From 14fcc813948254b84f382ff537247d8a7e5e0e62 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 13 Apr 2020 21:00:44 -0700 Subject: Fix bug #79330 - make all execution modes consistent in rejecting \0 --- ext/standard/exec.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ext/standard/exec.c b/ext/standard/exec.c index b748e173ce..da5d3e9215 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -531,6 +531,15 @@ PHP_FUNCTION(shell_exec) Z_PARAM_STRING(command, command_len) ZEND_PARSE_PARAMETERS_END(); + if (!command_len) { + php_error_docref(NULL, E_WARNING, "Cannot execute a blank command"); + RETURN_FALSE; + } + if (strlen(command) != command_len) { + php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack"); + RETURN_FALSE; + } + #ifdef PHP_WIN32 if ((in=VCWD_POPEN(command, "rt"))==NULL) { #else -- cgit v1.2.1 From 9d6bf8221b05f86ce5875832f0f646c4c1f218be Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 13 Apr 2020 21:07:04 -0700 Subject: Fix bug #79465 - use unsigneds as indexes. --- ext/standard/url.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/standard/url.c b/ext/standard/url.c index fe6d7f9de1..1dd073e2bb 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -559,7 +559,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; @@ -651,7 +651,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len) #ifndef CHARSET_EBCDIC *dest = (char) php_htoi(data + 1); #else - *dest = os_toebcdic[(char) php_htoi(data + 1)]; + *dest = os_toebcdic[(unsigned char) php_htoi(data + 1)]; #endif data += 2; len -= 2; -- cgit v1.2.1