PHP tempname()º¯ÊýÈƹýsafe_mode°²È«ÏÞÖÆ©¶´
BUGTRAQ ID: 36555
CVE ID: CVE-2009-3557
PHPÊǹ㷺ʹÓõÄͨÓÃÄ¿µÄ½Å±¾ÓïÑÔ£¬ÌرðÊʺÏÓÚWeb¿ª·¢£¬¿ÉǶÈëµ½HTMLÖС£
PHPµÄtempnam()ÖеĴíÎó¿ÉÄÜÔÊÐíÈƹýsafe_modeÏÞÖÆ¡£ÒÔÏÂÊÇext/standard/file.cÖеÄÓЩ¶´´úÂë¶Î£º
PHP_FUNCTION(tempnam)
{
char *dir, *prefix;
int dir_len, prefix_len;
size_t p_len;
char *opened_path;
char *p;
int fd;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &dir, &dir_len,
&prefix, &prefix_len) == FAILURE) {
return;
}
if (php_check_open_basedir(dir TSRMLS_CC)) { [1]
RETURN_FALSE;
}
php_basename(prefix, prefix_len, NULL, 0, &p, &p_len TSRMLS_CC);
if (p_len > 64) {
p[63] = '\0';mud pump
}
if ((fd = php_open_temporary_fd(dir, p, &opened_path TSRMLS_CC)) >= 0) {
close(fd);
RETVAL_STRING(opened_path, 0);
}
efree(p);
}
ÔÚ[1]´¦tempnam()º¯Êý½ö¼ì²éÁËopen_basedirÖµ¡£
<*²Î¿¼
http://securityreason.com/securityalert/6601
http://secunia.com/advisories/37412/
*>
SEBUG°²È«½¨Òé:
³§É̲¹¶¡£º
PHP
---
Ä¿Ç°³§ÉÌÒѾ·¢²¼ÁËÉý¼¶²¹¶¡ÒÔÐÞ¸´Õâ¸ö°²È«ÎÊÌ⣬Çëµ½³§É̵ÄÖ÷Ò³ÏÂÔØ£º
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log
ÖýÂÁ¼þ ĥúÅç·Û»ú ·ç»úÒ¶ÂÖ Öýͼþ
Ïà¹ØÎĵµ£º
ÈçºÎ´´½¨ÎÒÃǵĵÚÒ»¸öPHPÒ³ÃæÄØ£¿·Ç³£¼òµ¥µÄ£¡Ñ¡ÔñÎÒÃÇʹÓõÄÒ»¸ö×îºÃµÄÉè¼Æ¹¤¾ß£¬µ±È»ÄãÒ²¿ÉÒÔ Ö»Ê¹ÓüÇʱ¾¡£´´½¨Ö®ºó¼ÇµÃÒª±£´æΪÀ©Õ¹ÃûΪPHPµÄÎļþ£¬È»ºó´«µ½ÎÒÃǵķþÎñÆ÷
ÉÏ¡£
¡¡¡¡ÔÚ±àдPHP³ÌÐò֮ǰͨ³£ÎÒÃÇÐèÒªÅäÖÃÎÒÃǵĻ·¾³£¬Ò²¾ÍÊÇ˵·þÎñÆ÷
ÒªÖ§³ÖPHP²ÅÄÜÐа¡
¡¡¡¡Ò»¡¢PHPµÄ»ù±¾½á¹¹£º
¡¡¡¡Ê¹ÓÃIncl ......
ÔÚPHP½øÐÐÐòÁл¯Ê±£¬serialize() ¼ì²éÀàÖÐÊÇ·ñÓÐ __sleep() ,Èç¹ûÓУ¬Ôò¸Ãº¯Êý½«ÔÚÈκÎÐòÁл¯Ö®Ç°ÔËÐС£¸Ãº¯Êý±ØÐë·µ»ØÒ»¸öÐèÒª½øÐÐÐòÁл¯±£´æµÄ³ÉÔ±ÊôÐÔÊý×飬²¢ÇÒÖ»ÐòÁл¯¸Ãº¯Êý·µ»ØµÄÕâЩ³ÉÔ±ÊôÐÔ. ¸Ãº¯ÊýÓÐÁ½¸ö×÷ÓÃ: µÚÒ». ÔÚÐòÁл¯Ö®Ç°,¹Ø±Õ¶ÔÏó¿ÉÄܾßÓеÄÈκÎÊý¾Ý¿âÁ¬½ÓµÈ. µÚ¶þ. Ö¸¶¨¶ÔÏóÖÐÐèÒª±»ÐòÁл¯µÄ³ÉÔ±ÊôÐÔ,È ......
Session¼ò½é
session ·Ö³ÉÁ½²¿·Ö£¬session¿Õ¼ä´æ·ÅÓÚ·þÎñÆ÷¶Ë£¬´ò¿ª¿Õ¼äµÄID ´æ·ÅÓÚ ¿Í»§¶ËµÄcookie£¬ Èç¹û¿Í»§¶Ë¹Ø±ÕÁËcookie£¬session¾Í²»ÄÜÕý³£µÄʹÓá£
SessionµÄÖÐÎÄÒëÃû½Ð×ö“»á»°”£¬Æä±¾À´µÄº¬ÒåÊÇÖ¸ÓÐʼÓÐÖÕµÄһϵÁж¯×÷/ÏûÏ¢£¬±ÈÈç´òµç»°Ê±´ÓÄÃÆðµç»°²¦ºÅµ½¹Ò¶Ïµç»°ÕâÖмäµÄһϵÁйý³Ì¿ÉÒÔ³Æ ......
×öPHP³ÌÐòµÄÈ˶¼ÖªµÀhtmlentitiesºÍhtmlspecialcharsº¯Êý£¬¶¼ÊǸñʽ»¯html´úÂëµÄ£¬µ«ÊÇÕâ¶þ¸öº¯ÊýÊÇ·ñÕæµÄ¹¦ÄÜÒ»ÑùÂ𣿠php³ÌÐòÔ±Ö®¼Ò ÕâÁ½¸öº¯ÊýÔÚ¸ñʽ»¯´øÓÐÓ¢ÎÄ×Ö·ûµÄhtml´úÂëµÄʱºò»ù±¾Ã»É¶ÎÊÌ⣬µ«ÊÇhtmlentities¶ÔÖÐÎÄ×Ö·ûÒ²²»·Å¹ý£¬ÕâÑùµÃ³öÀ´µÄ½á¹ûÊÇÖÐÎÄ×Ö·û²¿·Ö±äΪһ¶ÑÂÒÂë¡£µ±Ê±×öÓ¢ÎÄÕ¾µÄʱºò¸ù±¾¾Íû¾õ²ìµ ......
