archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 22:18:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-5.6'

Browse source 
* PHP-5.6:
  Use better constant since MAXHOSTNAMELEN may mean shorter name
  use right sizeof for memset

Conflicts:
	ext/sockets/sockaddr_conv.c
	ext/standard/dns.c
This commit is contained in:
Stanislav Malyshev 2015-01-31 21:50:08 -08:00
commit 141b14454c
7 changed files with 19 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ext/sockets/sockaddr_conv.c
View file

@ -9,11 +9,7 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#endif #endif
#ifndef MAXHOSTNAMELEN extern int php_string_to_if_index(const char *val, unsigned *out TSRMLS_DC);
#define MAXHOSTNAMELEN 255
#endif
extern int php_string_to_if_index(const char *val, unsigned *out);
#if HAVE_IPV6 #if HAVE_IPV6
/* Sets addr by hostname, or by ip in string form (AF_INET6) */ /* Sets addr by hostname, or by ip in string form (AF_INET6) */
@ -94,7 +90,7 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
if (inet_aton(string, &tmp)) { if (inet_aton(string, &tmp)) {
sin->sin_addr.s_addr = tmp.s_addr; sin->sin_addr.s_addr = tmp.s_addr;
} else { } else {
if (strlen(string) > MAXHOSTNAMELEN || ! (host_entry = gethostbyname(string))) { if (strlen(string) > MAXFQDNLEN || ! (host_entry = gethostbyname(string))) {
/* Note: < -10000 indicates a host lookup error */ /* Note: < -10000 indicates a host lookup error */
#ifdef PHP_WIN32 #ifdef PHP_WIN32
PHP_SOCKET_ERROR(php_sock, "Host lookup failed", WSAGetLastError()); PHP_SOCKET_ERROR(php_sock, "Host lookup failed", WSAGetLastError());

8
ext/standard/dns.c
View file

@ -221,9 +221,9 @@ PHP_FUNCTION(gethostbyname)
return; return;
} }
if(hostname_len > MAXHOSTNAMELEN) { if(hostname_len > MAXFQDNLEN) {
/* name too long, protect from CVE-2015-0235 */ /* name too long, protect from CVE-2015-0235 */
php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXHOSTNAMELEN); php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
RETURN_STRINGL(hostname, hostname_len); RETURN_STRINGL(hostname, hostname_len);
} }
@ -245,9 +245,9 @@ PHP_FUNCTION(gethostbynamel)
return; return;
} }
if(hostname_len > MAXHOSTNAMELEN) { if(hostname_len > MAXFQDNLEN) {
/* name too long, protect from CVE-2015-0235 */ /* name too long, protect from CVE-2015-0235 */
php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXHOSTNAMELEN); php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
RETURN_FALSE; RETURN_FALSE;
} }

4
ext/standard/tests/network/bug68925.phpt
View file

@ -6,8 +6,8 @@ var_dump(gethostbyname(str_repeat("0", 2501)));
var_dump(gethostbynamel(str_repeat("0", 2501))); var_dump(gethostbynamel(str_repeat("0", 2501)));
?> ?>
--EXPECTF-- --EXPECTF--
Warning: gethostbyname(): Host name is too long, the limit is 256 characters in %s/bug68925.php on line %d Warning: gethostbyname(): Host name is too long, the limit is %d characters in %s/bug68925.php on line %d
string(2501) "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" string(2501) "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
Warning: gethostbynamel(): Host name is too long, the limit is 256 characters in %s/bug68925.php on line %d Warning: gethostbynamel(): Host name is too long, the limit is %d characters in %s/bug68925.php on line %d
bool(false) bool(false)

6
main/network.c
View file

@ -105,10 +105,6 @@ const struct in6_addr in6addr_any = {0}; /* IN6ADDR_ANY_INIT; */
# define PHP_TIMEOUT_ERROR_VALUE ETIMEDOUT # define PHP_TIMEOUT_ERROR_VALUE ETIMEDOUT
#endif #endif
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 255
#endif
#if HAVE_GETADDRINFO #if HAVE_GETADDRINFO
#ifdef HAVE_GAI_STRERROR #ifdef HAVE_GAI_STRERROR
# define PHP_GAI_STRERROR(x) (gai_strerror(x)) # define PHP_GAI_STRERROR(x) (gai_strerror(x))
@ -250,7 +246,7 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka
#else #else
if (!inet_aton(host, &in)) { if (!inet_aton(host, &in)) {
/* XXX NOT THREAD SAFE (is safe under win32) */ /* XXX NOT THREAD SAFE (is safe under win32) */
if(strlen(host) > MAXHOSTNAMELEN) { if(strlen(host) > MAXFQDNLEN) {
host_info = NULL; host_info = NULL;
errno = E2BIG; errno = E2BIG;
} else { } else {

4
main/php_network.h
View file

@ -319,6 +319,10 @@ END_EXTERN_C()
/* }}} */ /* }}} */
#ifndef MAXFQDNLEN
#define MAXFQDNLEN 255
#endif
#endif /* _PHP_NETWORK_H */ #endif /* _PHP_NETWORK_H */
/* /*

6
sapi/cgi/fastcgi.c
View file

@ -28,6 +28,10 @@
#include <stdarg.h> #include <stdarg.h>
#include <errno.h> #include <errno.h>
#ifndef MAXFQDNLEN
#define MAXFQDNLEN 255
#endif
#ifdef _WIN32 #ifdef _WIN32
#include <windows.h> #include <windows.h>
@ -616,7 +620,7 @@ int fcgi_listen(const char *path, int backlog)
if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) { if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
struct hostent *hep; struct hostent *hep;
if(strlen(host) > MAXHOSTNAMELEN) { if(strlen(host) > MAXFQDNLEN) {
hep = NULL; hep = NULL;
} else { } else {
hep = gethostbyname(host); hep = gethostbyname(host);

2
sapi/litespeed/lsapilib.c
View file

@ -3376,7 +3376,7 @@ void lsapi_MD5Final(unsigned char digest[16], struct lsapi_MD5Context *ctx)
lsapi_MD5Transform(ctx->buf, (uint32 *) ctx->in); lsapi_MD5Transform(ctx->buf, (uint32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4); byteReverse((unsigned char *) ctx->buf, 4);
memmove(digest, ctx->buf, 16); memmove(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
} }
/* The four core functions - F1 is optimized somewhat */ /* The four core functions - F1 is optimized somewhat */