FIX tcpdf vulnerability to roman numeral bomb, cf. tecnickom/TCPDF issue #315

2021-10-22 18:26:23 +02:00 · 2021-10-22 18:26:23 +02:00 · 17773f8414
commit 17773f8414
parent bd52613331
2 changed files with 16 additions and 0 deletions
--- a/dev/dolibarr_changes.txt
+++ b/dev/dolibarr_changes.txt
@ -175,6 +175,18 @@ In htdocs/includes/tecnickcom/tcpdf/tcpdf.php
 -       protected $default_monospaced_font = 'courier';
 +       protected $default_monospaced_font = 'freemono';

+* In tecnickcom/tcpdf/include/tcpdf_static, in function intToRoman, right at the beginning
+  of the function, replace:
+
+		$roman = '';
+
+with:
+
+		$roman = '';
+		if ($number >= 4000) {
+			// do not represent numbers above 4000 in Roman numerals
+			return strval($number);
+		}



--- a/htdocs/includes/tecnickcom/tcpdf/include/tcpdf_static.php
+++ b/htdocs/includes/tecnickcom/tcpdf/include/tcpdf_static.php
@ -1440,6 +1440,10 @@ class TCPDF_STATIC {
 	 */
 	public static function intToRoman($number) {
 		$roman = '';
+		if ($number >= 4000) {
+			// do not represent numbers above 4000 in Roman numerals
+			return strval($number);
+		}
 		while ($number >= 1000) {
 			$roman .= 'M';
 			$number -= 1000;