php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #79330
Patch shell_exec.patch revision 2020-03-01 19:19 UTC by 64796c6e69 at gmail dot com

Patch shell_exec.patch for Program Execution Bug #79330

Patch version 2020-03-01 19:19 UTC

Return to Bug #79330 | Download this patch
Patch Revisions:

Developer: 64796c6e69@gmail.com

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index d343abcd00..05371c9451 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -528,6 +528,15 @@ PHP_FUNCTION(shell_exec)
 		Z_PARAM_STRING(command, command_len)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (!command_len) {
+		php_error_docref(NULL, E_WARNING, "Cannot execute a blank command");
+		RETURN_FALSE;
+	}
+	if (strlen(command) != command_len) {
+		php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
+		RETURN_FALSE;
+	}
+
 #ifdef PHP_WIN32
 	if ((in=VCWD_POPEN(command, "rt"))==NULL) {
 #else
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC