { - efree(pathbuf); smart_string_free(&buf); return FAILURE; } if (php_check_open_basedir_ex(resolved_name, 0) != 0) { /* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */ - efree(pathbuf); smart_string_free(&buf); return FAILURE; } @@ -119,7 +117,6 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) smart_string_appends(&buf, resolved_name); ptr = end; } - efree(pathbuf); /* Everything checks out, set it */ smart_string_0(&buf);