diff options
author | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-14 05:27:44 +0900 |
---|---|---|
committer | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-14 05:27:44 +0900 |
commit | a54300b3f69aa1c0f417d02d653045f8805f327d (patch) | |
tree | a62632271515926a39b5fc6777fbc669bf08e258 | |
parent | b3d28d14d6cec9b3968dda5da41feb02d5b1b069 (diff) | |
parent | 3ea76a768c9bd287472cfbf8a8e317bee782f17c (diff) | |
download | php-git-a54300b3f69aa1c0f417d02d653045f8805f327d.tar.gz |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Add NULL byte protection to exec, system and passthru
-rw-r--r-- | ext/standard/exec.c | 4 | ||||
-rw-r--r-- | ext/standard/tests/misc/exec_basic1.phpt | 25 |
2 files changed, 29 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index b2f44efae4..683878877b 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -188,6 +188,10 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command"); RETURN_FALSE; } + if (strlen(cmd) != cmd_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } if (!ret_array) { ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC); diff --git a/ext/standard/tests/misc/exec_basic1.phpt b/ext/standard/tests/misc/exec_basic1.phpt new file mode 100644 index 0000000000..514c116d68 --- /dev/null +++ b/ext/standard/tests/misc/exec_basic1.phpt @@ -0,0 +1,25 @@ +--TEST-- +exec, system, passthru — Basic command execution functions +--SKIPIF-- +<?php +// If this does not work for Windows, please uncomment or fix test +// if(substr(PHP_OS, 0, 3) == "WIN") die("skip not for Windows"); +?> +--FILE-- +<?php +$cmd = "echo abc\n\0command"; +var_dump(exec($cmd, $output)); +var_dump($output); +var_dump(system($cmd)); +var_dump(passthru($cmd)); +?> +--EXPECTF-- +Warning: exec(): NULL byte detected. Possible attack in %s on line %d +bool(false) +NULL + +Warning: system(): NULL byte detected. Possible attack in %s on line %d +bool(false) + +Warning: passthru(): NULL byte detected. Possible attack in %s on line %d +bool(false) |