Fixed bug #41693 (scandir() allows empty directory names).

diff --git a/NEWS b/NEWS
index 553c72c649466799383df64d9ba8a7677e99a35d..ef88ccec8e640edfd75c0eafaf0a81864474c705 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -92,6 +92,7 @@ PHP                                                                        NEWS
 - Fixed altering $this via argument named "this". (Dmitry)
 - Fixed PHP CLI usage of php.ini from the binary location. (Hannes)
 - Fixed segfault in strripos(). (Tony, Joxean Koret)
+- Fixed bug #41693 (scandir() allows empty directory names). (Ilia)
 - Fixed bug #41673 (json_encode breaks large numbers in arrays). (Ilia)
 - Fixed bug #41525 (ReflectionParameter::getPosition() not available). (Marcus)
 - Fixed bug #41511 (Compile failure under IRIX 6.5.30 building md5.c). (Jani)

diff --git a/ext/standard/dir.c b/ext/standard/dir.c
index cc52f32f29a44c768e1f8696e56a3b655d27bd54..4d119bfddb08b35c48627c049668956f0ede58ec 100644 (file)
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@@ -482,6 +482,11 @@ PHP_FUNCTION(scandir)
                return;
        }
 
+       if (dirn_len < 1) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Directory name cannot be empty");
+               RETURN_FALSE;
+       }
+
        if (zcontext) {
                context = php_stream_context_from_zval(zcontext, 0);
        }

diff --git a/ext/standard/tests/file/bug41693.phpt b/ext/standard/tests/file/bug41693.phpt
new file mode 100644 (file)
index 0000000..6c7ff5b
--- /dev/null
+++ b/ext/standard/tests/file/bug41693.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #41693 (scandir() allows empty directory names) 
+--FILE--
+<?php
+
+var_dump(scandir(''));
+
+echo "Done\n";
+?>
+--EXPECTF--    
+Warning: scandir(): Directory name cannot be empty in %s on line %d
+bool(false)
+Done