summaryrefslogtreecommitdiff
path: root/ext/standard/exec.c
diff options
context:
space:
mode:
authorAnatol Belski <ab@php.net>2016-01-12 14:57:22 +0100
committerAnatol Belski <ab@php.net>2016-01-12 14:57:22 +0100
commitc527549e899bf211aac7d8ab5ceb1bdfedf07f14 (patch)
tree79cd6d019abaa060844c1424a5db6e5ecaf4b76e /ext/standard/exec.c
parent22a5ccab720fdff4bb56f2af6efe9ca7d3045a48 (diff)
downloadphp-git-c527549e899bf211aac7d8ab5ceb1bdfedf07f14.tar.gz
Fixed bug #71039 exec functions ignore length but look for NULL termination
Diffstat (limited to 'ext/standard/exec.c')
-rw-r--r--ext/standard/exec.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 747f765dd4..29024f6f43 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -467,6 +467,10 @@ PHP_FUNCTION(escapeshellcmd)
}
if (command_len) {
+ if (command_len != strlen(command)) {
+ php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes");
+ return;
+ }
RETVAL_STR(php_escape_shell_cmd(command));
} else {
RETVAL_EMPTY_STRING();
@@ -486,6 +490,10 @@ PHP_FUNCTION(escapeshellarg)
}
if (argument) {
+ if (argument_len != strlen(argument)) {
+ php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes");
+ return;
+ }
RETVAL_STR(php_escape_shell_arg(argument));
}
}