Fixed bug #41693 (scandir() allows empty directory names).

3 files changed, 19 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 553c72c649..ef88ccec8e 100644
--- a/NEWS
+++ b/NEWS
@@ -92,6 +92,7 @@ PHP                                                                        NEWS
 - Fixed altering $this via argument named "this". (Dmitry)
 - Fixed PHP CLI usage of php.ini from the binary location. (Hannes)
 - Fixed segfault in strripos(). (Tony, Joxean Koret)
+- Fixed bug #41693 (scandir() allows empty directory names). (Ilia)
 - Fixed bug #41673 (json_encode breaks large numbers in arrays). (Ilia)
 - Fixed bug #41525 (ReflectionParameter::getPosition() not available). (Marcus)
 - Fixed bug #41511 (Compile failure under IRIX 6.5.30 building md5.c). (Jani)
diff --git a/ext/standard/dir.c b/ext/standard/dir.c
index cc52f32f29..4d119bfddb 100644
--- a/ext/standard/dir.c
+++ b/ext/standard/dir.c
@@ -482,6 +482,11 @@ PHP_FUNCTION(scandir)
 		return;
 	}
 
+	if (dirn_len < 1) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Directory name cannot be empty");
+		RETURN_FALSE;
+	}
+
 	if (zcontext) {
 		context = php_stream_context_from_zval(zcontext, 0);
 	}
diff --git a/ext/standard/tests/file/bug41693.phpt b/ext/standard/tests/file/bug41693.phpt
new file mode 100644
index 0000000000..6c7ff5bf4b
--- /dev/null
+++ b/ext/standard/tests/file/bug41693.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #41693 (scandir() allows empty directory names) 
+--FILE--
+<?php
+
+var_dump(scandir(''));
+
+echo "Done\n";
+?>
+--EXPECTF--	
+Warning: scandir(): Directory name cannot be empty in %s on line %d
+bool(false)
+Done