File apache2-CVE-2017-15710.patch of Package apache2.18661
--- a/modules/aaa/mod_authnz_ldap.c 2018/02/16 12:35:03 1824455
+++ b/modules/aaa/mod_authnz_ldap.c 2018/02/16 12:37:30 1824456
@@ -126,9 +126,13 @@
charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
- if (!charset) {
- language[2] = '\0';
- charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
+ /*
+ * Test if language values like 'en-US' return a match from the charset
+ * conversion map when shortened to 'en'.
+ */
+ if (!charset && strlen(language) > 3 && language[2] == '-') {
+ char *language_short = apr_pstrndup(p, language, 2);
+ charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
}
if (charset) {