Blame SOURCES/httpd-2.4.6-CVE-2017-15710.patch

008793
--- a/modules/aaa/mod_authnz_ldap.c	2018/02/15 17:33:04	1824335
008793
+++ b/modules/aaa/mod_authnz_ldap.c	2018/02/15 17:42:14	1824336
008793
@@ -126,9 +126,13 @@
008793
 
008793
     charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
008793
 
008793
-    if (!charset) {
008793
-        language[2] = '\0';
008793
-        charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
008793
+    /*
008793
+     * Test if language values like 'en-US' return a match from the charset
008793
+     * conversion map when shortened to 'en'.
008793
+     */
008793
+    if (!charset && strlen(language) > 3 && language[2] == '-') {
008793
+        char *language_short = apr_pstrndup(p, language, 2);
008793
+        charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
008793
     }
008793
 
008793
     if (charset) {