archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 22:18:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-5.4' into PHP-5.5

Browse source 
* PHP-5.4:
  Add NULL byte protection to exec, system and passthru
This commit is contained in:
Yasuo Ohgaki 2015-02-14 05:26:54 +09:00
commit 3ea76a768c
2 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/standard/exec.c
View file

@ -188,6 +188,10 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command"); php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command");
RETURN_FALSE; RETURN_FALSE;
} }
if (strlen(cmd) != cmd_len) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
RETURN_FALSE;
}
if (!ret_array) { if (!ret_array) {
ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC); ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC);

25
ext/standard/tests/misc/exec_basic1.phpt Normal file
View file

@ -0,0 +1,25 @@
--TEST--
exec, system, passthru — Basic command execution functions
--SKIPIF--
<?php
// If this does not work for Windows, please uncomment or fix test
// if(substr(PHP_OS, 0, 3) == "WIN") die("skip not for Windows");
?>
--FILE--
<?php
$cmd = "echo abc\n\0command";
var_dump(exec($cmd, $output));
var_dump($output);
var_dump(system($cmd));
var_dump(passthru($cmd));
?>
--EXPECTF--
Warning: exec(): NULL byte detected. Possible attack in %s on line %d
bool(false)
NULL
Warning: system(): NULL byte detected. Possible attack in %s on line %d
bool(false)
Warning: passthru(): NULL byte detected. Possible attack in %s on line %d
bool(false)