diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2008-10-29 20:29:12 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2008-10-29 20:29:12 +0000 |
| commit | f2d9767eb550a91d03d43d06ff18b510f1280d3d (patch) | |
| tree | 11f0235e4bcc11782a496d60cbfde726bc61c3b4 /ext/gettext | |
| parent | 22f3c8b05bf1333c04e9eb1a57c27cc660c678b5 (diff) | |
| download | php-git-f2d9767eb550a91d03d43d06ff18b510f1280d3d.tar.gz | |
Fixed bug #44938 (gettext functions crash with overly long domain)
Diffstat (limited to 'ext/gettext')
| -rw-r--r-- | ext/gettext/gettext.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ext/gettext/gettext.c b/ext/gettext/gettext.c index 410bd4e2ba..b5f6397525 100644 --- a/ext/gettext/gettext.c +++ b/ext/gettext/gettext.c @@ -135,6 +135,13 @@ zend_module_entry php_gettext_module_entry = { ZEND_GET_MODULE(php_gettext) #endif +#define PHP_GETTEXT_MAX_DOMAIN_LENGTH 1024 +#define PHP_GETTEXT_DOMAIN_LENGTH_CHECK \ + if (domain_len > PHP_GETTEXT_MAX_DOMAIN_LENGTH) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long"); \ + RETURN_FALSE; \ + } + PHP_MINFO_FUNCTION(php_gettext) { php_info_print_table_start(); @@ -153,6 +160,8 @@ PHP_NAMED_FUNCTION(zif_textdomain) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + if (strcmp(domain, "") && strcmp(domain, "0")) { domain_name = domain; } else { @@ -193,6 +202,8 @@ PHP_NAMED_FUNCTION(zif_dgettext) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + msgstr = dgettext(domain, msgid); RETURN_STRING(msgstr, 1); @@ -211,6 +222,8 @@ PHP_NAMED_FUNCTION(zif_dcgettext) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + msgstr = dcgettext(domain, msgid, category); RETURN_STRING(msgstr, 1); @@ -229,6 +242,8 @@ PHP_NAMED_FUNCTION(zif_bindtextdomain) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + if (domain[0] == '\0') { php_error(E_WARNING, "The first parameter of bindtextdomain must not be empty"); RETURN_FALSE; @@ -283,6 +298,8 @@ PHP_NAMED_FUNCTION(zif_dngettext) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + msgstr = dngettext(domain, msgid1, msgid2, count); if (msgstr) { RETVAL_STRING(msgstr, 1); @@ -307,6 +324,8 @@ PHP_NAMED_FUNCTION(zif_dcngettext) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + msgstr = dcngettext(domain, msgid1, msgid2, count, category); if (msgstr) { @@ -329,6 +348,8 @@ PHP_NAMED_FUNCTION(zif_bind_textdomain_codeset) return; } + PHP_GETTEXT_DOMAIN_LENGTH_CHECK + retval = bind_textdomain_codeset(domain, codeset); if (!retval) { |