diff options
author | Stanislav Malyshev <stas@php.net> | 2020-04-13 21:09:23 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2020-04-13 21:09:23 -0700 |
commit | d3fbdf0048cd0d99a57720c589b8d7a1d5f223af (patch) | |
tree | 04ea59b267f22ffc43047eeb9987b07ef90755ef | |
parent | 83004588140dbf360e92c53779715b1a2c16f286 (diff) | |
parent | 864d69bef784d303e2664c943c4281d34f62b09d (diff) | |
download | php-git-d3fbdf0048cd0d99a57720c589b8d7a1d5f223af.tar.gz |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix bug #79465 - use unsigneds as indexes.
Fix bug #79330 - make all execution modes consistent in rejecting \0
-rw-r--r-- | ext/standard/exec.c | 9 | ||||
-rw-r--r-- | ext/standard/url.c | 4 |
2 files changed, 11 insertions, 2 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index b8b64b6aa2..9935e2b34c 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -529,6 +529,15 @@ PHP_FUNCTION(shell_exec) Z_PARAM_STRING(command, command_len) ZEND_PARSE_PARAMETERS_END(); + if (!command_len) { + php_error_docref(NULL, E_WARNING, "Cannot execute a blank command"); + RETURN_FALSE; + } + if (strlen(command) != command_len) { + php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } + #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else diff --git a/ext/standard/url.c b/ext/standard/url.c index e3e04a9cd9..0d05ec98c1 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -545,7 +545,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; @@ -641,7 +641,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; |