Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4: Add mitigation for CVE-2015-0235 (bug #68925)
author: Stanislav Malyshev <stas@php.net> 2015-01-31 19:08:37 -0800
committer: Stanislav Malyshev <stas@php.net> 2015-01-31 19:08:37 -0800
commit: 237128603f99a97da9d0d261b8d0849f27b4c7b8 (patch)
tree: b22950edbec46949e587be43acc15fa4100bd5e1 /sapi/cgi/fastcgi.c
parent: c8a12508c748a546d9dab14b3eb2c4a94ca279cc (diff)
parent: 0f9c708229d7d4f4eff96c30cff7a2339f738511 (diff)
download: php-git-237128603f99a97da9d0d261b8d0849f27b4c7b8.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/sapi/cgi/fastcgi.c b/sapi/cgi/fastcgi.c
index 5e9e4c89c4..7d39d6139b 100644
--- a/sapi/cgi/fastcgi.c
+++ b/sapi/cgi/fastcgi.c
@@ -611,7 +611,11 @@ int fcgi_listen(const char *path, int backlog)
 			if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
 				struct hostent *hep;
 
-				hep = gethostbyname(host);
+				if(strlen(host) > MAXHOSTNAMELEN) {
+					hep = NULL;
+				} else {
+					hep = gethostbyname(host);
+				}
 				if (!hep || hep->h_addrtype != AF_INET || !hep->h_addr_list[0]) {
 					fprintf(stderr, "Cannot resolve host name '%s'!\n", host);
 					return -1;
author	Stanislav Malyshev <stas@php.net>	2015-01-31 19:08:37 -0800
committer	Stanislav Malyshev <stas@php.net>	2015-01-31 19:08:37 -0800
commit	237128603f99a97da9d0d261b8d0849f27b4c7b8 (patch)
tree	b22950edbec46949e587be43acc15fa4100bd5e1 /sapi/cgi/fastcgi.c
parent	c8a12508c748a546d9dab14b3eb2c4a94ca279cc (diff)
parent	0f9c708229d7d4f4eff96c30cff7a2339f738511 (diff)
download	php-git-237128603f99a97da9d0d261b8d0849f27b4c7b8.tar.gz