diff options
Diffstat (limited to 'ext/standard/exec.c')
| -rw-r--r-- | ext/standard/exec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index b2f44efae4..683878877b 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -188,6 +188,10 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command"); RETURN_FALSE; } + if (strlen(cmd) != cmd_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } if (!ret_array) { ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC); |