[DCOM-293] Fix security misconfiguration vulnerability allowing local remote arbitrary code execution.

beberlei · beberlei · commit 2b3648c725f8 · 2015-08-31T14:16:50.000+02:00
diff --git a/lib/Doctrine/ORM/Cache/Region/FileLockRegion.php b/lib/Doctrine/ORM/Cache/Region/FileLockRegion.php
@@ -61,7 +61,7 @@ class FileLockRegion implements ConcurrentRegion
      */
     public function __construct(Region $region, $directory, $lockLifetime)
     {
-        if ( ! is_dir($directory) && ! @mkdir($directory, 0777, true)) {
+        if ( ! is_dir($directory) && ! @mkdir($directory, 0775, true)) {
             throw new \InvalidArgumentException(sprintf('The directory "%s" does not exist and could not be created.', $directory));
         }
 
@@ -242,6 +242,7 @@ public function lock(CacheKey $key)
         if ( ! @file_put_contents($filename, $lock->value, LOCK_EX)) {
             return null;
         }
+        chmod($filename, 0664);
 
         return $lock;
     }
diff --git a/lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php b/lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php
@@ -137,7 +137,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
 
         // Process destination directory
         if ( ! is_dir($destPath = $input->getArgument('dest-path'))) {
-            mkdir($destPath, 0777, true);
+            mkdir($destPath, 0775, true);
         }
         $destPath = realpath($destPath);
 
diff --git a/lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php b/lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php
@@ -79,7 +79,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
         }
 
         if ( ! is_dir($destPath)) {
-            mkdir($destPath, 0777, true);
+            mkdir($destPath, 0775, true);
         }
 
         $destPath = realpath($destPath);
diff --git a/lib/Doctrine/ORM/Tools/EntityGenerator.php b/lib/Doctrine/ORM/Tools/EntityGenerator.php
@@ -364,7 +364,7 @@ public function writeEntityClass(ClassMetadataInfo $metadata, $outputDirectory)
         $dir = dirname($path);
 
         if ( ! is_dir($dir)) {
-            mkdir($dir, 0777, true);
+            mkdir($dir, 0775, true);
         }
 
         $this->isNew = !file_exists($path) || (file_exists($path) && $this->regenerateEntityIfExists);
@@ -389,6 +389,7 @@ public function writeEntityClass(ClassMetadataInfo $metadata, $outputDirectory)
         } elseif ( ! $this->isNew && $this->updateEntityIfExists) {
             file_put_contents($path, $this->generateUpdatedEntityClass($metadata, $path));
         }
+        chmod($path, 0664);
     }
 
     /**
diff --git a/lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php b/lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php
@@ -147,11 +147,12 @@ public function writeEntityRepositoryClass($fullClassName, $outputDirectory)
         $dir = dirname($path);
 
         if ( ! is_dir($dir)) {
-            mkdir($dir, 0777, true);
+            mkdir($dir, 0775, true);
         }
 
         if ( ! file_exists($path)) {
             file_put_contents($path, $code);
+            chmod($path, 0664);
         }
     }
 
diff --git a/lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php b/lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php
@@ -130,7 +130,7 @@ public function setOutputDir($dir)
     public function export()
     {
         if ( ! is_dir($this->_outputDir)) {
-            mkdir($this->_outputDir, 0777, true);
+            mkdir($this->_outputDir, 0775, true);
         }
 
         foreach ($this->_metadata as $metadata) {
@@ -139,12 +139,13 @@ public function export()
                 $path = $this->_generateOutputPath($metadata);
                 $dir = dirname($path);
                 if ( ! is_dir($dir)) {
-                    mkdir($dir, 0777, true);
+                    mkdir($dir, 0775, true);
                 }
                 if (file_exists($path) && !$this->_overwriteExistingFiles) {
                     throw ExportException::attemptOverwriteExistingFile($path);
                 }
                 file_put_contents($path, $output);
+                chmod($path, 0664);
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ class FileLockRegion implements ConcurrentRegion`
`61`	`61`	`*/`
`62`	`62`	`public function __construct(Region $region, $directory, $lockLifetime)`
`63`	`63`	`{`
`64`		`- if ( ! is_dir($directory) && ! @mkdir($directory, 0777, true)) {`
	`64`	`+ if ( ! is_dir($directory) && ! @mkdir($directory, 0775, true)) {`
`65`	`65`	`throw new \InvalidArgumentException(sprintf('The directory "%s" does not exist and could not be created.', $directory));`
`66`	`66`	`}`
`67`	`67`
`@@ -242,6 +242,7 @@ public function lock(CacheKey $key)`
`242`	`242`	`if ( ! @file_put_contents($filename, $lock->value, LOCK_EX)) {`
`243`	`243`	`return null;`
`244`	`244`	`}`
	`245`	`+ chmod($filename, 0664);`
`245`	`246`
`246`	`247`	`return $lock;`
`247`	`248`	`}`
Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ protected function execute(InputInterface $input, OutputInterface $output)`
`137`	`137`
`138`	`138`	`// Process destination directory`
`139`	`139`	`if ( ! is_dir($destPath = $input->getArgument('dest-path'))) {`
`140`		`- mkdir($destPath, 0777, true);`
	`140`	`+ mkdir($destPath, 0775, true);`
`141`	`141`	`}`
`142`	`142`	`$destPath = realpath($destPath);`
`143`	`143`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ protected function execute(InputInterface $input, OutputInterface $output)`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`if ( ! is_dir($destPath)) {`
`82`		`- mkdir($destPath, 0777, true);`
	`82`	`+ mkdir($destPath, 0775, true);`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`$destPath = realpath($destPath);`
Original file line number	Diff line number	Diff line change
`@@ -364,7 +364,7 @@ public function writeEntityClass(ClassMetadataInfo $metadata, $outputDirectory)`
`364`	`364`	`$dir = dirname($path);`
`365`	`365`
`366`	`366`	`if ( ! is_dir($dir)) {`
`367`		`- mkdir($dir, 0777, true);`
	`367`	`+ mkdir($dir, 0775, true);`
`368`	`368`	`}`
`369`	`369`
`370`	`370`	`$this->isNew = !file_exists($path) \|\| (file_exists($path) && $this->regenerateEntityIfExists);`
`@@ -389,6 +389,7 @@ public function writeEntityClass(ClassMetadataInfo $metadata, $outputDirectory)`
`389`	`389`	`} elseif ( ! $this->isNew && $this->updateEntityIfExists) {`
`390`	`390`	`file_put_contents($path, $this->generateUpdatedEntityClass($metadata, $path));`
`391`	`391`	`}`
	`392`	`+ chmod($path, 0664);`
`392`	`393`	`}`
`393`	`394`
`394`	`395`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -147,11 +147,12 @@ public function writeEntityRepositoryClass($fullClassName, $outputDirectory)`
`147`	`147`	`$dir = dirname($path);`
`148`	`148`
`149`	`149`	`if ( ! is_dir($dir)) {`
`150`		`- mkdir($dir, 0777, true);`
	`150`	`+ mkdir($dir, 0775, true);`
`151`	`151`	`}`
`152`	`152`
`153`	`153`	`if ( ! file_exists($path)) {`
`154`	`154`	`file_put_contents($path, $code);`
	`155`	`+ chmod($path, 0664);`
`155`	`156`	`}`
`156`	`157`	`}`
`157`	`158`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ public function setOutputDir($dir)`
`130`	`130`	`public function export()`
`131`	`131`	`{`
`132`	`132`	`if ( ! is_dir($this->_outputDir)) {`
`133`		`- mkdir($this->_outputDir, 0777, true);`
	`133`	`+ mkdir($this->_outputDir, 0775, true);`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`foreach ($this->_metadata as $metadata) {`
`@@ -139,12 +139,13 @@ public function export()`
`139`	`139`	`$path = $this->_generateOutputPath($metadata);`
`140`	`140`	`$dir = dirname($path);`
`141`	`141`	`if ( ! is_dir($dir)) {`
`142`		`- mkdir($dir, 0777, true);`
	`142`	`+ mkdir($dir, 0775, true);`
`143`	`143`	`}`
`144`	`144`	`if (file_exists($path) && !$this->_overwriteExistingFiles) {`
`145`	`145`	`throw ExportException::attemptOverwriteExistingFile($path);`
`146`	`146`	`}`
`147`	`147`	`file_put_contents($path, $output);`
	`148`	`+ chmod($path, 0664);`
`148`	`149`	`}`
`149`	`150`	`}`
`150`	`151`	`}`