Skip to content

Commit 2ff7675

Browse files
GirgiasGirgias
committed
DNS
1 parent d4b28fc commit 2ff7675

File tree

2 files changed

+31
-23
lines changed

2 files changed

+31
-23
lines changed

ext/standard/dns.c

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,7 @@ PHP_FUNCTION(gethostbyaddr)
153153
hostname = php_gethostbyaddr(addr);
154154

155155
if (hostname == NULL) {
156+
// TODO Convert to ValueError?
156157
#if HAVE_IPV6 && HAVE_INET_PTON
157158
php_error_docref(NULL, E_WARNING, "Address is not a valid IPv4 or IPv6 address");
158159
#else
@@ -210,10 +211,10 @@ PHP_FUNCTION(gethostbyname)
210211
Z_PARAM_STRING(hostname, hostname_len)
211212
ZEND_PARSE_PARAMETERS_END();
212213

213-
if(hostname_len > MAXFQDNLEN) {
214+
if (hostname_len > MAXFQDNLEN) {
214215
/* name too long, protect from CVE-2015-0235 */
215-
php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
216-
RETURN_STRINGL(hostname, hostname_len);
216+
zend_argument_value_error(1, "must be less than %d characters", MAXFQDNLEN);
217+
RETURN_THROWS();
217218
}
218219

219220
RETURN_STR(php_gethostbyname(hostname));
@@ -233,11 +234,11 @@ PHP_FUNCTION(gethostbynamel)
233234
Z_PARAM_STRING(hostname, hostname_len)
234235
ZEND_PARSE_PARAMETERS_END();
235236

236-
if(hostname_len > MAXFQDNLEN) {
237-
/* name too long, protect from CVE-2015-0235 */
238-
php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
239-
RETURN_FALSE;
240-
}
237+
if (hostname_len > MAXFQDNLEN) {
238+
/* name too long, protect from CVE-2015-0235 */
239+
zend_argument_value_error(1, "must be less than %d characters", MAXFQDNLEN);
240+
RETURN_THROWS();
241+
}
241242

242243
hp = php_network_gethostbyname(hostname);
243244
if (!hp) {
@@ -395,8 +396,9 @@ PHP_FUNCTION(dns_check_record)
395396
else if (!strcasecmp("NAPTR", rectype)) type = DNS_T_NAPTR;
396397
else if (!strcasecmp("A6", rectype)) type = DNS_T_A6;
397398
else {
398-
php_error_docref(NULL, E_WARNING, "Type '%s' not supported", rectype);
399-
RETURN_FALSE;
399+
zend_argument_value_error(2, "must be one of \"A\", \"NS\", \"MX\", \"PTR\", \"ANY\", \"SAO\", \"CAA\", "
400+
"\"TXT\", \"CNAME\", \"AAAA\", \"SRV\", \"NAPTR\", or \"A6\"");
401+
RETURN_THROWS();
400402
}
401403
}
402404

@@ -839,14 +841,14 @@ PHP_FUNCTION(dns_get_record)
839841

840842
if (!raw) {
841843
if ((type_param & ~PHP_DNS_ALL) && (type_param != PHP_DNS_ANY)) {
842-
php_error_docref(NULL, E_WARNING, "Type '" ZEND_LONG_FMT "' not supported", type_param);
843-
RETURN_FALSE;
844+
zend_argument_value_error(2, "must be one of DNS_A, DNS_CNAME, DNS_HINFO, DNS_CAA, DNS_MX, "
845+
"DNS_NS, DNS_PTR, DNS_SOA, DNS_TXT, DNS_AAAA, DNS_SRV, DNS_NAPTR, DNS_A6, DNS_ALL, or DNS_ANY");
846+
RETURN_THROWS();
844847
}
845848
} else {
846849
if ((type_param < 1) || (type_param > 0xFFFF)) {
847-
php_error_docref(NULL, E_WARNING,
848-
"Numeric DNS record type must be between 1 and 65535, '" ZEND_LONG_FMT "' given", type_param);
849-
RETURN_FALSE;
850+
zend_argument_value_error(2, "must be between 1 and 65535 when Argument #5 ($raw) is true");
851+
RETURN_THROWS();
850852
}
851853
}
852854

ext/standard/tests/network/bug68925.phpt

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,18 @@
22
Bug #68925 (CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow)
33
--FILE--
44
<?php
5-
var_dump(gethostbyname(str_repeat("0", 2501)));
6-
var_dump(gethostbynamel(str_repeat("0", 2501)));
7-
?>
8-
--EXPECTF--
9-
Warning: gethostbyname(): Host name is too long, the limit is %d characters in %s%ebug68925.php on line %d
10-
string(2501) "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
5+
try {
6+
var_dump(gethostbyname(str_repeat("0", 2501)));
7+
} catch (\ValueError $e) {
8+
echo $e->getMessage() . \PHP_EOL;
9+
}
10+
try {
11+
var_dump(gethostbynamel(str_repeat("0", 2501)));
12+
} catch (\ValueError $e) {
13+
echo $e->getMessage() . \PHP_EOL;
14+
}
1115

12-
Warning: gethostbynamel(): Host name is too long, the limit is %d characters in %s%ebug68925.php on line %d
13-
bool(false)
16+
?>
17+
--EXPECT--
18+
gethostbyname(): Argument #1 ($hostname) must be less than 255 characters
19+
gethostbynamel(): Argument #1 ($hostname) must be less than 255 characters

0 commit comments

Comments
 (0)