Hi!
does this indicate any problems with PHP?
No.
That said, it may make sense to put a cap on gethostbyname() argument as
a public service, if we can find a good limit. IIRC, there are limits on
both FQDN and hostname component lengths, so if we check for these
limits, we may add protection
On 30/01/2015 18:42, Robert Williams wrote:
% php -r '$e=0;for($i=0;$i2500;$i++){$e=0$e;} gethostbyname($e);’
What’s not being discussed is how it works. From the naive viewpoint of a PHP
end-user, I’d expect this one-liner to have the same effect:
% php -r '$e=0$e; gethostbyname($e);’
But
On 30 January 2015 at 19:05, Patrick Schaaf p...@bof.de wrote:
Am 30.01.2015 19:43 schrieb Robert Williams rewilli...@thesba.com:
% php -r '$e=0;for($i=0;$i2500;$i++){$e=0$e;} gethostbyname($e);’
What a funny way to say gethostbyname(str_repeat(0, 2501));
does this indicate any problems
Am 30.01.2015 20:09 schrieb Leigh lei...@gmail.com:
Well, I guess in theory we should be limiting the size of input to
gethostbyname to 255 characters.
Yeah, but in theory the C library gethostbyname() should do the same...
There will be a lot of things that could be checked up-front instead
On Jan 30, 2015, at 12:05, Patrick Schaaf p...@bof.demailto:p...@bof.de
wrote:
% php -r '$e=0;for($i=0;$i2500;$i++){$e=0$e;} gethostbyname($e);’
What a funny way to say gethostbyname(str_repeat(0, 2501));
Wow, I somehow missed the interpolation of $e into the value… self-slap.
Guess I was too
A PHP one-liner is being bandied about as one test of the recently discovered
Ghost vulnerability in gethostbyname(). Taken from:
http://ma.ttias.be/quick-tests-ghost-gethostbyname-vulnerability-cve-2015-0235/
Here it is:
% php -r '$e=0;for($i=0;$i2500;$i++){$e=0$e;} gethostbyname($e);’
Am 30.01.2015 19:43 schrieb Robert Williams rewilli...@thesba.com:
% php -r '$e=0;for($i=0;$i2500;$i++){$e=0$e;} gethostbyname($e);’
What a funny way to say gethostbyname(str_repeat(0, 2501));
does this indicate any problems with PHP?
No.
best regards
Patrick
