Browse Source

Add mitigation for CVE-2015-0235 (bug #68925)

pull/1063/head
Stanislav Malyshev 12 years ago
parent
commit
882a375dba
  1. 3
      NEWS
  2. 6
      ext/sockets/sockaddr_conv.c
  3. 2
      ext/standard/string.c
  4. 1
      main/network.c

3
NEWS

@ -2,6 +2,9 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2015, PHP 5.5.22
- Core:
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
- Date:
. Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)

6
ext/sockets/sockaddr_conv.c

@ -9,6 +9,10 @@
#include <arpa/inet.h>
#endif
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 255
#endif
extern int php_string_to_if_index(const char *val, unsigned *out TSRMLS_DC);
#if HAVE_IPV6
@ -90,7 +94,7 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
if (inet_aton(string, &tmp)) {
sin->sin_addr.s_addr = tmp.s_addr;
} else {
if (! (host_entry = gethostbyname(string))) {
if (strlen(string) > MAXHOSTNAMELEN || ! (host_entry = gethostbyname(string))) {
/* Note: < -10000 indicates a host lookup error */
#ifdef PHP_WIN32
PHP_SOCKET_ERROR(php_sock, "Host lookup failed", WSAGetLastError());

2
ext/standard/string.c

@ -3940,7 +3940,7 @@ static void php_str_replace_in_subject(zval *search, zval *replace, zval **subje
replace_value, replace_len, &Z_STRLEN(temp_result), case_sensitivity, replace_count);
}
str_efree(Z_STRVAL_P(result));
str_efree(Z_STRVAL_P(result));
Z_STRVAL_P(result) = Z_STRVAL(temp_result);
Z_STRLEN_P(result) = Z_STRLEN(temp_result);

1
main/network.c

@ -27,7 +27,6 @@
#include <errno.h>
#ifdef PHP_WIN32
# include <Ws2tcpip.h>
# include "win32/inet.h"

Loading…
Cancel
Save