diff options
author | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-14 05:25:04 +0900 |
---|---|---|
committer | Julien Pauli <jpauli@php.net> | 2015-02-18 11:35:38 +0100 |
commit | 2b4e1881b8b656297ffe91dedaf6b9d34585961e (patch) | |
tree | 322096dfeeb001a53e4b04bc281d1012fbe6ed9e | |
parent | 996faf964bba1aec06b153b370a7f20d3dd2bb8b (diff) | |
download | php-git-2b4e1881b8b656297ffe91dedaf6b9d34585961e.tar.gz |
Add NULL byte protection to exec, system and passthru
-rw-r--r-- | ext/standard/exec.c | 4 | ||||
-rw-r--r-- | ext/standard/tests/misc/exec_basic1.phpt | 25 |
2 files changed, 29 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index b2f44efae4..683878877b 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -188,6 +188,10 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command"); RETURN_FALSE; } + if (strlen(cmd) != cmd_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } if (!ret_array) { ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC); diff --git a/ext/standard/tests/misc/exec_basic1.phpt b/ext/standard/tests/misc/exec_basic1.phpt new file mode 100644 index 0000000000..514c116d68 --- /dev/null +++ b/ext/standard/tests/misc/exec_basic1.phpt @@ -0,0 +1,25 @@ +--TEST-- +exec, system, passthru — Basic command execution functions +--SKIPIF-- +<?php +// If this does not work for Windows, please uncomment or fix test +// if(substr(PHP_OS, 0, 3) == "WIN") die("skip not for Windows"); +?> +--FILE-- +<?php +$cmd = "echo abc\n\0command"; +var_dump(exec($cmd, $output)); +var_dump($output); +var_dump(system($cmd)); +var_dump(passthru($cmd)); +?> +--EXPECTF-- +Warning: exec(): NULL byte detected. Possible attack in %s on line %d +bool(false) +NULL + +Warning: system(): NULL byte detected. Possible attack in %s on line %d +bool(false) + +Warning: passthru(): NULL byte detected. Possible attack in %s on line %d +bool(false) |