Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:41558 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19907 invoked from network); 29 Oct 2008 15:42:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Oct 2008 15:42:31 -0000 Authentication-Results: pb1.pair.com smtp.mail=cschneid@cschneid.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=cschneid@cschneid.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain cschneid.com from 195.141.85.117 cause and error) X-PHP-List-Original-Sender: cschneid@cschneid.com X-Host-Fingerprint: 195.141.85.117 uf1.search.ch Linux 2.6 Received: from [195.141.85.117] ([195.141.85.117:58469] helo=smtp.rim.ch) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 53/E1-07369-56488094 for ; Wed, 29 Oct 2008 10:42:30 -0500 Received: from localhost (localhost [127.0.0.1]) by rolig.search.ch (Postfix) with ESMTP id 81D3C53D14D; Wed, 29 Oct 2008 16:42:26 +0100 (CET) Received: from smtp.rim.ch ([127.0.0.1]) by localhost (search.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24698-05; Wed, 29 Oct 2008 16:42:21 +0100 (CET) Received: from [192.168.1.72] (ultrafilter-i [192.168.85.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rolig.search.ch (Postfix) with ESMTP id 8B41253D122; Wed, 29 Oct 2008 16:42:21 +0100 (CET) Message-ID: <4908845C.4010603@cschneid.com> Date: Wed, 29 Oct 2008 16:42:20 +0100 User-Agent: Thunderbird 1.5.0.12 (X11/20060911) MIME-Version: 1.0 To: jani.taskinen@iki.fi CC: PHP internals References: <7A1407E0-56A2-4C8A-A964-86616311B928@prohost.org> <49085D70.3030400@sci.fi> In-Reply-To: <49085D70.3030400@sci.fi> Content-Type: multipart/mixed; boundary="------------080100060409090104020907" X-Virus-Scanned: amavisd-new at search.ch Subject: Re: [PHP-DEV] PHP 5.2.7RC3 Reminder From: cschneid@cschneid.com (Christian Schneider) --------------080100060409090104020907 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Jani Taskinen wrote: > http://bugs.php.net/bug.php?id=44938&edit=1 > > Marked critical but propably isn't. Also depatable whether it's a PHP > bug at all.. Probably the library exhausting memory using alloca I'd say. I whipped together a little patch against HEAD which restricts the length of a text domain string to 10000 bytes to avoid problems in the underlying library. Note: I haven't been able to compile HEAD right now so I couldn't test the patch really. But it compiles and should be rather trivial to review/test. - Chris --------------080100060409090104020907 Content-Type: text/plain; name="gettext.patch.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="gettext.patch.txt" Index: ext/gettext/gettext.c =================================================================== RCS file: /repository/php-src/ext/gettext/gettext.c,v retrieving revision 1.58 diff -u -r1.58 gettext.c --- ext/gettext/gettext.c 24 Oct 2008 14:34:13 -0000 1.58 +++ ext/gettext/gettext.c 29 Oct 2008 13:47:15 -0000 @@ -30,6 +30,8 @@ #include "ext/standard/info.h" #include "php_gettext.h" +#define MAX_DOMAIN_LENGTH 10000 /* Maximum length of textdomain name length */ + /* {{{ arginfo */ ZEND_BEGIN_ARG_INFO(arginfo_textdomain, 0) ZEND_ARG_INFO(0, domain) @@ -162,6 +164,10 @@ return; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long, ignoring"); + domain_str = NULL; + } if (!domain_len || (domain_len == 1 && *domain_str == '0')) { domain_str = NULL; } @@ -193,6 +199,10 @@ if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&s&", &domain_str, &domain_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), &msgid_str, &msgid_len, UG(ascii_conv))) { return; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long, ignoring"); + domain_str = NULL; + } RETURN_STRING(dgettext(domain_str, msgid_str), ZSTR_DUPLICATE); } /* }}} */ @@ -208,6 +218,10 @@ if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&s&l", &domain_str, &domain_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), &msgid_str, &msgid_len, UG(ascii_conv), &category)) { return; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long, ignoring"); + domain_str = NULL; + } RETURN_STRING(dcgettext(domain_str, msgid_str, category), ZSTR_DUPLICATE); } /* }}} */ @@ -223,6 +237,10 @@ return; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long"); + RETURN_FALSE; + } if (!domain_len) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "the first parameter must not be empty"); RETURN_FALSE; @@ -273,6 +291,10 @@ RETURN_FALSE; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long, ignoring"); + domain_str = NULL; + } if ((msgstr = dngettext(domain_str, msgid_str1, msgid_str2, count))) { RETURN_STRING(msgstr, ZSTR_DUPLICATE); } else { @@ -295,6 +317,10 @@ RETURN_FALSE; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long, ignoring"); + domain_str = NULL; + } if ((msgstr = dcngettext(domain_str, msgid_str1, msgid_str2, count, category))) { RETURN_STRING(msgstr, ZSTR_DUPLICATE); } else { @@ -316,6 +342,10 @@ return; } + if (domain_len > MAX_DOMAIN_LENGTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long"); + RETURN_FALSE; + } if (!codeset_len) { codeset_str = NULL; } --------------080100060409090104020907--