Merge branch 'master-5.6' of git://anonscm.debian.org/pkg-php/php

Conflicts:
	debian/changelog
	debian/patches/series

1 files changed, 5 insertions, 1 deletions

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index f8a22adf3..683878877 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -188,6 +188,10 @@ static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command");
 		RETURN_FALSE;
 	}
+	if (strlen(cmd) != cmd_len) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
+		RETURN_FALSE;
+	}
 
 	if (!ret_array) {
 		ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC);