Added NULL byte protection to exec, system and passthru.

Yasuo Ohgaki · Yasuo Ohgaki · commit 7d0e3c01e6be · 2015-02-14T05:37:56.000+09:00
diff --git a/NEWS b/NEWS
@@ -46,6 +46,7 @@
   . Removed dl() function on fpm-fcgi. (Nikita)
   . Removed support for hexadecimal numeric strings. (Nikita)
   . Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol)
+  . Added NULL byte protection to exec, system and passthru. (Yasuo)
 
 - Curl:
   . Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
@@ -190,7 +190,7 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		RETURN_FALSE;
 	}
 	if (strlen(cmd) != cmd_len) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
+		php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
 		RETURN_FALSE;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */`
`190`	`190`	`RETURN_FALSE;`
`191`	`191`	`}`
`192`	`192`	`if (strlen(cmd) != cmd_len) {`
`193`		`- php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");`
	`193`	`+ php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");`
`194`	`194`	`RETURN_FALSE;`
`195`	`195`	`}`
`196`	`196`