diff options
author | Stanislav Malyshev <stas@php.net> | 2014-06-04 01:06:01 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2014-06-21 18:38:41 -0700 |
commit | aef6432fbe9cd9b75e29acda226c34d57e434dec (patch) | |
tree | d8fb898c3b144398591b533793034f2224c7abfa | |
parent | 300e0418a4b55cc745c262af8126d3aeb5f189e3 (diff) | |
download | php-git-aef6432fbe9cd9b75e29acda226c34d57e434dec.tar.gz |
Fix bug #67349: Locale::parseLocale Double Free
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | ext/intl/locale/locale_methods.c | 7 | ||||
-rw-r--r-- | ext/intl/tests/locale_parse_locale2.phpt | 6 |
3 files changed, 12 insertions, 6 deletions
@@ -11,7 +11,7 @@ PHP NEWS . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) - CLI server: - . Fixed Bug #67406i (built-in web-server segfaults on startup). (Remi) + . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). @@ -31,6 +31,9 @@ PHP NEWS . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) +- Intl: + . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) + - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 9c5b09a7bc..f6b3142fc5 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -272,8 +272,7 @@ static char* get_icu_value_internal( char* loc_name , char* tag_name, int* resul grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - tag_value = estrdup(loc_name); - return tag_value; + return estrdup(loc_name); } else { /* Since Grandfathered , no value , do nothing , retutn NULL */ return NULL; @@ -283,8 +282,8 @@ static char* get_icu_value_internal( char* loc_name , char* tag_name, int* resul if( fromParseLocale==1 ){ /* Handle singletons */ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ - return loc_name; + if( strlen(loc_name)>1 && isIDPrefix(loc_name) ){ + return estrdup(loc_name); } } diff --git a/ext/intl/tests/locale_parse_locale2.phpt b/ext/intl/tests/locale_parse_locale2.phpt index 6012862a48..30cc8cc0ae 100644 --- a/ext/intl/tests/locale_parse_locale2.phpt +++ b/ext/intl/tests/locale_parse_locale2.phpt @@ -63,7 +63,8 @@ function ut_main() //Some Invalid Tags: 'de-419-DE', 'a-DE', - 'ar-a-aaa-b-bbb-a-ccc' + 'ar-a-aaa-b-bbb-a-ccc', + 'x-AAAAAA', ); @@ -201,3 +202,6 @@ No values found from Locale parsing. --------------------- ar-a-aaa-b-bbb-a-ccc: language : 'ar' , +--------------------- +x-AAAAAA: +private0 : 'AAAAAA' , |