PHP :: Sec Bug #68598 :: pcntl_exec() should not allow null char

Sec Bug #68598	pcntl_exec() should not allow null char
Submitted:	2014-12-12 22:51 UTC	Modified:	2015-05-19 11:22 UTC
From:	yohgaki@php.net	Assigned:	yohgaki (profile)
Status:	Closed	Package:	PCNTL related
PHP Version:	Irrelevant	OS:	ANY
Private report:	No	CVE-ID:	2015-4026

View Developer Edit

[2014-12-12 22:51 UTC] yohgaki@php.net

Description:
------------
pcnt_exec() does not check path validity. It should not allow NULL char, just like other file related functions.

I think exec() should not allow NULL char, too.

I'll prepare the patch.
Any comments?


Test script:
---------------
<?php
$path = "/bin/rm\0/usr/local/bin/my_special_program";
$opts = array('my_important_file');
if (!mb_ereg('my_special_program\z', $path)) {
   die('Go away');
}

pcntl_exec($path, $opts);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-12-29 01:30 UTC] yohgaki@php.net

-Summary: pcntl_exec() should allow null char +Summary: pcntl_exec() should not allow null char

[2015-05-15 09:43 UTC] yohgaki@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: yohgaki

[2015-05-15 09:43 UTC] yohgaki@php.net

fixed in PHP 5.4.41/5.5.25/5.6.9

[2015-05-19 05:34 UTC] laruence@php.net

-CVE-ID: +CVE-ID: 2015-402

[2015-05-19 11:22 UTC] kaplan@php.net

-CVE-ID: 2015-402 +CVE-ID: 2015-4026

[2018-03-01 22:00 UTC] cmb@php.net

Related To: Bug #76035

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Oct 30 22:00:01 2025 UTC