]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22a5cca)
Fixed bug #71039 exec functions ignore length but look for NULL termination
authorAnatol Belski <ab@php.net>
Tue, 12 Jan 2016 13:57:22 +0000 (14:57 +0100)
committerAnatol Belski <ab@php.net>
Tue, 12 Jan 2016 13:57:22 +0000 (14:57 +0100)
ext/standard/exec.c patch | blob | history
ext/standard/tests/general_functions/escapeshellarg_bug71039.phpt [new file with mode: 0644] patch | blob
ext/standard/tests/general_functions/escapeshellcmd_bug71039.phpt [new file with mode: 0644] patch | blob

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 747f765dd4b508af788b479bce811ced1abbb7e2..29024f6f4386a6d5c05418b1344e910121fc0d17 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -467,6 +467,10 @@ PHP_FUNCTION(escapeshellcmd)
        }
 
        if (command_len) {
+               if (command_len != strlen(command)) {
+                       php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes");
+                       return;
+               }
                RETVAL_STR(php_escape_shell_cmd(command));
        } else {
                RETVAL_EMPTY_STRING();
@@ -486,6 +490,10 @@ PHP_FUNCTION(escapeshellarg)
        }
 
        if (argument) {
+               if (argument_len != strlen(argument)) {
+                       php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes");
+                       return;
+               }
                RETVAL_STR(php_escape_shell_arg(argument));
        }
 }
diff --git a/ext/standard/tests/general_functions/escapeshellarg_bug71039.phpt b/ext/standard/tests/general_functions/escapeshellarg_bug71039.phpt
new file mode 100644 (file)
index 0000000..cbb3f6f
--- /dev/null
+++ b/ext/standard/tests/general_functions/escapeshellarg_bug71039.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Test escapeshellarg() string with \0 bytes
+--FILE--
+<?php
+escapeshellarg("hello\0world");
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: escapeshellarg(): Input string contains NULL bytes in %s on line %d
diff --git a/ext/standard/tests/general_functions/escapeshellcmd_bug71039.phpt b/ext/standard/tests/general_functions/escapeshellcmd_bug71039.phpt
new file mode 100644 (file)
index 0000000..0a4d7ea
--- /dev/null
+++ b/ext/standard/tests/general_functions/escapeshellcmd_bug71039.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Test escapeshellcmd() string with \0 bytes
+--FILE--
+<?php
+escapeshellcmd("hello\0world");
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: escapeshellcmd(): Input string contains NULL bytes in %s on line %d
Unnamed repository; edit this file 'description' to name the repository.