diff options
author | Stanislav Malyshev <stas@php.net> | 2019-01-06 12:23:53 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2019-01-06 12:23:53 -0800 |
commit | e40027ef0f508be87b323f61532cea0104212b53 (patch) | |
tree | 2fcb2d9e3b87576d458ccc40f8137dcf73e0c11e /ext/standard/dns.c | |
parent | 361d3ede9394d03defba64237628e6b1a0a2a16b (diff) | |
parent | fe820fcba616a736b80e911cfc132388acd35ace (diff) | |
download | php-git-e40027ef0f508be87b323f61532cea0104212b53.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
Diffstat (limited to 'ext/standard/dns.c')
-rw-r--r-- | ext/standard/dns.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ext/standard/dns.c b/ext/standard/dns.c index a55e97c806..c06fa04f89 100644 --- a/ext/standard/dns.c +++ b/ext/standard/dns.c @@ -454,6 +454,10 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t GETLONG(ttl, cp); GETSHORT(dlen, cp); CHECKCP(dlen); + if (dlen == 0) { + /* No data in the response - nothing to do */ + return NULL; + } if (type_to_fetch != T_ANY && type != type_to_fetch) { cp += dlen; return cp; @@ -544,6 +548,9 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t CHECKCP(n); add_assoc_stringl(subarray, "tag", (char*)cp, n); cp += n; + if ( (size_t) dlen < ((size_t)n) + 2 ) { + return NULL; + } n = dlen - n - 2; CHECKCP(n); add_assoc_stringl(subarray, "value", (char*)cp, n); |