1 files changed, 13 insertions, 0 deletions

diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index b5cfb1d3e4..3bc8a239c2 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -221,6 +221,12 @@ PHP_FUNCTION(gethostbyname)
 		return;
 	}
 
+	if(hostname_len > MAXFQDNLEN) {
+		/* name too long, protect from CVE-2015-0235 */
+		php_error_docref(NULL, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
+		RETURN_STRINGL(hostname, hostname_len);
+	}
+
 	RETURN_STR(php_gethostbyname(hostname));
 }
 /* }}} */
@@ -239,6 +245,12 @@ PHP_FUNCTION(gethostbynamel)
 		return;
 	}
 
+	if(hostname_len > MAXFQDNLEN) {
+		/* name too long, protect from CVE-2015-0235 */
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Host name is too long, the limit is %d characters", MAXFQDNLEN);
+		RETURN_FALSE;
+	}
+
 	hp = gethostbyname(hostname);
 	if (hp == NULL || hp->h_addr_list == NULL) {
 		RETURN_FALSE;
@@ -457,6 +469,7 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
 	add_assoc_string(subarray, "host", name);
 	add_assoc_string(subarray, "class", "IN");
 	add_assoc_long(subarray, "ttl", ttl);
+	(void) class;
 
 	if (raw) {
 		add_assoc_long(subarray, "type", type);