Fixed bug #73473: Stack Buffer Overflow in msgfmt_parse_message

author: libnex <emmanuel.law@gmail.com> 2017-05-29 13:13:52 +0000
committer: Nikita Popov <nikita.ppv@gmail.com> 2017-06-03 00:05:16 +0200
commit: 95c4564f939c916538579ef63602a3cd31941c51 (patch)
tree: 8b536d9e8652a3fe5a2763cf32a3a78b8b5f77dc
parent: 9c5717d0decd56710129a5599fe5d38f82a7bab2 (diff)
download: php-git-95c4564f939c916538579ef63602a3cd31941c51.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 5f4a72e2bb..eecf1e50a6 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ PHP                                                                        NEWS
     properties). (Laruence)
   . Fixed misparsing of abstract unix domain socket names. (Sara)
 
+- Intl:
+  . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
+
 - Mbstring:
   . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
     CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
diff --git a/ext/intl/msgformat/msgformat_parse.c b/ext/intl/msgformat/msgformat_parse.c
index 349633912b..8562a76e92 100644
--- a/ext/intl/msgformat/msgformat_parse.c
+++ b/ext/intl/msgformat/msgformat_parse.c
@@ -110,6 +110,7 @@ PHP_FUNCTION( msgfmt_parse_message )
 		RETURN_FALSE;
 	}
 
+	INTL_CHECK_LOCALE_LEN(slocale_len);
 	memset(mfo, 0, sizeof(*mfo));
 	msgformat_data_init(&mfo->mf_data);
author	libnex <emmanuel.law@gmail.com>	2017-05-29 13:13:52 +0000
committer	Nikita Popov <nikita.ppv@gmail.com>	2017-06-03 00:05:16 +0200
commit	95c4564f939c916538579ef63602a3cd31941c51 (patch)
tree	8b536d9e8652a3fe5a2763cf32a3a78b8b5f77dc
parent	9c5717d0decd56710129a5599fe5d38f82a7bab2 (diff)
download	php-git-95c4564f939c916538579ef63602a3cd31941c51.tar.gz