Skip to content

Commit 077687f

Browse files
GirgiasGirgias
committed
DNS
1 parent b92cb66 commit 077687f

File tree

2 files changed

+31
-23
lines changed

2 files changed

+31
-23
lines changed

ext/standard/dns.c

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ PHP_FUNCTION(gethostbyaddr)
155155
hostname = php_gethostbyaddr(addr);
156156

157157
if (hostname == NULL) {
158+
// TODO Convert to ValueError?
158159
#if HAVE_IPV6 && HAVE_INET_PTON
159160
php_error_docref(NULL, E_WARNING, "Address is not a valid IPv4 or IPv6 address");
160161
#else
@@ -213,10 +214,10 @@ PHP_FUNCTION(gethostbyname)
213214
Z_PARAM_STRING(hostname, hostname_len)
214215
ZEND_PARSE_PARAMETERS_END();
215216

216-
if(hostname_len > MAXFQDNLEN) {
217+
if (hostname_len > MAXFQDNLEN) {
217218
/* name too long, protect from CVE-2015-0235 */
218-
php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
219-
RETURN_STRINGL(hostname, hostname_len);
219+
zend_argument_value_error(1, "must be less than %d characters", MAXFQDNLEN);
220+
RETURN_THROWS();
220221
}
221222

222223
RETURN_STR(php_gethostbyname(hostname));
@@ -237,11 +238,11 @@ PHP_FUNCTION(gethostbynamel)
237238
Z_PARAM_STRING(hostname, hostname_len)
238239
ZEND_PARSE_PARAMETERS_END();
239240

240-
if(hostname_len > MAXFQDNLEN) {
241-
/* name too long, protect from CVE-2015-0235 */
242-
php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
243-
RETURN_FALSE;
244-
}
241+
if (hostname_len > MAXFQDNLEN) {
242+
/* name too long, protect from CVE-2015-0235 */
243+
zend_argument_value_error(1, "must be less than %d characters", MAXFQDNLEN);
244+
RETURN_THROWS();
245+
}
245246

246247
hp = php_network_gethostbyname(hostname);
247248
if (!hp) {
@@ -400,8 +401,9 @@ PHP_FUNCTION(dns_check_record)
400401
else if (!strcasecmp("NAPTR", rectype)) type = DNS_T_NAPTR;
401402
else if (!strcasecmp("A6", rectype)) type = DNS_T_A6;
402403
else {
403-
php_error_docref(NULL, E_WARNING, "Type '%s' not supported", rectype);
404-
RETURN_FALSE;
404+
zend_argument_value_error(2, "must be one of \"A\", \"NS\", \"MX\", \"PTR\", \"ANY\", \"SAO\", \"CAA\", "
405+
"\"TXT\", \"CNAME\", \"AAAA\", \"SRV\", \"NAPTR\", or \"A6\"");
406+
RETURN_THROWS();
405407
}
406408
}
407409

@@ -845,14 +847,14 @@ PHP_FUNCTION(dns_get_record)
845847

846848
if (!raw) {
847849
if ((type_param & ~PHP_DNS_ALL) && (type_param != PHP_DNS_ANY)) {
848-
php_error_docref(NULL, E_WARNING, "Type '" ZEND_LONG_FMT "' not supported", type_param);
849-
RETURN_FALSE;
850+
zend_argument_value_error(2, "must be one of DNS_A, DNS_CNAME, DNS_HINFO, DNS_CAA, DNS_MX, "
851+
"DNS_NS, DNS_PTR, DNS_SOA, DNS_TXT, DNS_AAAA, DNS_SRV, DNS_NAPTR, DNS_A6, DNS_ALL, or DNS_ANY");
852+
RETURN_THROWS();
850853
}
851854
} else {
852855
if ((type_param < 1) || (type_param > 0xFFFF)) {
853-
php_error_docref(NULL, E_WARNING,
854-
"Numeric DNS record type must be between 1 and 65535, '" ZEND_LONG_FMT "' given", type_param);
855-
RETURN_FALSE;
856+
zend_argument_value_error(2, "must be between 1 and 65535 when Argument #5 ($raw) is true");
857+
RETURN_THROWS();
856858
}
857859
}
858860

ext/standard/tests/network/bug68925.phpt

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,18 @@
22
Bug #68925 (CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow)
33
--FILE--
44
<?php
5-
var_dump(gethostbyname(str_repeat("0", 2501)));
6-
var_dump(gethostbynamel(str_repeat("0", 2501)));
7-
?>
8-
--EXPECTF--
9-
Warning: gethostbyname(): Host name is too long, the limit is %d characters in %s%ebug68925.php on line %d
10-
string(2501) "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
5+
try {
6+
var_dump(gethostbyname(str_repeat("0", 2501)));
7+
} catch (\ValueError $e) {
8+
echo $e->getMessage() . \PHP_EOL;
9+
}
10+
try {
11+
var_dump(gethostbynamel(str_repeat("0", 2501)));
12+
} catch (\ValueError $e) {
13+
echo $e->getMessage() . \PHP_EOL;
14+
}
1115

12-
Warning: gethostbynamel(): Host name is too long, the limit is %d characters in %s%ebug68925.php on line %d
13-
bool(false)
16+
?>
17+
--EXPECT--
18+
gethostbyname(): Argument #1 ($hostname) must be less than 255 characters
19+
gethostbynamel(): Argument #1 ($hostname) must be less than 255 characters

0 commit comments

Comments
 (0)