Added NULL byte protection to exec, system and passthru.

author Yasuo Ohgaki <yohgaki@php.net>

Fri, 13 Feb 2015 20:37:56 +0000 (05:37 +0900)

committer Yasuo Ohgaki <yohgaki@php.net>

Fri, 13 Feb 2015 20:37:56 +0000 (05:37 +0900)
author Yasuo Ohgaki <yohgaki@php.net>
Fri, 13 Feb 2015 20:37:56 +0000 (05:37 +0900)
committer Yasuo Ohgaki <yohgaki@php.net>
Fri, 13 Feb 2015 20:37:56 +0000 (05:37 +0900)
diff --git a/NEWS b/NEWS

index ec5979199475faeb14f3e1eafb0bd08a5ec8dc92..fdbd25bbe2dea7835a9a635b5fd0332efe2bc32a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,7 @@
    . Removed dl() function on fpm-fcgi. (Nikita)
    . Removed support for hexadecimal numeric strings. (Nikita)
    . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol)
+  . Added NULL byte protection to exec, system and passthru. (Yasuo)
  
  - Curl:
    . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
diff --git a/ext/standard/exec.c b/ext/standard/exec.c

index a72757373556e6257c51adfc5189f0757f04537a..a98751ef12a852aaa17b51608683d66e1760579a 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -190,7 +190,7 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
                 RETURN_FALSE;
         }
         if (strlen(cmd) != cmd_len) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
+               php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
                 RETURN_FALSE;
         }
author	Yasuo Ohgaki <yohgaki@php.net>
	Fri, 13 Feb 2015 20:37:56 +0000 (05:37 +0900)
committer	Yasuo Ohgaki <yohgaki@php.net>
	Fri, 13 Feb 2015 20:37:56 +0000 (05:37 +0900)
NEWS		patch \| blob \| history
ext/standard/exec.c		patch \| blob \| history