blob: 18689fc693a572964fb844c5bc7362c7578c3283 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
$NetBSD: patch-av,v 1.3 2006/11/04 11:19:41 adrianp Exp $
# CVE-2006-5465
--- ext/standard/html.c.orig 2006-02-25 21:33:06.000000000 +0000
+++ ext/standard/html.c
@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(un
matches_map = 0;
- if (len + 9 > maxlen)
+ if (len + 16 > maxlen)
replaced = erealloc (replaced, maxlen += 128);
if (all) {
@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(un
}
if (matches_map) {
+ int l = strlen(rep);
+ /* increase the buffer size */
+ if (len + 2 + l >= maxlen) {
+ replaced = erealloc(replaced, maxlen += 128);
+ }
+
replaced[len++] = '&';
strcpy(replaced + len, rep);
- len += strlen(rep);
+ len += l;
replaced[len++] = ';';
}
}
|