iliaa           Wed Oct 29 21:02:14 2008 UTC

  Modified files:              
    /php-src/ext/gettext        gettext.c 
  Log:
  MFB: Fixed bug #44938 (gettext functions crash with overly long domain).
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/gettext/gettext.c?r1=1.58&r2=1.59&diff_format=u
Index: php-src/ext/gettext/gettext.c
diff -u php-src/ext/gettext/gettext.c:1.58 php-src/ext/gettext/gettext.c:1.59
--- php-src/ext/gettext/gettext.c:1.58  Fri Oct 24 14:34:13 2008
+++ php-src/ext/gettext/gettext.c       Wed Oct 29 21:02:14 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: gettext.c,v 1.58 2008/10/24 14:34:13 felipe Exp $ */
+/* $Id: gettext.c,v 1.59 2008/10/29 21:02:14 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -135,6 +135,13 @@
 ZEND_GET_MODULE(php_gettext)
 #endif
 
+#define PHP_GETTEXT_MAX_DOMAIN_LENGTH 1024
+#define PHP_GETTEXT_DOMAIN_LENGTH_CHECK \
+       if (domain_len > PHP_GETTEXT_MAX_DOMAIN_LENGTH) { \
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too 
long"); \
+               RETURN_FALSE; \
+       }
+
 PHP_MINFO_FUNCTION(php_gettext)
 {
        php_info_print_table_start();
@@ -162,6 +169,8 @@
                return;
        }
        
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        if (!domain_len || (domain_len == 1 && *domain_str == '0')) {
                domain_str = NULL;
        }
@@ -193,6 +202,9 @@
        if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&s&", 
&domain_str, &domain_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), 
&msgid_str, &msgid_len, UG(ascii_conv))) {
                return;
        }
+
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        RETURN_STRING(dgettext(domain_str, msgid_str), ZSTR_DUPLICATE);
 }
 /* }}} */
@@ -208,6 +220,9 @@
        if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, 
"s&s&l", &domain_str, &domain_len, 
ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), &msgid_str, &msgid_len, 
UG(ascii_conv), &category)) {
                return;
        }
+
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        RETURN_STRING(dcgettext(domain_str, msgid_str, category), 
ZSTR_DUPLICATE);
 }
 /* }}} */
@@ -222,7 +237,9 @@
        if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&s&", 
&domain_str, &domain_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), 
&dir_str, &dir_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)))) {
                return;
        }
-       
+
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        if (!domain_len) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "the first 
parameter must not be empty");
                RETURN_FALSE;
@@ -272,7 +289,9 @@
        if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, 
"s&s&s&l", &domain_str, &domain_len, 
ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), &msgid_str1, &msgid_len1, 
UG(ascii_conv), &msgid_str2, &msgid_len2, UG(ascii_conv), &count)) {
                RETURN_FALSE;
        }
-       
+
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        if ((msgstr = dngettext(domain_str, msgid_str1, msgid_str2, count))) {
                RETURN_STRING(msgstr, ZSTR_DUPLICATE);
        } else {
@@ -294,7 +313,9 @@
        if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, 
"s&s&s&ll", &domain_str, &domain_len, 
ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), &msgid_str1, &msgid_len1, 
UG(ascii_conv), &msgid_str2, &msgid_len2, UG(ascii_conv), &count, &category)) {
                RETURN_FALSE;
        }
-       
+
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        if ((msgstr = dcngettext(domain_str, msgid_str1, msgid_str2, count, 
category))) {
                RETURN_STRING(msgstr, ZSTR_DUPLICATE);
        } else {
@@ -315,7 +336,9 @@
        if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&s&", 
&domain_str, &domain_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), 
&codeset_str, &codeset_len, UG(ascii_conv))) {
                return;
        }
-       
+
+       PHP_GETTEXT_DOMAIN_LENGTH_CHECK
+
        if (!codeset_len) {
                codeset_str = NULL;
        }



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to