diff options
author | Stanislav Malyshev <stas@php.net> | 2019-08-24 23:11:45 -0700 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-08-27 23:27:11 +0200 |
commit | a3bc8443f34e8d1d52952943e16b79fc587840c5 (patch) | |
tree | 4578810e27814e03498d1ee126757c8234d1324e | |
parent | 510ca4a126e61ac19e0c71979b140782e4767d64 (diff) | |
download | php-git-a3bc8443f34e8d1d52952943e16b79fc587840c5.tar.gz |
Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()
Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
(cherry picked from commit 1258303e66d8dede4f02347334b9f6576e98a21b)
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/mbstring/oniguruma/src/regext.c | 6 |
2 files changed, 6 insertions, 3 deletions
@@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC child). (Nikita) +- MBString: + . Fixed bug #78380 (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224) (Stas) + 15 Aug 2019, PHP 7.3.9RC1 - Core: diff --git a/ext/mbstring/oniguruma/src/regext.c b/ext/mbstring/oniguruma/src/regext.c index 996d043f56..de122c726e 100644 --- a/ext/mbstring/oniguruma/src/regext.c +++ b/ext/mbstring/oniguruma/src/regext.c @@ -29,6 +29,7 @@ #include "regint.h" +#if 0 static void conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) { @@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; } +#endif extern int onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, @@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; if (ci->pattern_enc != ci->target_enc) { - r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, - &cpat, &cpat_end); - if (r != 0) return r; + return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; } else { cpat = (UChar* )pattern; |