From: Yasuo Ohgaki <yohgaki@php.net>
Date: Fri, 13 Feb 2015 20:28:32 +0000 (+0900)
Subject: Merge branch 'PHP-5.6'
X-Git-Tag: PRE_PHP7_EREG_MYSQL_REMOVALS~152
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=096fb06dab980a68b2eaae0b9e516faffe8579f9;p=php

Merge branch 'PHP-5.6'

* PHP-5.6:
  Add NULL byte protection to exec, system and passthru
---

096fb06dab980a68b2eaae0b9e516faffe8579f9
diff --cc ext/standard/exec.c
index 132d1afab0,683878877b..a727573735
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@@ -186,12 -185,16 +186,16 @@@ static void php_exec_ex(INTERNAL_FUNCTI
  		}
  	}
  	if (!cmd_len) {
 -		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command");
 +		php_error_docref(NULL, E_WARNING, "Cannot execute a blank command");
  		RETURN_FALSE;
  	}
+ 	if (strlen(cmd) != cmd_len) {
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
+ 		RETURN_FALSE;
+ 	}
  
  	if (!ret_array) {
 -		ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC);
 +		ret = php_exec(mode, cmd, NULL, return_value);
  	} else {
  		if (Z_TYPE_P(ret_array) != IS_ARRAY) {
  			zval_dtor(ret_array);