From: Stanislav Malyshev <stas@php.net>
Date: Wed, 5 Oct 2016 05:40:09 +0000 (-0700)
Subject: Bug #73218: add mitigation for ICU int overflow
X-Git-Tag: php-7.1.0RC4~57
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d25e427ab1a114c35dd129f18b99539eb50afd25;p=php

Bug #73218: add mitigation for ICU int overflow

(cherry picked from commit d946d102936525bc7dcd01f3827d0a6e0bb971b0)
(cherry picked from commit b26b02b2df95eaa647ea3f4e7b42bd11eea4ed2c)
---

diff --git a/ext/intl/resourcebundle/resourcebundle_class.c b/ext/intl/resourcebundle/resourcebundle_class.c
index fd255d57cd..47d9bf0403 100644
--- a/ext/intl/resourcebundle/resourcebundle_class.c
+++ b/ext/intl/resourcebundle/resourcebundle_class.c
@@ -101,6 +101,13 @@ static int resourcebundle_ctor(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_constr
 		locale = intl_locale_get_default();
 	}
 
+	if (bundlename_len >= MAXPATHLEN) {
+		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR,	"Bundle name too long", 0 );
+		zval_dtor(return_value);
+		ZVAL_NULL(return_value);
+		return FAILURE;
+	}
+
 	if (fallback) {
 		rb->me = ures_open(bundlename, locale, &INTL_DATA_ERROR_CODE(rb));
 	} else {
@@ -331,6 +338,11 @@ PHP_FUNCTION( resourcebundle_locales )
 		RETURN_FALSE;
 	}
 
+	if (bundlename_len >= MAXPATHLEN) {
+		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR,	"resourcebundle_locales: bundle name too long", 0 );
+		RETURN_FALSE;
+	}
+
 	if(bundlename_len == 0) {
 		// fetch default locales list
 		bundlename = NULL;