From ce96fd6b0761d98353761bf78d5bfb55291179fd Mon Sep 17 00:00:00 2001
From: Pierre Joye <pajoye@php.net>
Date: Thu, 18 Nov 2010 15:22:22 +0000
Subject: - fix #39863, do not accept paths with NULL in them. See
 http://news.php.net/php.internals/50191, trunk will have the patch later
 (adding a macro and/or changing (some) APIs. Patch by Rasmus

---
 ext/posix/posix.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'ext/posix')

diff --git a/ext/posix/posix.c b/ext/posix/posix.c
index aeaae224b2..b4ba1aff0b 100644
--- a/ext/posix/posix.c
+++ b/ext/posix/posix.c
@@ -842,6 +842,10 @@ PHP_FUNCTION(posix_mkfifo)
 		RETURN_FALSE;
 	}
 
+	if (strlen(path) != path_len) {
+		RETURN_FALSE;
+	}
+
 	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
 			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
 		RETURN_FALSE;
@@ -877,6 +881,10 @@ PHP_FUNCTION(posix_mknod)
 		RETURN_FALSE;
 	}
 
+	if (strlen(path) != path_len) {
+		RETURN_FALSE;
+	}
+
 	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
 			(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR)))) {
 		RETURN_FALSE;
@@ -957,6 +965,10 @@ PHP_FUNCTION(posix_access)
 		RETURN_FALSE;
 	}
 
+	if (strlen(filename) != filename_len) {
+		RETURN_FALSE;
+	}
+
 	path = expand_filepath(filename, NULL TSRMLS_CC);
 	if (!path) {
 		POSIX_G(last_error) = EIO;
-- 
cgit v1.2.1