Blame SOURCES/httpd-2.4.6-CVE-2017-15710.patch
|
|
008793 |
--- a/modules/aaa/mod_authnz_ldap.c 2018/02/15 17:33:04 1824335
|
|
|
008793 |
+++ b/modules/aaa/mod_authnz_ldap.c 2018/02/15 17:42:14 1824336
|
|
|
008793 |
@@ -126,9 +126,13 @@
|
|
|
008793 |
|
|
|
008793 |
charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
|
|
|
008793 |
|
|
|
008793 |
- if (!charset) {
|
|
|
008793 |
- language[2] = '\0';
|
|
|
008793 |
- charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
|
|
|
008793 |
+ /*
|
|
|
008793 |
+ * Test if language values like 'en-US' return a match from the charset
|
|
|
008793 |
+ * conversion map when shortened to 'en'.
|
|
|
008793 |
+ */
|
|
|
008793 |
+ if (!charset && strlen(language) > 3 && language[2] == '-') {
|
|
|
008793 |
+ char *language_short = apr_pstrndup(p, language, 2);
|
|
|
008793 |
+ charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
|
|
|
008793 |
}
|
|
|
008793 |
|
|
|
008793 |
if (charset) {
|