archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.3' into PHP-7.4

Browse source 
* PHP-7.3:
  Fix bug #79465 - use unsigneds as indexes.
  Fix bug #79330 - make all execution modes consistent in rejecting \0
This commit is contained in:
Stanislav Malyshev 2020-04-13 21:09:15 -07:00
commit 864d69bef7
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ext/standard/exec.c
View file

@ -537,6 +537,15 @@ PHP_FUNCTION(shell_exec)
Z_PARAM_STRING(command, command_len)
ZEND_PARSE_PARAMETERS_END();
if (!command_len) {
php_error_docref(NULL, E_WARNING, "Cannot execute a blank command");
RETURN_FALSE;
}
if (strlen(command) != command_len) {
php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
RETURN_FALSE;
}
#ifdef PHP_WIN32
if ((in=VCWD_POPEN(command, "rt"))==NULL) {
#else

4
ext/standard/url.c
View file

@ -543,7 +543,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len)
#ifndef CHARSET_EBCDIC
*dest = (char) php_htoi(data + 1);
#else
*dest = os_toebcdic[(char) php_htoi(data + 1)];
*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
#endif
data += 2;
len -= 2;
@ -639,7 +639,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len)
#ifndef CHARSET_EBCDIC
*dest = (char) php_htoi(data + 1);
#else
*dest = os_toebcdic[(char) php_htoi(data + 1)];
*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
#endif
data += 2;
len -= 2;