diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-01-31 18:59:18 -0800 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-01-31 19:04:55 -0800 |
| commit | 457367e0b612af2da8b92536699dd6e9bb11b310 (patch) | |
| tree | 2a8fcc7fd2b88df240dd9090f8ac8ccd3d450769 /sapi/cgi/fastcgi.c | |
| parent | d8803d8147a348b5ed93de25d3b47e2369687ad4 (diff) | |
| download | php-git-457367e0b612af2da8b92536699dd6e9bb11b310.tar.gz | |
Add mitigation for CVE-2015-0235 (bug #68925)
Diffstat (limited to 'sapi/cgi/fastcgi.c')
| -rw-r--r-- | sapi/cgi/fastcgi.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c index bd4821ab62..af62ef27d4 100644 --- a/sapi/cgi/fastcgi.c +++ b/sapi/cgi/fastcgi.c @@ -616,7 +616,11 @@ int fcgi_listen(const char *path, int backlog) if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) { struct hostent *hep; - hep = gethostbyname(host); + if(strlen(host) > MAXHOSTNAMELEN) { + hep = NULL; + } else { + hep = gethostbyname(host); + } if (!hep || hep->h_addrtype != AF_INET || !hep->h_addr_list[0]) { fprintf(stderr, "Cannot resolve host name '%s'!\n", host); return -1; @@ -820,7 +824,7 @@ static inline ssize_t safe_read(fcgi_request *req, const void *buf, size_t count if (!req->tcp) { unsigned int in_len = tmp > UINT_MAX ? UINT_MAX : (unsigned int)tmp; - + ret = read(req->fd, ((char*)buf)+n, in_len); } else { int in_len = tmp > INT_MAX ? INT_MAX : (int)tmp; |