www/php4/patches/patch-av


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

$NetBSD: patch-av,v 1.3 2006/11/04 11:19:41 adrianp Exp $

# CVE-2006-5465

--- ext/standard/html.c.orig	2006-02-25 21:33:06.000000000 +0000
+++ ext/standard/html.c
@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(un
 
 		matches_map = 0;
 
-		if (len + 9 > maxlen)
+		if (len + 16 > maxlen)
 			replaced = erealloc (replaced, maxlen += 128);
 
 		if (all) {
@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(un
 			}
 
 			if (matches_map) {
+				int l = strlen(rep);
+				/* increase the buffer size */
+				if (len + 2 + l >= maxlen) {
+					replaced = erealloc(replaced, maxlen += 128);
+				}
+
 				replaced[len++] = '&';
 				strcpy(replaced + len, rep);
-				len += strlen(rep);
+				len += l;
 				replaced[len++] = ';';
 			}
 		}