MFB: limit iconv parameters here too

author: Stanislav Malyshev <stas@php.net> 2007-09-19 00:38:48 +0000
committer: Stanislav Malyshev <stas@php.net> 2007-09-19 00:38:48 +0000
commit: 8ecd0a494340f0ab5fb620811880b950304e8a56 (patch)
tree: e544eafda797e4d185fc3bf249bdc3e7242f94af
parent: 71929ac5ee87972d63951ad2c20eedba2a68df55 (diff)
download: php-git-8ecd0a494340f0ab5fb620811880b950304e8a56.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/ext/xmlrpc/libxmlrpc/encodings.c b/ext/xmlrpc/libxmlrpc/encodings.c
index 1637a0961c..f4cc212d7c 100644
--- a/ext/xmlrpc/libxmlrpc/encodings.c
+++ b/ext/xmlrpc/libxmlrpc/encodings.c
@@ -53,6 +53,10 @@ static const char rcsid[] = "#(@) $Id$";
 
 #include "encodings.h"
 
+#ifndef ICONV_CSNMAXLEN
+#define ICONV_CSNMAXLEN 64
+#endif
+
 static char* convert(const char* src, int src_len, int *new_len, const char* from_enc, const char* to_enc) {
    char* outbuf = 0;
 
@@ -60,9 +64,13 @@ static char* convert(const char* src, int src_len, int *new_len, const char* fro
       size_t outlenleft = src_len;
       size_t inlenleft = src_len;
       int outlen = src_len;
-      iconv_t ic = iconv_open(to_enc, from_enc);
+      iconv_t ic;
       char* out_ptr = 0;
 
+      if(strlen(to_enc) >= ICONV_CSNMAXLEN || strlen(from_enc) >= ICONV_CSNMAXLEN) {
+         return NULL;
+      }
+      ic = iconv_open(to_enc, from_enc);
       if(ic != (iconv_t)-1) {
          size_t st;
          outbuf = (char*)malloc(outlen + 1);
author	Stanislav Malyshev <stas@php.net>	2007-09-19 00:38:48 +0000
committer	Stanislav Malyshev <stas@php.net>	2007-09-19 00:38:48 +0000
commit	8ecd0a494340f0ab5fb620811880b950304e8a56 (patch)
tree	e544eafda797e4d185fc3bf249bdc3e7242f94af
parent	71929ac5ee87972d63951ad2c20eedba2a68df55 (diff)
download	php-git-8ecd0a494340f0ab5fb620811880b950304e8a56.tar.gz