diff options
author | Stanislav Malyshev <stas@php.net> | 2015-01-31 18:59:18 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-01-31 19:08:13 -0800 |
commit | 0f9c708229d7d4f4eff96c30cff7a2339f738511 (patch) | |
tree | f3687dd806e2196641c51ab95b7fcc697f765fc6 /main/network.c | |
parent | 61ad5e24ea2b17bf9a40e1238ffd53daad37df5e (diff) | |
download | php-git-0f9c708229d7d4f4eff96c30cff7a2339f738511.tar.gz |
Add mitigation for CVE-2015-0235 (bug #68925)
Diffstat (limited to 'main/network.c')
-rw-r--r-- | main/network.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/main/network.c b/main/network.c index 5e44b0e6a8..41b2cfa0ba 100644 --- a/main/network.c +++ b/main/network.c @@ -24,6 +24,7 @@ #include "php.h" #include <stddef.h> +#include <errno.h> #ifdef PHP_WIN32 # include "win32/inet.h" @@ -102,6 +103,10 @@ const struct in6_addr in6addr_any = {0}; /* IN6ADDR_ANY_INIT; */ # define PHP_TIMEOUT_ERROR_VALUE ETIMEDOUT #endif +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 255 +#endif + #if HAVE_GETADDRINFO #ifdef HAVE_GAI_STRERROR # define PHP_GAI_STRERROR(x) (gai_strerror(x)) @@ -243,7 +248,12 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka #else if (!inet_aton(host, &in)) { /* XXX NOT THREAD SAFE (is safe under win32) */ - host_info = gethostbyname(host); + if(strlen(host) > MAXHOSTNAMELEN) { + host_info = NULL; + errno = E2BIG; + } else { + host_info = gethostbyname(host); + } if (host_info == NULL) { if (error_string) { spprintf(error_string, 0, "php_network_getaddresses: gethostbyname failed. errno=%d", errno); |