Merge tag 'PHP-5.4.32' into PHP-5.4

5.4.32 * tag 'PHP-5.4.32': 5.4.32 fix potentially missing NUL termination Fix bug #67730 - Null byte injection possible with imagexxx functions Fixed bug #67717 - segfault in dns_get_record Fix bug #67716 - Segfault in cdf.c 5.4.32 RC1 Conflicts: configure.in main/php_version.h
author: Stanislav Malyshev <stas@php.net> 2014-08-19 01:33:45 -0700
committer: Stanislav Malyshev <stas@php.net> 2014-08-19 01:33:45 -0700
commit: 5a7039035ce22a68130af2309ff002a611976c87 (patch)
tree: 87530c1ed34ffa32c50a444d93c2b17d3f6f130e /ext
parent: 88c48a4b95376a22a571b82a946431826b0dd61b (diff)
parent: eb2360602e256c608ea0c5f6be0ec5ec085999f3 (diff)
download: php-git-5a7039035ce22a68130af2309ff002a611976c87.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
index bff691fad2..eafbab5896 100644
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
 				RETURN_FALSE;
 			}
 		} else if (Z_TYPE_P(to_zval) == IS_STRING) {
+			if (CHECK_ZVAL_NULL_PATH(to_zval)) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
+				RETURN_FALSE;
+			}
+
 			stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
 			if (stream == NULL) {
 				RETURN_FALSE;
author	Stanislav Malyshev <stas@php.net>	2014-08-19 01:33:45 -0700
committer	Stanislav Malyshev <stas@php.net>	2014-08-19 01:33:45 -0700
commit	5a7039035ce22a68130af2309ff002a611976c87 (patch)
tree	87530c1ed34ffa32c50a444d93c2b17d3f6f130e /ext
parent	88c48a4b95376a22a571b82a946431826b0dd61b (diff)
parent	eb2360602e256c608ea0c5f6be0ec5ec085999f3 (diff)
download	php-git-5a7039035ce22a68130af2309ff002a611976c87.tar.gz