diff options
| author | Stanislav Malyshev <stas@php.net> | 2020-04-13 21:00:44 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2020-04-13 21:08:30 -0700 |
| commit | 14fcc813948254b84f382ff537247d8a7e5e0e62 (patch) | |
| tree | f2a9e5a3ccee95d4189e17550203d9ce48add21b | |
| parent | 3072b77c215409fa20f925728ac3059ba6e13484 (diff) | |
| download | php-git-14fcc813948254b84f382ff537247d8a7e5e0e62.tar.gz | |
Fix bug #79330 - make all execution modes consistent in rejecting \0
| -rw-r--r-- | ext/standard/exec.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index b748e173ce..da5d3e9215 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -531,6 +531,15 @@ PHP_FUNCTION(shell_exec) Z_PARAM_STRING(command, command_len) ZEND_PARSE_PARAMETERS_END(); + if (!command_len) { + php_error_docref(NULL, E_WARNING, "Cannot execute a blank command"); + RETURN_FALSE; + } + if (strlen(command) != command_len) { + php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } + #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else |