From 7d0e3c01e6bee0cd9a3aa1f2ed0f4b7cc2b2afd0 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Sat, 14 Feb 2015 05:37:56 +0900 Subject: [PATCH] Added NULL byte protection to exec, system and passthru. --- NEWS | 1 + ext/standard/exec.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index ec59791994..fdbd25bbe2 100644 --- a/NEWS +++ b/NEWS @@ -46,6 +46,7 @@ . Removed dl() function on fpm-fcgi. (Nikita) . Removed support for hexadecimal numeric strings. (Nikita) . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol) + . Added NULL byte protection to exec, system and passthru. (Yasuo) - Curl: . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence) diff --git a/ext/standard/exec.c b/ext/standard/exec.c index a727573735..a98751ef12 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -190,7 +190,7 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ RETURN_FALSE; } if (strlen(cmd) != cmd_len) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack"); + php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack"); RETURN_FALSE; } -- 2.40.0