standard dns.c

Antony Dovgal Fri, 21 Oct 2005 06:56:56 -0700

tony2001                Fri Oct 21 09:49:22 2005 EDT

  Modified files:              (Branch: PHP_5_0)
    /php-src/ext/standard       dns.c 
  Log:
  MFH: fix possible crash in dns_get_record()
  cleanup code a bit
  (partly fixes #34938)
  
  
http://cvs.php.net/diff.php/php-src/ext/standard/dns.c?r1=1.68&r2=1.68.2.1&ty=u
Index: php-src/ext/standard/dns.c
diff -u php-src/ext/standard/dns.c:1.68 php-src/ext/standard/dns.c:1.68.2.1
--- php-src/ext/standard/dns.c:1.68     Fri Mar 19 17:21:53 2004
+++ php-src/ext/standard/dns.c  Fri Oct 21 09:49:22 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dns.c,v 1.68 2004/03/19 22:21:53 pollita Exp $ */
+/* $Id: dns.c,v 1.68.2.1 2005/10/21 13:49:22 tony2001 Exp $ */
 
 /* {{{ includes */
 #include "php.h"
@@ -330,6 +330,8 @@
        u_char *tp;
        char name[MAXHOSTNAMELEN];
 
+       *subarray = NULL;
+
        n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof(name)) 
- 2);
        if (n < 0) {
                return NULL;
@@ -341,13 +343,11 @@
        GETLONG(ttl, cp);
        GETSHORT(dlen, cp);
        if (type_to_fetch != T_ANY && type != type_to_fetch) {
-               *subarray = NULL;
                cp += dlen;
                return cp;
        }
 
        if (!store) {
-               *subarray = NULL;
                cp += dlen;
                return cp;
        }
@@ -520,7 +520,7 @@
        int type_to_fetch, type_param = PHP_DNS_ANY;
        struct __res_state res;
        HEADER *hp;
-       querybuf buf, answer, *ans;
+       querybuf buf, answer;
        u_char *cp = NULL, *end = NULL;
        long n, qd, an, ns = 0, ar = 0;
        int type, first_query = 1, store_results = 1;
@@ -535,12 +535,14 @@
                        if (zend_get_parameters(ht, 2, &host, &fetch_type) == 
FAILURE) {
                                WRONG_PARAM_COUNT;
                        }
+                       convert_to_long(fetch_type);
                        type_param = Z_LVAL_P(fetch_type);
                        break;
                case 4:
                        if (zend_get_parameters(ht, 4, &host, &fetch_type, 
&authns, &addtl) == FAILURE) {
                                WRONG_PARAM_COUNT;
                        }
+                       convert_to_long(fetch_type);
                        type_param = Z_LVAL_P(fetch_type);
                        pval_destructor(authns);
                        addtl_recs = 1;         /* We want the additional 
Records */
@@ -646,13 +648,12 @@
                
                        cp = answer.qb2 + HFIXEDSZ;
                        end = answer.qb2 + n;
-                       ans = &answer;
-                       hp = (HEADER *)ans;
+                       hp = (HEADER *)&answer;
                        qd = ntohs(hp->qdcount);
                        an = ntohs(hp->ancount);
                        ns = ntohs(hp->nscount);
                        ar = ntohs(hp->arcount);
-               
+       
                        /* Skip QD entries, they're only used by dn_expand 
later on */
                        while (qd-- > 0) {
                                n = dn_skipname(cp, end);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_0) /ext/standard dns.c

Reply via email to