Add mitigation for CVE-2015-0235 (bug #68925)

author: Stanislav Malyshev <stas@php.net> 2015-01-31 18:59:18 -0800
committer: Stanislav Malyshev <stas@php.net> 2015-01-31 19:08:13 -0800
commit: 0f9c708229d7d4f4eff96c30cff7a2339f738511 (patch)
tree: f3687dd806e2196641c51ab95b7fcc697f765fc6 /main/network.c
parent: 61ad5e24ea2b17bf9a40e1238ffd53daad37df5e (diff)
download: php-git-0f9c708229d7d4f4eff96c30cff7a2339f738511.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/main/network.c b/main/network.c
index 5e44b0e6a8..41b2cfa0ba 100644
--- a/main/network.c
+++ b/main/network.c
@@ -24,6 +24,7 @@
 #include "php.h"
 
 #include <stddef.h>
+#include <errno.h>
 
 #ifdef PHP_WIN32
 # include "win32/inet.h"
@@ -102,6 +103,10 @@ const struct in6_addr in6addr_any = {0}; /* IN6ADDR_ANY_INIT; */
 # define PHP_TIMEOUT_ERROR_VALUE		ETIMEDOUT
 #endif
 
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 255
+#endif
+
 #if HAVE_GETADDRINFO
 #ifdef HAVE_GAI_STRERROR
 #  define PHP_GAI_STRERROR(x) (gai_strerror(x))
@@ -243,7 +248,12 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka
 #else
 	if (!inet_aton(host, &in)) {
 		/* XXX NOT THREAD SAFE (is safe under win32) */
-		host_info = gethostbyname(host);
+		if(strlen(host) > MAXHOSTNAMELEN) {
+			host_info = NULL;
+			errno = E2BIG;
+		} else {
+			host_info = gethostbyname(host);
+		}
 		if (host_info == NULL) {
 			if (error_string) {
 				spprintf(error_string, 0, "php_network_getaddresses: gethostbyname failed. errno=%d", errno);
author	Stanislav Malyshev <stas@php.net>	2015-01-31 18:59:18 -0800
committer	Stanislav Malyshev <stas@php.net>	2015-01-31 19:08:13 -0800
commit	0f9c708229d7d4f4eff96c30cff7a2339f738511 (patch)
tree	f3687dd806e2196641c51ab95b7fcc697f765fc6 /main/network.c
parent	61ad5e24ea2b17bf9a40e1238ffd53daad37df5e (diff)
download	php-git-0f9c708229d7d4f4eff96c30cff7a2339f738511.tar.gz