From 7d0e3c01e6bee0cd9a3aa1f2ed0f4b7cc2b2afd0 Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Sat, 14 Feb 2015 05:37:56 +0900
Subject: [PATCH] Added NULL byte protection to exec, system and passthru.

---
 NEWS                | 1 +
 ext/standard/exec.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index ec59791994..fdbd25bbe2 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,7 @@
   . Removed dl() function on fpm-fcgi. (Nikita)
   . Removed support for hexadecimal numeric strings. (Nikita)
   . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol)
+  . Added NULL byte protection to exec, system and passthru. (Yasuo)
 
 - Curl:
   . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index a727573735..a98751ef12 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -190,7 +190,7 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		RETURN_FALSE;
 	}
 	if (strlen(cmd) != cmd_len) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
+		php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
 		RETURN_FALSE;
 	}
 
-- 
2.49.0