Add mitigation for CVE-2015-0235 (bug #68925)

2024-11-24 10:24:11 +08:00 · 2015-01-31 18:59:18 -08:00 · 2015-01-31 18:59:18 -08:00 · 882a375dba
commit 882a375dba
parent 237128603f
4 changed files with 9 additions and 3 deletions
--- a/3
+++ b/3
@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2015, PHP 5.5.22

+- Core:
+  . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
+    buffer overflow). (Stas)

 - Date:
  . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
--- a/ext/sockets/sockaddr_conv.c
+++ b/ext/sockets/sockaddr_conv.c
@ -9,6 +9,10 @@
 #include <arpa/inet.h>
 #endif

+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 255
+#endif
+
 extern int php_string_to_if_index(const char *val, unsigned *out TSRMLS_DC);

 #if HAVE_IPV6
@ -90,7 +94,7 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
 	if (inet_aton(string, &tmp)) {
 		sin->sin_addr.s_addr = tmp.s_addr;
 	} else {
-		if (! (host_entry = gethostbyname(string))) {
+		if (strlen(string) > MAXHOSTNAMELEN || ! (host_entry = gethostbyname(string))) {
 			/* Note: < -10000 indicates a host lookup error */
 #ifdef PHP_WIN32
 			PHP_SOCKET_ERROR(php_sock, "Host lookup failed", WSAGetLastError());
--- a/main/network.c
+++ b/main/network.c
@ -27,7 +27,6 @@
 #include <errno.h>


-
 #ifdef PHP_WIN32
 # include <Ws2tcpip.h>
 # include "win32/inet.h"