archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 06:58:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix merge for #67717

Browse source
This commit is contained in:
Remi Collet 2014-08-19 08:56:43 +02:00
commit 14e656f81d
1 changed files with 58 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

81
ext/standard/dns.c
View file

@ -411,8 +411,14 @@ PHP_FUNCTION(dns_check_record)
#if HAVE_FULL_DNS_FUNCS
#define CHECKCP(n) do { \
if (cp + n > end) { \
return NULL; \
} \
} while (0)
/* {{{ php_parserr */
static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, int raw, zval *subarray)
static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_to_fetch, int store, int raw, zval *subarray)
{
u_short type, class, dlen;
u_long ttl;
@ -424,16 +430,18 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
ZVAL_UNDEF(subarray);
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);
n = dn_expand(answer->qb2, end, cp, name, sizeof(name) - 2);
if (n < 0) {
return NULL;
}
cp += n;
CHECKCP(10);
GETSHORT(type, cp);
GETSHORT(class, cp);
GETLONG(ttl, cp);
GETSHORT(dlen, cp);
CHECKCP(dlen);
if (type_to_fetch != T_ANY && type != type_to_fetch) {
cp += dlen;
return cp;
@ -459,12 +467,14 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
switch (type) {
case DNS_T_A:
CHECKCP(4);
add_assoc_string(subarray, "type", "A");
snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
add_assoc_string(subarray, "ip", name);
cp += dlen;
break;
case DNS_T_MX:
CHECKCP(2);
add_assoc_string(subarray, "type", "MX");
GETSHORT(n, cp);
add_assoc_long(subarray, "pri", n);
@ -483,7 +493,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
if (type == DNS_T_PTR) {
add_assoc_string(subarray, "type", "PTR");
}
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
if (n < 0) {
return NULL;
}
@ -493,18 +503,22 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
case DNS_T_HINFO:
/* See RFC 1010 for values */
add_assoc_string(subarray, "type", "HINFO");
CHECKCP(1);
n = *cp & 0xFF;
cp++;
CHECKCP(n);
add_assoc_stringl(subarray, "cpu", (char*)cp, n);
cp += n;
CHECKCP(1);
n = *cp & 0xFF;
cp++;
CHECKCP(n);
add_assoc_stringl(subarray, "os", (char*)cp, n);
cp += n;
break;
case DNS_T_TXT:
{
int ll = 0;
int l1 = 0, l2 = 0;
zval entries;
zend_string *tp;
@ -513,18 +527,21 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
array_init(&entries);
while (ll < dlen) {
n = cp[ll];
if ((ll + n) >= dlen) {
while (l1 < dlen) {
n = cp[l1];
if ((l1 + n) >= dlen) {
// Invalid chunk length, truncate
n = dlen - (ll + 1);
n = dlen - (l1 + 1);
}
memcpy(tp->val + ll , cp + ll + 1, n);
add_next_index_stringl(&entries, (char*)cp + ll + 1, n);
ll = ll + n + 1;
if (n) {
memcpy(tp->val + l2 , cp + l1 + 1, n);
add_next_index_stringl(entries, cp + l1 + 1, n, 1);
}
l1 = l1 + n + 1;
l2 = l2 + n;
}
tp->val[dlen] = '\0';
tp->len = dlen;
tp->val[l2] = '\0';
tp->len = l2;
cp += dlen;
add_assoc_str(subarray, "txt", tp);
@ -533,18 +550,19 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
break;
case DNS_T_SOA:
add_assoc_string(subarray, "type", "SOA");
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
if (n < 0) {
return NULL;
}
cp += n;
add_assoc_string(subarray, "mname", name);
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
if (n < 0) {
return NULL;
}
cp += n;
add_assoc_string(subarray, "rname", name);
CHECKCP(5*4);
GETLONG(n, cp);
add_assoc_long(subarray, "serial", n);
GETLONG(n, cp);
@ -558,6 +576,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
break;
case DNS_T_AAAA:
tp = (u_char*)name;
CHECKCP(8*2);
for(i=0; i < 8; i++) {
GETSHORT(s, cp);
if (s != 0) {
@ -592,6 +611,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
case DNS_T_A6:
p = cp;
add_assoc_string(subarray, "type", "A6");
CHECKCP(1);
n = ((int)cp[0]) & 0xFF;
cp++;
add_assoc_long(subarray, "masklen", n);
@ -627,6 +647,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
cp++;
}
for (i = (n + 8) / 16; i < 8; i++) {
CHECKCP(2);
GETSHORT(s, cp);
if (s != 0) {
if (tp > (u_char *)name) {
@ -656,7 +677,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
tp[0] = '\0';
add_assoc_string(subarray, "ipv6", name);
if (cp < p + dlen) {
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
if (n < 0) {
return NULL;
}
@ -665,6 +686,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
}
break;
case DNS_T_SRV:
CHECKCP(3*2);
add_assoc_string(subarray, "type", "SRV");
GETSHORT(n, cp);
add_assoc_long(subarray, "pri", n);
@ -672,7 +694,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
add_assoc_long(subarray, "weight", n);
GETSHORT(n, cp);
add_assoc_long(subarray, "port", n);
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
if (n < 0) {
return NULL;
}
@ -680,21 +702,34 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
add_assoc_string(subarray, "target", name);
break;
case DNS_T_NAPTR:
CHECKCP(2*2);
add_assoc_string(subarray, "type", "NAPTR");
GETSHORT(n, cp);
add_assoc_long(subarray, "order", n);
GETSHORT(n, cp);
add_assoc_long(subarray, "pref", n);
CHECKCP(1);
n = (cp[0] & 0xFF);
CHECKCP(n);
add_assoc_stringl(subarray, "flags", (char*)++cp, n);
cp += n;
CHECKCP(1);
n = (cp[0] & 0xFF);
add_assoc_stringl(subarray, "services", (char*)++cp, n);
cp++;
CHECKCP(n);
add_assoc_stringl(subarray, "services", (char*)cp, n);
cp += n;
CHECKCP(1);
n = (cp[0] & 0xFF);
add_assoc_stringl(subarray, "regex", (char*)++cp, n);
cp++;
CHECKCP(n);
add_assoc_stringl(subarray, "regex", (char*)cp, n);
cp += n;
n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
if (n < 0) {
return NULL;
}
@ -887,7 +922,7 @@ PHP_FUNCTION(dns_get_record)
while (an-- && cp && cp < end) {
zval retval;
cp = php_parserr(cp, &answer, type_to_fetch, store_results, raw, &retval);
cp = php_parserr(cp, end, &answer, type_to_fetch, store_results, raw, &retval);
if (Z_TYPE(retval) != IS_UNDEF && store_results) {
add_next_index_zval(return_value, &retval);
}
@ -900,7 +935,7 @@ PHP_FUNCTION(dns_get_record)
while (ns-- > 0 && cp && cp < end) {
zval retval;
cp = php_parserr(cp, &answer, DNS_T_ANY, authns != NULL, raw, &retval);
cp = php_parserr(cp, end, &answer, DNS_T_ANY, authns != NULL, raw, &retval);
if (Z_TYPE(retval) != IS_UNDEF) {
add_next_index_zval(authns, &retval);
}
@ -912,7 +947,7 @@ PHP_FUNCTION(dns_get_record)
while (ar-- > 0 && cp && cp < end) {
zval retval;
cp = php_parserr(cp, &answer, DNS_T_ANY, 1, raw, &retval);
cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, raw, &retval);
if (Z_TYPE(retval) != IS_UNDEF) {
add_next_index_zval(addtl, &retval);
}