Fix bug #69646 OS command injection vulnerability in escapeshellarg

author: Stanislav Malyshev <stas@php.net> 2015-05-31 22:53:35 -0700
committer: Ferenc Kovacs <tyrael@php.net> 2015-06-10 09:29:11 +0200
commit: d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 (patch)
tree: 9ed0d3dfa7f3d9aef1653d0d248c8b446e1f1ea6
parent: 8fc52d77d6f66c438c98d536e2309b5fd13f90de (diff)
download: php-git-d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 683878877b..06c068399d 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -380,6 +380,14 @@ PHPAPI char *php_escape_shell_arg(char *str)
 		}
 	}
 #ifdef PHP_WIN32
+	if (y > 0 && '\\' == cmd[y - 1]) {
+		int k = 0, n = y - 1;
+		for (; n >= 0 && '\\' == cmd[n]; n--, k++);
+		if (k % 2) {
+			cmd[y++] = '\\';
+		}
+	}
+
 	cmd[y++] = '"';
 #else
 	cmd[y++] = '\'';
author	Stanislav Malyshev <stas@php.net>	2015-05-31 22:53:35 -0700
committer	Ferenc Kovacs <tyrael@php.net>	2015-06-10 09:29:11 +0200
commit	d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 (patch)
tree	9ed0d3dfa7f3d9aef1653d0d248c8b446e1f1ea6
parent	8fc52d77d6f66c438c98d536e2309b5fd13f90de (diff)
download	php-git-d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9.tar.gz