Overview

File php-CVE-2016-6294.patch of Package php5.6060

Index: php-5.5.14/ext/intl/locale/locale_methods.c
===================================================================
--- php-5.5.14.orig/ext/intl/locale/locale_methods.c	2017-04-24 14:19:38.794872509 +0200
+++ php-5.5.14/ext/intl/locale/locale_methods.c	2017-04-24 14:21:08.132297482 +0200
@@ -1593,6 +1593,24 @@ PHP_FUNCTION(locale_accept_from_http)
 		"locale_accept_from_http: unable to parse input parameters", 0 TSRMLS_CC );
 		RETURN_FALSE;
 	}
+       if(http_accept_len > ULOC_FULLNAME_CAPACITY) {
+               /* check each fragment, if any bigger than capacity, can't do it due to bug #72533 */
+               char *start = http_accept;
+               char *end;
+               size_t len;
+               do {
+                       end = strchr(start, ',');
+                       len = end ? end-start : http_accept_len-(start-http_accept);
+                       if(len > ULOC_FULLNAME_CAPACITY) {
+                               intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR,
+                                               "locale_accept_from_http: locale string too long", 0 TSRMLS_CC );
+                               RETURN_FALSE;
+                       }
+                       if(end) {
+                               start = end+1;
+                       }
+               } while(end != NULL);
+       }
 	
 	available = ures_openAvailableLocales(NULL, &status);
 	INTL_CHECK_STATUS(status, "locale_accept_from_http: failed to retrieve locale list");
openSUSE Build Service is sponsored by
Places