iconv_open() currently crashes on too long codepage arguments, leading to
potential DoS security problems for various applications. See for example
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783.

------- Additional Comment #1 From Petr Baudis 2007-09-18 15:07 -------

Created an attachment (id=2011)
Proposed patch

Proposed patch.

It might be good idea to make the max length of codepage name public for the
applications; I've chosen the name BSD uses for that #define.

------- Additional Comment #2 From Jakub Jelinek 2007-09-21 19:15 -------

You mean if you use more than RLIMIT_STACK long argument?
If yes, glibc for this has __libc_use_alloca () check, so that it can use
malloc for very large requests.

------- Additional Comment #3 From Petr Baudis 2007-09-21 19:23 -------

But does it make sense to use that instead of simple size check? It avoids an
arbitrary limit, but all of these strings ought to be short (maybe the limit
should be 128 instead of 64, just to be safe) and the code in iconvopen() would
get much uglier with basically useless malloc() casing.

------- Additional Comment #4 From Ulrich Drepper 2007-09-23 16:01 -------

I changed the code in cvs.