Merge branch 'PHP-7.2' into PHP-7.3

smalyshev · smalyshev · commit d539e61c303e · 2020-04-13T21:09:08.000-07:00
* PHP-7.2:
  Fix bug #79465 - use unsigneds as indexes.
  Fix bug #79330 - make all execution modes consistent in rejecting \0
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
@@ -537,6 +537,15 @@ PHP_FUNCTION(shell_exec)
 		Z_PARAM_STRING(command, command_len)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (!command_len) {
+		php_error_docref(NULL, E_WARNING, "Cannot execute a blank command");
+		RETURN_FALSE;
+	}
+	if (strlen(command) != command_len) {
+		php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
+		RETURN_FALSE;
+	}
+
 #ifdef PHP_WIN32
 	if ((in=VCWD_POPEN(command, "rt"))==NULL) {
 #else
diff --git a/ext/standard/url.c b/ext/standard/url.c
@@ -547,7 +547,7 @@ PHPAPI size_t php_url_decode(char *str, size_t len)
 #ifndef CHARSET_EBCDIC
 			*dest = (char) php_htoi(data + 1);
 #else
-			*dest = os_toebcdic[(char) php_htoi(data + 1)];
+			*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
 #endif
 			data += 2;
 			len -= 2;
@@ -643,7 +643,7 @@ PHPAPI size_t php_raw_url_decode(char *str, size_t len)
 #ifndef CHARSET_EBCDIC
 			*dest = (char) php_htoi(data + 1);
 #else
-			*dest = os_toebcdic[(char) php_htoi(data + 1)];
+			*dest = os_toebcdic[(unsigned char) php_htoi(data + 1)];
 #endif
 			data += 2;
 			len -= 2;
