Bug #73218: add mitigation for ICU int overflow

(cherry picked from commit d946d102936525bc7dcd01f3827d0a6e0bb971b0) (cherry picked from commit b26b02b2df95eaa647ea3f4e7b42bd11eea4ed2c)
author: Stanislav Malyshev <stas@php.net> 2016-10-04 22:40:09 -0700
committer: Anatol Belski <ab@php.net> 2016-10-13 00:31:02 +0200
commit: 142a94516e5cd94cf9056e15f90ab0552747fc0a (patch)
tree: d210b0024a10b5a8473b9e70bec7cbd4e751010f
parent: 6329a1eb7816450a6de6f326580a5dcd71bd9a73 (diff)
download: php-git-142a94516e5cd94cf9056e15f90ab0552747fc0a.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/ext/intl/resourcebundle/resourcebundle_class.c b/ext/intl/resourcebundle/resourcebundle_class.c
index fd255d57cd..47d9bf0403 100644
--- a/ext/intl/resourcebundle/resourcebundle_class.c
+++ b/ext/intl/resourcebundle/resourcebundle_class.c
@@ -101,6 +101,13 @@ static int resourcebundle_ctor(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_constr
 		locale = intl_locale_get_default();
 	}
 
+	if (bundlename_len >= MAXPATHLEN) {
+		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR,	"Bundle name too long", 0 );
+		zval_dtor(return_value);
+		ZVAL_NULL(return_value);
+		return FAILURE;
+	}
+
 	if (fallback) {
 		rb->me = ures_open(bundlename, locale, &INTL_DATA_ERROR_CODE(rb));
 	} else {
@@ -331,6 +338,11 @@ PHP_FUNCTION( resourcebundle_locales )
 		RETURN_FALSE;
 	}
 
+	if (bundlename_len >= MAXPATHLEN) {
+		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR,	"resourcebundle_locales: bundle name too long", 0 );
+		RETURN_FALSE;
+	}
+
 	if(bundlename_len == 0) {
 		// fetch default locales list
 		bundlename = NULL;
author	Stanislav Malyshev <stas@php.net>	2016-10-04 22:40:09 -0700
committer	Anatol Belski <ab@php.net>	2016-10-13 00:31:02 +0200
commit	142a94516e5cd94cf9056e15f90ab0552747fc0a (patch)
tree	d210b0024a10b5a8473b9e70bec7cbd4e751010f
parent	6329a1eb7816450a6de6f326580a5dcd71bd9a73 (diff)
download	php-git-142a94516e5cd94cf9056e15f90ab0552747fc0a.tar.gz