diff options
author | Stanislav Malyshev <stas@php.net> | 2015-05-31 22:53:35 -0700 |
---|---|---|
committer | Ferenc Kovacs <tyrael@php.net> | 2015-06-10 09:29:11 +0200 |
commit | d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 (patch) | |
tree | 9ed0d3dfa7f3d9aef1653d0d248c8b446e1f1ea6 | |
parent | 8fc52d77d6f66c438c98d536e2309b5fd13f90de (diff) | |
download | php-git-d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9.tar.gz |
Fix bug #69646 OS command injection vulnerability in escapeshellarg
-rw-r--r-- | ext/standard/exec.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 683878877b..06c068399d 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -380,6 +380,14 @@ PHPAPI char *php_escape_shell_arg(char *str) } } #ifdef PHP_WIN32 + if (y > 0 && '\\' == cmd[y - 1]) { + int k = 0, n = y - 1; + for (; n >= 0 && '\\' == cmd[n]; n--, k++); + if (k % 2) { + cmd[y++] = '\\'; + } + } + cmd[y++] = '"'; #else cmd[y++] = '\''; |