]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e4aa5c0)
Fixed bug #69646 (OS command injection vulnerability in escapeshellarg)
authorStanislav Malyshev <stas@php.net>
Wed, 10 Jun 2015 04:37:17 +0000 (21:37 -0700)
committerStanislav Malyshev <stas@php.net>
Wed, 10 Jun 2015 04:37:17 +0000 (21:37 -0700)
ext/standard/exec.c patch | blob | history

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 71dfc7c361672000466874cf94a491c644ac4f52..60fd7ba1aa513a9ce2a285b27f398b4f61ff0c41 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -383,6 +383,14 @@ PHPAPI zend_string *php_escape_shell_arg(char *str)
                }
        }
 #ifdef PHP_WIN32
+       if (y > 0 && '\\' == cmd->val[y - 1]) {
+               int k = 0, n = y - 1;
+               for (; n >= 0 && '\\' == cmd->val[n]; n--, k++);
+               if (k % 2) {
+                       cmd->val[y++] = '\\';
+               }
+       }
+
        cmd->val[y++] = '"';
 #else
        cmd->val[y++] = '\'';
Unnamed repository; edit this file 'description' to name the repository.