|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68598 pcntl_exec() should not allow null char
Submitted: 2014-12-12 22:51 UTC Modified: 2015-05-19 11:22 UTC
From: Assigned: yohgaki (profile)
Status: Closed Package: PCNTL related
PHP Version: Irrelevant OS: ANY
Private report: No CVE-ID: 2015-4026
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
New email:
PHP Version: OS:


 [2014-12-12 22:51 UTC]
pcnt_exec() does not check path validity. It should not allow NULL char, just like other file related functions.

I think exec() should not allow NULL char, too.

I'll prepare the patch.
Any comments?

Test script:
$path = "/bin/rm\0/usr/local/bin/my_special_program";
$opts = array('my_important_file');
if (!mb_ereg('my_special_program\z', $path)) {
   die('Go away');

pcntl_exec($path, $opts);


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-29 01:30 UTC]
-Summary: pcntl_exec() should allow null char +Summary: pcntl_exec() should not allow null char
 [2015-05-15 09:43 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: yohgaki
 [2015-05-15 09:43 UTC]
fixed in PHP 5.4.41/5.5.25/5.6.9
 [2015-05-19 05:34 UTC]
-CVE-ID: +CVE-ID: 2015-402
 [2015-05-19 11:22 UTC]
-CVE-ID: 2015-402 +CVE-ID: 2015-4026
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jun 19 07:01:31 2024 UTC