diff options
author | Stanislav Malyshev <stas@php.net> | 2015-01-31 18:59:18 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-01-31 19:10:52 -0800 |
commit | 882a375dbad4ecb1fddd9dd80f1a1350299629c1 (patch) | |
tree | 0c80b087f5e4e32a3d13dea34094d9c177d00728 | |
parent | 237128603f99a97da9d0d261b8d0849f27b4c7b8 (diff) | |
download | php-git-882a375dbad4ecb1fddd9dd80f1a1350299629c1.tar.gz |
Add mitigation for CVE-2015-0235 (bug #68925)
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/sockets/sockaddr_conv.c | 6 | ||||
-rw-r--r-- | ext/standard/string.c | 2 | ||||
-rw-r--r-- | main/network.c | 1 |
4 files changed, 9 insertions, 3 deletions
@@ -2,6 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2015, PHP 5.5.22 +- Core: + . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname + buffer overflow). (Stas) - Date: . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick) diff --git a/ext/sockets/sockaddr_conv.c b/ext/sockets/sockaddr_conv.c index 1c1a90d58f..80807dd243 100644 --- a/ext/sockets/sockaddr_conv.c +++ b/ext/sockets/sockaddr_conv.c @@ -9,6 +9,10 @@ #include <arpa/inet.h> #endif +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 255 +#endif + extern int php_string_to_if_index(const char *val, unsigned *out TSRMLS_DC); #if HAVE_IPV6 @@ -90,7 +94,7 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc if (inet_aton(string, &tmp)) { sin->sin_addr.s_addr = tmp.s_addr; } else { - if (! (host_entry = gethostbyname(string))) { + if (strlen(string) > MAXHOSTNAMELEN || ! (host_entry = gethostbyname(string))) { /* Note: < -10000 indicates a host lookup error */ #ifdef PHP_WIN32 PHP_SOCKET_ERROR(php_sock, "Host lookup failed", WSAGetLastError()); diff --git a/ext/standard/string.c b/ext/standard/string.c index cb212b49c2..410535b41c 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -3940,7 +3940,7 @@ static void php_str_replace_in_subject(zval *search, zval *replace, zval **subje replace_value, replace_len, &Z_STRLEN(temp_result), case_sensitivity, replace_count); } - str_efree(Z_STRVAL_P(result)); + str_efree(Z_STRVAL_P(result)); Z_STRVAL_P(result) = Z_STRVAL(temp_result); Z_STRLEN_P(result) = Z_STRLEN(temp_result); diff --git a/main/network.c b/main/network.c index 702509a9d9..c93e366cc6 100644 --- a/main/network.c +++ b/main/network.c @@ -27,7 +27,6 @@ #include <errno.h> - #ifdef PHP_WIN32 # include <Ws2tcpip.h> # include "win32/inet.h" |