File apache2-CVE-2017-15710.patch of Package apache2.18661

--- a/modules/aaa/mod_authnz_ldap.c	2018/02/16 12:35:03	1824455
+++ b/modules/aaa/mod_authnz_ldap.c	2018/02/16 12:37:30	1824456
@@ -126,9 +126,13 @@
 
     charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
 
-    if (!charset) {
-        language[2] = '\0';
-        charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
+    /*
+     * Test if language values like 'en-US' return a match from the charset
+     * conversion map when shortened to 'en'.
+     */
+    if (!charset && strlen(language) > 3 && language[2] == '-') {
+        char *language_short = apr_pstrndup(p, language, 2);
+        charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
     }
 
     if (charset) {
openSUSE Build Service is sponsored by