lstrojny Thu Oct 30 14:22:50 2008 UTC Added files: (Branch: PHP_5_3) /php-src/ext/gettext/tests 44938.phpt
Modified files: /php-src/ext/gettext gettext.c Log: MFH: #44938 http://cvs.php.net/viewvc.cgi/php-src/ext/gettext/gettext.c?r1=1.46.2.2.2.4.2.5&r2=1.46.2.2.2.4.2.6&diff_format=u Index: php-src/ext/gettext/gettext.c diff -u php-src/ext/gettext/gettext.c:1.46.2.2.2.4.2.5 php-src/ext/gettext/gettext.c:1.46.2.2.2.4.2.6 --- php-src/ext/gettext/gettext.c:1.46.2.2.2.4.2.5 Wed Oct 29 20:29:12 2008 +++ php-src/ext/gettext/gettext.c Thu Oct 30 14:22:50 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: gettext.c,v 1.46.2.2.2.4.2.5 2008/10/29 20:29:12 iliaa Exp $ */ +/* $Id: gettext.c,v 1.46.2.2.2.4.2.6 2008/10/30 14:22:50 lstrojny Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -136,12 +136,35 @@ #endif #define PHP_GETTEXT_MAX_DOMAIN_LENGTH 1024 +#define PHP_GETTEXT_MAX_MSGID_LENGTH 4096 + #define PHP_GETTEXT_DOMAIN_LENGTH_CHECK \ if (domain_len > PHP_GETTEXT_MAX_DOMAIN_LENGTH) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too long"); \ RETURN_FALSE; \ } +#define PHP_GETTEXT_MSGID_LENGTH_CHECK \ + char *check_name = "msgid"; \ + int check_len = msgid_len; \ + PHP_GETTEXT_LENGTH_CHECK + +#define PHP_GETTEXT_LENGTH_CHECK \ + if (check_len > PHP_GETTEXT_MAX_MSGID_LENGTH) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s passed too long", check_name); \ + RETURN_FALSE; \ + } + +#define PHP_GETTEXT_MULTI_MSGID_LENGTH_CHECK \ + int check_len; \ + char *check_name; \ + check_name = "msgid1"; \ + check_len = msgid1_len; \ + PHP_GETTEXT_LENGTH_CHECK \ + check_name = "msgid2"; \ + check_len = msgid2_len; \ + PHP_GETTEXT_LENGTH_CHECK + PHP_MINFO_FUNCTION(php_gettext) { php_info_print_table_start(); @@ -185,6 +208,7 @@ return; } + PHP_GETTEXT_MSGID_LENGTH_CHECK msgstr = gettext(msgid); RETURN_STRING(msgstr, 1); @@ -203,6 +227,7 @@ } PHP_GETTEXT_DOMAIN_LENGTH_CHECK + PHP_GETTEXT_MSGID_LENGTH_CHECK msgstr = dgettext(domain, msgid); @@ -223,6 +248,7 @@ } PHP_GETTEXT_DOMAIN_LENGTH_CHECK + PHP_GETTEXT_MSGID_LENGTH_CHECK msgstr = dcgettext(domain, msgid, category); @@ -248,7 +274,7 @@ php_error(E_WARNING, "The first parameter of bindtextdomain must not be empty"); RETURN_FALSE; } - + if (dir[0] != '\0' && strcmp(dir, "0")) { if (!VCWD_REALPATH(dir, dir_name)) { RETURN_FALSE; @@ -276,6 +302,8 @@ return; } + PHP_GETTEXT_MULTI_MSGID_LENGTH_CHECK + msgstr = ngettext(msgid1, msgid2, count); if (msgstr) { RETVAL_STRING(msgstr, 1); @@ -292,13 +320,14 @@ char *domain, *msgid1, *msgid2, *msgstr = NULL; int domain_len, msgid1_len, msgid2_len; long count; - + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sssl", &domain, &domain_len, &msgid1, &msgid1_len, &msgid2, &msgid2_len, &count) == FAILURE) { return; } PHP_GETTEXT_DOMAIN_LENGTH_CHECK + PHP_GETTEXT_MULTI_MSGID_LENGTH_CHECK msgstr = dngettext(domain, msgid1, msgid2, count); if (msgstr) { @@ -310,7 +339,7 @@ #if HAVE_DCNGETTEXT /* {{{ proto string dcngettext (string domain, string msgid1, string msgid2, int n, int category) - Plural version of dcgettext() */ + Plural version of dcgettext() */ PHP_NAMED_FUNCTION(zif_dcngettext) { char *domain, *msgid1, *msgid2, *msgstr = NULL; @@ -325,6 +354,7 @@ } PHP_GETTEXT_DOMAIN_LENGTH_CHECK + PHP_GETTEXT_MULTI_MSGID_LENGTH_CHECK msgstr = dcngettext(domain, msgid1, msgid2, count, category); http://cvs.php.net/viewvc.cgi/php-src/ext/gettext/tests/44938.phpt?view=markup&rev=1.1 Index: php-src/ext/gettext/tests/44938.phpt +++ php-src/ext/gettext/tests/44938.phpt --TEST-- #44938: gettext functions crash with overlong strings --SKIPIF-- <?php if (!extension_loaded("gettext")) { die("skip\n"); } --FILE-- <?php $overflown = str_repeat('C', 8476509); $msgid = "msgid"; $domain = "domain"; $category = "cat"; var_dump(bindtextdomain($overflown, 'path')); var_dump(dngettext($overflown, $msgid, $msgid, 1)); var_dump(dngettext($domain, $overflown, $msgid, 1)); var_dump(dngettext($domain, $msgid, $overflown, 1)); var_dump(gettext($overflown)); var_dump(ngettext($overflown, $msgid, -1)); var_dump(ngettext($msgid, $overflown, -1)); var_dump(dcgettext($overflown, $msgid, -1)); var_dump(dcgettext($domain, $overflown, -1)); var_dump(dcngettext($overflown, $msgid, $msgid, -1, -1)); var_dump(dcngettext($domain, $overflown, $msgid, -1, -1)); var_dump(dcngettext($domain, $msgid, $overflown, -1, -1)); var_dump(dgettext($overflown, $msgid)); var_dump(dgettext($domain, $overflown)); var_dump(textdomain($overflown)); ?> ==DONE== --EXPECTF-- Warning: bindtextdomain(): domain passed too long in %s on line %d bool(false) Warning: dngettext(): domain passed too long in %s on line %d bool(false) Warning: dngettext(): msgid1 passed too long in %s on line %d bool(false) Warning: dngettext(): msgid2 passed too long in %s on line %d bool(false) Warning: gettext(): msgid passed too long in %s on line %d bool(false) Warning: ngettext(): msgid1 passed too long in %s on line %d bool(false) Warning: ngettext(): msgid2 passed too long in %s on line %d bool(false) Warning: dcgettext(): domain passed too long in %s on line %d bool(false) Warning: dcgettext(): msgid passed too long in %s on line %d bool(false) Warning: dcngettext(): domain passed too long in %s on line %d bool(false) Warning: dcngettext(): msgid1 passed too long in %s on line %d bool(false) Warning: dcngettext(): msgid2 passed too long in %s on line %d bool(false) Warning: dgettext(): domain passed too long in %s on line %d bool(false) Warning: dgettext(): msgid passed too long in %s on line %d bool(false) Warning: textdomain(): domain passed too long in %s on line %d bool(false) ==DONE== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php