From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 19 Sep 2002 18:59:32 +0000 (+0000)
Subject: Fixed bug #19313
X-Git-Tag: MODERN_SYMMETRIC_SESSION_BEHAVIOUR_20021003~282
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a694fa9ca74fc05e6bb85b7313bdd51ebc29a6cd;p=php

Fixed bug #19313
Fixed argument count check for system/exec/passthru functions
Added a check to system/exec/passthru functions to make sure execution
parameter is not blank before attempting to execute it.
---

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index a061266092..a855040a99 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -309,9 +309,14 @@ PHP_FUNCTION(exec)
 	int arg_count = ZEND_NUM_ARGS();
 	int ret;
 
-	if (arg_count > 3 || zend_get_parameters_ex(arg_count, &arg1, &arg2, &arg3) == FAILURE) {
+	if (arg_count < 1 || arg_count > 3 || zend_get_parameters_ex(arg_count, &arg1, &arg2, &arg3) == FAILURE) {
 		WRONG_PARAM_COUNT;
 	}
+	
+	if (!Z_STRLEN_PP(arg1)) {
+		PHP_EMPTY_EXEC_PARAM;
+	}
+	
 	switch (arg_count) {
 		case 1:
 			ret = php_Exec(0, Z_STRVAL_PP(arg1), NULL, return_value TSRMLS_CC);
@@ -337,9 +342,14 @@ PHP_FUNCTION(system)
 	int arg_count = ZEND_NUM_ARGS();
 	int ret;
 
-	if (arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) {
+	if (arg_count < 1 || arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) {
 		WRONG_PARAM_COUNT;
 	}
+	
+	if (!Z_STRLEN_PP(arg1)) {
+		PHP_EMPTY_EXEC_PARAM;
+	}
+	
 	switch (arg_count) {
 		case 1:
 			ret = php_Exec(1, Z_STRVAL_PP(arg1), NULL, return_value TSRMLS_CC);
@@ -361,9 +371,14 @@ PHP_FUNCTION(passthru)
 	int arg_count = ZEND_NUM_ARGS();
 	int ret;
 
-	if (arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) {
+	if (arg_count < 1 || arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) {
 		WRONG_PARAM_COUNT;
 	}
+	
+	if (!Z_STRLEN_PP(arg1)) {
+		PHP_EMPTY_EXEC_PARAM;
+	}
+	
 	switch (arg_count) {
 		case 1:
 			ret = php_Exec(3, Z_STRVAL_PP(arg1), NULL, return_value TSRMLS_CC);
diff --git a/ext/standard/exec.h b/ext/standard/exec.h
index 3f53895517..c1da04bd5a 100644
--- a/ext/standard/exec.h
+++ b/ext/standard/exec.h
@@ -35,4 +35,6 @@ char *php_escape_shell_cmd(char *);
 char *php_escape_shell_arg(char *);
 int php_Exec(int type, char *cmd, pval *array, pval *return_value TSRMLS_DC);
 
+#define PHP_EMPTY_EXEC_PARAM { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command"); RETURN_FALSE; }
+
 #endif /* EXEC_H */