iliaa Wed, 14 Oct 2009 01:32:07 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=289624
Log: Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). Bug: http://bugs.php.net/49847 (Analyzed) exec() confused by a specially crafted string Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/exec.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/exec.c U php/php-src/trunk/ext/standard/exec.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2009-10-13 20:54:28 UTC (rev 289623) +++ php/php-src/branches/PHP_5_2/NEWS 2009-10-14 01:32:07 UTC (rev 289624) @@ -10,6 +10,8 @@ - Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) +- Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given + output lines >4095 bytes). (Ilia) - Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani) - Fixed Bug #49785 (insufficient input string validation of htmlspecialchars()). (Moriyoshi, hello at iwamot dot com) Modified: php/php-src/branches/PHP_5_2/ext/standard/exec.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/standard/exec.c 2009-10-13 20:54:28 UTC (rev 289623) +++ php/php-src/branches/PHP_5_2/ext/standard/exec.c 2009-10-14 01:32:07 UTC (rev 289624) @@ -62,7 +62,7 @@ { FILE *fp; char *buf, *tmp=NULL; - int l, pclose_return; + int l = 0, pclose_return; char *cmd_p, *b, *c, *d=NULL; php_stream *stream; size_t buflen, bufl = 0; @@ -154,13 +154,16 @@ } if (bufl) { /* strip trailing whitespaces if we have not done so already */ - if (type != 2) { + if ((type == 2 && bufl && !l) || type != 2) { l = bufl; while (l-- && isspace(((unsigned char *)buf)[l])); if (l != (int)(bufl - 1)) { bufl = l + 1; buf[bufl] = '\0'; } + if (type == 2) { + add_next_index_stringl(array, buf, bufl, 1); + } } /* Return last line from the shell command */ Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2009-10-13 20:54:28 UTC (rev 289623) +++ php/php-src/branches/PHP_5_3/NEWS 2009-10-14 01:32:07 UTC (rev 289624) @@ -19,6 +19,8 @@ - Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) +- Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given + output lines >4095 bytes). (Ilia) - Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani) - Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl) Modified: php/php-src/branches/PHP_5_3/ext/standard/exec.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/exec.c 2009-10-13 20:54:28 UTC (rev 289623) +++ php/php-src/branches/PHP_5_3/ext/standard/exec.c 2009-10-14 01:32:07 UTC (rev 289624) @@ -62,7 +62,7 @@ { FILE *fp; char *buf, *tmp=NULL; - int l, pclose_return; + int l = 0, pclose_return; char *cmd_p, *b, *c, *d=NULL; php_stream *stream; size_t buflen, bufl = 0; @@ -157,13 +157,16 @@ } if (bufl) { /* strip trailing whitespaces if we have not done so already */ - if (type != 2) { + if ((type == 2 && bufl && !l) || type != 2) { l = bufl; while (l-- && isspace(((unsigned char *)buf)[l])); if (l != (int)(bufl - 1)) { bufl = l + 1; buf[bufl] = '\0'; } + if (type == 2) { + add_next_index_stringl(array, buf, bufl, 1); + } } /* Return last line from the shell command */ Modified: php/php-src/trunk/ext/standard/exec.c =================================================================== --- php/php-src/trunk/ext/standard/exec.c 2009-10-13 20:54:28 UTC (rev 289623) +++ php/php-src/trunk/ext/standard/exec.c 2009-10-14 01:32:07 UTC (rev 289624) @@ -130,13 +130,16 @@ } if (bufl) { /* strip trailing whitespaces if we have not done so already */ - if (type != 2) { + if ((type == 2 && bufl && !l) || type != 2) { l = bufl; while (l-- && isspace(((unsigned char *)buf)[l])); if (l != (bufl - 1)) { bufl = l + 1; buf[bufl] = '\0'; } + if (type == 2) { + add_next_index_stringl(array, buf, bufl, 1); + } } /* Return last line from the shell command */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php