From 17773f84143a13419edef2c48b40b88ba5c598fe Mon Sep 17 00:00:00 2001
From: atm-florian <florian.mortgat@atm-consulting.fr>
Date: Fri, 22 Oct 2021 18:26:23 +0200
Subject: [PATCH] FIX tcpdf vulnerability to roman numeral bomb, cf.
 tecnickom/TCPDF issue #315

---
 dev/dolibarr_changes.txt                             | 12 ++++++++++++
 .../tecnickcom/tcpdf/include/tcpdf_static.php        |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/dev/dolibarr_changes.txt b/dev/dolibarr_changes.txt
index ecd25ce692b..8cb0e002d16 100644
--- a/dev/dolibarr_changes.txt
+++ b/dev/dolibarr_changes.txt
@@ -175,6 +175,18 @@ In htdocs/includes/tecnickcom/tcpdf/tcpdf.php
 -       protected $default_monospaced_font = 'courier';
 +       protected $default_monospaced_font = 'freemono';
 
+* In tecnickcom/tcpdf/include/tcpdf_static, in function intToRoman, right at the beginning
+  of the function, replace:
+
+		$roman = '';
+
+with:
+
+		$roman = '';
+		if ($number >= 4000) {
+			// do not represent numbers above 4000 in Roman numerals
+			return strval($number);
+		}
 
 
 
diff --git a/htdocs/includes/tecnickcom/tcpdf/include/tcpdf_static.php b/htdocs/includes/tecnickcom/tcpdf/include/tcpdf_static.php
index 67bb255d187..9ed6233b46c 100644
--- a/htdocs/includes/tecnickcom/tcpdf/include/tcpdf_static.php
+++ b/htdocs/includes/tecnickcom/tcpdf/include/tcpdf_static.php
@@ -1440,6 +1440,10 @@ class TCPDF_STATIC {
 	 */
 	public static function intToRoman($number) {
 		$roman = '';
+		if ($number >= 4000) {
+			// do not represent numbers above 4000 in Roman numerals
+			return strval($number);
+		}
 		while ($number >= 1000) {
 			$roman .= 'M';
 			$number -= 1000;