diff options
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | ext/standard/string.c | 6 |
2 files changed, 9 insertions, 4 deletions
@@ -2,10 +2,11 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 20??, PHP 5.2.5 - Fixed leaks with mulitple connects on one mysqli object. (Andrey) -- Fixed endianness detection on MacOS when building universal binary. +'- Fixed endianness detection on MacOS when building universal binary. (Uwe Schindler, Christian Speich, Tony) -- Fixed possible buffer overflows inside the fnmatch() and glob() functions - reported by Laurent gaffie (Ilia) +- Fixed possible triggering of buffer overflows inside glibc + imlplementations of the fnmatch(), setlocale() and glob() functions reported + by Laurent gaffie (Ilia) - Upgraded PCRE to version 7.3 (Nuno) - Added optional parameter $provide_object to debug_backtrace(). (Sebastian) diff --git a/ext/standard/string.c b/ext/standard/string.c index e7b36a27ac..71e70af42a 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4000,8 +4000,12 @@ PHP_FUNCTION(setlocale) loc = NULL; } else { loc = Z_STRVAL_PP(plocale); + if (Z_STRLEN_PP(plocale) >= 255) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Specified locale name is too long"); + break; + } } - + retval = setlocale (cat, loc); zend_update_current_locale(); if (retval) { |