diff options
author | Stanislav Malyshev <stas@php.net> | 2020-04-13 21:09:08 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2020-04-13 21:09:08 -0700 |
commit | d539e61c303eea2058cc5b99b4bbfec92438132f (patch) | |
tree | 2503a98fe368e9dfdec15e91463eed0b2e78770f | |
parent | 7e91fcd7f95e304aef4c76d1af20da3f40f10594 (diff) | |
parent | 9d6bf8221b05f86ce5875832f0f646c4c1f218be (diff) | |
download | php-git-d539e61c303eea2058cc5b99b4bbfec92438132f.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix bug #79465 - use unsigneds as indexes.
Fix bug #79330 - make all execution modes consistent in rejecting \0
-rw-r--r-- | ext/standard/exec.c | 9 | ||||
-rw-r--r-- | ext/standard/url.c | 4 |
2 files changed, 11 insertions, 2 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 7f8ce817e4..0591dcf4e0 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -537,6 +537,15 @@ PHP_FUNCTION(shell_exec) Z_PARAM_STRING(command, command_len) ZEND_PARSE_PARAMETERS_END(); + if (!command_len) { + php_error_docref(NULL, E_WARNING, "Cannot execute a blank command"); + RETURN_FALSE; + } + if (strlen(command) != command_len) { + php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } + #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else diff --git a/ext/standard/url.c b/ext/standard/url.c index 6880e40a01..20254de0c5 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -547,7 +547,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; @@ -643,7 +643,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; |