diff options
-rw-r--r-- | ext/standard/exec.c | 9 | ||||
-rw-r--r-- | ext/standard/url.c | 4 |
2 files changed, 11 insertions, 2 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 7f8ce817e4..0591dcf4e0 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -537,6 +537,15 @@ PHP_FUNCTION(shell_exec) Z_PARAM_STRING(command, command_len) ZEND_PARSE_PARAMETERS_END(); + if (!command_len) { + php_error_docref(NULL, E_WARNING, "Cannot execute a blank command"); + RETURN_FALSE; + } + if (strlen(command) != command_len) { + php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } + #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else diff --git a/ext/standard/url.c b/ext/standard/url.c index 6880e40a01..20254de0c5 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -547,7 +547,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; @@ -643,7 +643,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; |