diff options
Diffstat (limited to 'ext/standard/dns.c')
| -rw-r--r-- | ext/standard/dns.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/ext/standard/dns.c b/ext/standard/dns.c index 0b5e69ca5..bdfb04ce3 100644 --- a/ext/standard/dns.c +++ b/ext/standard/dns.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2014 The PHP Group | + | Copyright (c) 1997-2015 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -222,6 +222,11 @@ PHP_FUNCTION(gethostbyname) return; } + if(hostname_len > MAXFQDNLEN) { + /* name too long, protect from CVE-2015-0235 */ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN); + RETURN_STRINGL(hostname, hostname_len, 1); + } addr = php_gethostbyname(hostname); RETVAL_STRING(addr, 0); @@ -242,6 +247,12 @@ PHP_FUNCTION(gethostbynamel) return; } + if(hostname_len > MAXFQDNLEN) { + /* name too long, protect from CVE-2015-0235 */ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN); + RETURN_FALSE; + } + hp = gethostbyname(hostname); if (hp == NULL || hp->h_addr_list == NULL) { RETURN_FALSE; @@ -897,7 +908,24 @@ PHP_FUNCTION(dns_get_record) if (n < 0) { php_dns_free_handle(handle); - continue; + switch (h_errno) { + case NO_DATA: + case HOST_NOT_FOUND: + continue; + + case NO_RECOVERY: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "An unexpected server failure occurred."); + break; + + case TRY_AGAIN: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "A temporary server error occurred."); + break; + + default: + php_error_docref(NULL TSRMLS_CC, E_WARNING, "DNS Query failed"); + } + zval_dtor(return_value); + RETURN_FALSE; } cp = answer.qb2 + HFIXEDSZ; |