diff options
author | Anatol Belski <ab@php.net> | 2016-01-12 14:57:22 +0100 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-01-12 14:57:22 +0100 |
commit | c527549e899bf211aac7d8ab5ceb1bdfedf07f14 (patch) | |
tree | 79cd6d019abaa060844c1424a5db6e5ecaf4b76e /ext/standard/exec.c | |
parent | 22a5ccab720fdff4bb56f2af6efe9ca7d3045a48 (diff) | |
download | php-git-c527549e899bf211aac7d8ab5ceb1bdfedf07f14.tar.gz |
Fixed bug #71039 exec functions ignore length but look for NULL termination
Diffstat (limited to 'ext/standard/exec.c')
-rw-r--r-- | ext/standard/exec.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 747f765dd4..29024f6f43 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -467,6 +467,10 @@ PHP_FUNCTION(escapeshellcmd) } if (command_len) { + if (command_len != strlen(command)) { + php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes"); + return; + } RETVAL_STR(php_escape_shell_cmd(command)); } else { RETVAL_EMPTY_STRING(); @@ -486,6 +490,10 @@ PHP_FUNCTION(escapeshellarg) } if (argument) { + if (argument_len != strlen(argument)) { + php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes"); + return; + } RETVAL_STR(php_escape_shell_arg(argument)); } } |