From fdaa4881445e7eeef03ede28a7f3260dd3caf021 Mon Sep 17 00:00:00 2001
From: arshidkv12 <arshidkv12@gmail.com>
Date: Sat, 31 Jan 2026 23:12:58 +0530
Subject: [PATCH] ext/posix: validity check for flags argument in posix_access

close GH-21104
---
 NEWS                                    |  3 ++
 ext/posix/posix.c                       |  9 +++++
 ext/posix/tests/posix_access_flags.phpt | 54 +++++++++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 ext/posix/tests/posix_access_flags.phpt

diff --git a/NEWS b/NEWS
index e26c9eca2fd..b19b09c2144 100644
--- a/NEWS
+++ b/NEWS
@@ -78,6 +78,9 @@ PHP                                                                        NEWS
   . Mark Phar::buildFromIterator() base directory argument as a path.
     (ndossche)
 
+- Posix:
+  . Added validity check to the flags argument for posix_access(). (arshidkv12)
+
 - Reflection:
   . Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true
     for classes with property hooks). (alexandre-daubois)
diff --git a/ext/posix/posix.c b/ext/posix/posix.c
index b7acf8c7512..76e14f6ecb0 100644
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@@ -744,6 +744,15 @@ PHP_FUNCTION(posix_access)
 		RETURN_FALSE;
 	}
 
+	if (mode < 0 || (mode & ~(F_OK | R_OK | W_OK | X_OK))) {
+		zend_argument_value_error(
+			2,
+			"must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK"
+		);
+		efree(path);
+		RETURN_THROWS();
+	}
+
 	ret = access(path, mode);
 	efree(path);
 
diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt
new file mode 100644
index 00000000000..0989e2a2bc6
--- /dev/null
+++ b/ext/posix/tests/posix_access_flags.phpt
@@ -0,0 +1,54 @@
+--TEST--
+posix_access() flag (mode) validation
+--SKIPIF--
+<?php
+if (!function_exists("posix_access")) {
+    die("skip no posix_access()");
+}
+?>
+--FILE--
+<?php
+
+$dir = __DIR__;
+$testfile = "$dir/testfile.txt";
+
+// Create a temporary file for valid access tests
+file_put_contents($testfile, "hello");
+
+try {
+    posix_access($testfile, -1);
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    posix_access($testfile, 01000); // S_ISVTX bit (sticky)
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    posix_access($testfile, 02000); // S_ISGID bit
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+if (posix_access($testfile, POSIX_R_OK | POSIX_W_OK)) {
+    echo "Read/write access OK\n";
+}
+
+if (posix_access($testfile, POSIX_F_OK)) {
+    echo "File exists OK\n";
+}
+
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/testfile.txt');
+?>
+--EXPECTF--
+posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK
+posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK
+posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK
+Read/write access OK
+File exists OK