Skip to content

Commit

Permalink
Patch for Heap Buffer Overflow in EscapeShell
Browse files Browse the repository at this point in the history 
Proposed patch for bug #71270
  • Loading branch information
@libnex @weltling
libnex authored and weltling committed Jan 6, 2016
1 parent e2565eb commit 2871c70
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ext/standard/exec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ PHPAPI zend_string *php_escape_shell_cmd(char *str)
#endif


cmd = zend_string_alloc(2 * l, 0);
cmd = zend_string_safe_alloc(2, l, 0, 0);

for (x = 0, y = 0; x < l; x++) {
int mb_len = php_mblen(str + x, (l - x));
Expand Down Expand Up @@ -345,7 +345,7 @@ PHPAPI zend_string *php_escape_shell_arg(char *str)
size_t estimate = (4 * l) + 3;


cmd = zend_string_alloc(4 * l + 2, 0); /* worst case */
cmd = zend_string_safe_alloc(4, l, 2, 0); /* worst case */

#ifdef PHP_WIN32
ZSTR_VAL(cmd)[y++] = '"';
Expand Down

0 comments on commit 2871c70

Please sign in to comment.