From caf30b889bb898620d843d1ec4940d01fa1d8877 Mon Sep 17 00:00:00 2001 From: Benjamin Eberlei Date: Mon, 31 Aug 2015 13:57:29 +0200 Subject: [PATCH] [DCOM-293] Fix security misconfiguration vulnerability allowing local remote arbitrary code execution. --- .../ORM/Tools/Console/Command/ConvertMappingCommand.php | 2 +- .../ORM/Tools/Console/Command/GenerateProxiesCommand.php | 2 +- lib/Doctrine/ORM/Tools/EntityGenerator.php | 3 ++- lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php | 3 ++- lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php | 5 +++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php b/lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php index 5300783af4e..b2aee7e7e3e 100644 --- a/lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php +++ b/lib/Doctrine/ORM/Tools/Console/Command/ConvertMappingCommand.php @@ -137,7 +137,7 @@ protected function execute(InputInterface $input, OutputInterface $output) // Process destination directory if ( ! is_dir($destPath = $input->getArgument('dest-path'))) { - mkdir($destPath, 0777, true); + mkdir($destPath, 0775, true); } $destPath = realpath($destPath); diff --git a/lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php b/lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php index 52211879411..21edb9dab83 100644 --- a/lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php +++ b/lib/Doctrine/ORM/Tools/Console/Command/GenerateProxiesCommand.php @@ -79,7 +79,7 @@ protected function execute(InputInterface $input, OutputInterface $output) } if ( ! is_dir($destPath)) { - mkdir($destPath, 0777, true); + mkdir($destPath, 0775, true); } $destPath = realpath($destPath); diff --git a/lib/Doctrine/ORM/Tools/EntityGenerator.php b/lib/Doctrine/ORM/Tools/EntityGenerator.php index 3f634104db1..e582e7386c2 100644 --- a/lib/Doctrine/ORM/Tools/EntityGenerator.php +++ b/lib/Doctrine/ORM/Tools/EntityGenerator.php @@ -340,7 +340,7 @@ public function writeEntityClass(ClassMetadataInfo $metadata, $outputDirectory) $dir = dirname($path); if ( ! is_dir($dir)) { - mkdir($dir, 0777, true); + mkdir($dir, 0775, true); } $this->isNew = !file_exists($path) || (file_exists($path) && $this->regenerateEntityIfExists); @@ -365,6 +365,7 @@ public function writeEntityClass(ClassMetadataInfo $metadata, $outputDirectory) } elseif ( ! $this->isNew && $this->updateEntityIfExists) { file_put_contents($path, $this->generateUpdatedEntityClass($metadata, $path)); } + chmod($path, 0664); } /** diff --git a/lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php b/lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php index 5093cd54d5f..2bcc40c07f5 100644 --- a/lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php +++ b/lib/Doctrine/ORM/Tools/EntityRepositoryGenerator.php @@ -96,11 +96,12 @@ public function writeEntityRepositoryClass($fullClassName, $outputDirectory) $dir = dirname($path); if ( ! is_dir($dir)) { - mkdir($dir, 0777, true); + mkdir($dir, 0775, true); } if ( ! file_exists($path)) { file_put_contents($path, $code); + chmod($path, 0664); } } } diff --git a/lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php b/lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php index d40d0786e65..546b5760c7c 100644 --- a/lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php +++ b/lib/Doctrine/ORM/Tools/Export/Driver/AbstractExporter.php @@ -130,7 +130,7 @@ public function setOutputDir($dir) public function export() { if ( ! is_dir($this->_outputDir)) { - mkdir($this->_outputDir, 0777, true); + mkdir($this->_outputDir, 0775, true); } foreach ($this->_metadata as $metadata) { @@ -139,12 +139,13 @@ public function export() $path = $this->_generateOutputPath($metadata); $dir = dirname($path); if ( ! is_dir($dir)) { - mkdir($dir, 0777, true); + mkdir($dir, 0775, true); } if (file_exists($path) && !$this->_overwriteExistingFiles) { throw ExportException::attemptOverwriteExistingFile($path); } file_put_contents($path, $output); + chmod($path, 0664); } } }