From b600669d02d2344089c8b024f75c806619cb3135 Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Tue, 13 Nov 2018 20:03:41 -0500 Subject: [PATCH] Fix buffer size for utf8toUnicode transformation --- CHANGES | 2 ++ apache2/msc_util.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 588860bf..6805665a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ DD MMM YYYY - 2.9.3 - To be released ------------------------------------ + * Fix buffer size for utf8toUnicode transformation + [Issue #1208 - @katef, @victorhora] * Fix sanitizing JSON request bodies in native audit log format [p0pr0ck5, @victorhora] * IIS: Update Wix installer to bundle a supported CRS version (3.0) diff --git a/apache2/msc_util.c b/apache2/msc_util.c index 9781d2d6..d687ac4d 100644 --- a/apache2/msc_util.c +++ b/apache2/msc_util.c @@ -113,8 +113,9 @@ char *utf8_unicode_inplace_ex(apr_pool_t *mp, unsigned char *input, long int inp unsigned char *unicode = NULL; *changed = 0; - - len = input_len * 7 + 1; + /* RFC3629 states that UTF-8 are encoded using sequences of 1 to 4 octets. */ + /* Max size per character should fit in 4 bytes */ + len = input_len * 4 + 1; data = rval = apr_palloc(mp, len); if (rval == NULL) return NULL;