standard dns.c

Antony Dovgal Fri, 21 Oct 2005 06:56:41 -0700

tony2001                Fri Oct 21 09:48:11 2005 EDT

  Modified files:              
    /php-src/ext/standard       dns.c 
  Log:
  fix possible crash in dns_get_record()
  cleanup code a bit
  (partly fixes #34938)
  
  
http://cvs.php.net/diff.php/php-src/ext/standard/dns.c?r1=1.71&r2=1.72&ty=u
Index: php-src/ext/standard/dns.c
diff -u php-src/ext/standard/dns.c:1.71 php-src/ext/standard/dns.c:1.72
--- php-src/ext/standard/dns.c:1.71     Tue Aug 23 08:53:22 2005
+++ php-src/ext/standard/dns.c  Fri Oct 21 09:48:07 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dns.c,v 1.71 2005/08/23 12:53:22 dmitry Exp $ */
+/* $Id: dns.c,v 1.72 2005/10/21 13:48:07 tony2001 Exp $ */
 
 /* {{{ includes */
 #include "php.h"
@@ -381,6 +381,8 @@
        char name[MAXHOSTNAMELEN];
        int have_v6_break = 0, in_v6_break = 0;
 
+       *subarray = NULL;
+
        n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof(name)) 
- 2);
        if (n < 0) {
                return NULL;
@@ -392,13 +394,11 @@
        GETLONG(ttl, cp);
        GETSHORT(dlen, cp);
        if (type_to_fetch != T_ANY && type != type_to_fetch) {
-               *subarray = NULL;
                cp += dlen;
                return cp;
        }
 
        if (!store) {
-               *subarray = NULL;
                cp += dlen;
                return cp;
        }
@@ -648,7 +648,7 @@
        int type_to_fetch, type_param = PHP_DNS_ANY;
        struct __res_state res;
        HEADER *hp;
-       querybuf buf, answer, *ans;
+       querybuf buf, answer;
        u_char *cp = NULL, *end = NULL;
        long n, qd, an, ns = 0, ar = 0;
        int type, first_query = 1, store_results = 1;
@@ -663,12 +663,14 @@
                        if (zend_get_parameters(ht, 2, &host, &fetch_type) == 
FAILURE) {
                                WRONG_PARAM_COUNT;
                        }
+                       convert_to_long(fetch_type);
                        type_param = Z_LVAL_P(fetch_type);
                        break;
                case 4:
                        if (zend_get_parameters(ht, 4, &host, &fetch_type, 
&authns, &addtl) == FAILURE) {
                                WRONG_PARAM_COUNT;
                        }
+                       convert_to_long(fetch_type);
                        type_param = Z_LVAL_P(fetch_type);
                        pval_destructor(authns);
                        addtl_recs = 1;         /* We want the additional 
Records */
@@ -764,13 +766,12 @@
                
                        cp = answer.qb2 + HFIXEDSZ;
                        end = answer.qb2 + n;
-                       ans = &answer;
-                       hp = (HEADER *)ans;
+                       hp = (HEADER *)&answer;
                        qd = ntohs(hp->qdcount);
                        an = ntohs(hp->ancount);
                        ns = ntohs(hp->nscount);
                        ar = ntohs(hp->arcount);
-               
+       
                        /* Skip QD entries, they're only used by dn_expand 
later on */
                        while (qd-- > 0) {
                                n = dn_skipname(cp, end);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /ext/standard dns.c

Reply via email to