tony2001 Fri Oct 21 09:49:03 2005 EDT Modified files: (Branch: PHP_5_1) /php-src/ext/standard dns.c Log: MFH: fix possible crash in dns_get_record() cleanup code a bit (partly fixes #34938) http://cvs.php.net/diff.php/php-src/ext/standard/dns.c?r1=1.70&r2=1.70.2.1&ty=u Index: php-src/ext/standard/dns.c diff -u php-src/ext/standard/dns.c:1.70 php-src/ext/standard/dns.c:1.70.2.1 --- php-src/ext/standard/dns.c:1.70 Wed Aug 3 10:07:58 2005 +++ php-src/ext/standard/dns.c Fri Oct 21 09:49:01 2005 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: dns.c,v 1.70 2005/08/03 14:07:58 sniper Exp $ */ +/* $Id: dns.c,v 1.70.2.1 2005/10/21 13:49:01 tony2001 Exp $ */ /* {{{ includes */ #include "php.h" @@ -373,6 +373,8 @@ char name[MAXHOSTNAMELEN]; int have_v6_break = 0, in_v6_break = 0; + *subarray = NULL; + n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof(name)) - 2); if (n < 0) { return NULL; @@ -384,13 +386,11 @@ GETLONG(ttl, cp); GETSHORT(dlen, cp); if (type_to_fetch != T_ANY && type != type_to_fetch) { - *subarray = NULL; cp += dlen; return cp; } if (!store) { - *subarray = NULL; cp += dlen; return cp; } @@ -640,7 +640,7 @@ int type_to_fetch, type_param = PHP_DNS_ANY; struct __res_state res; HEADER *hp; - querybuf buf, answer, *ans; + querybuf buf, answer; u_char *cp = NULL, *end = NULL; long n, qd, an, ns = 0, ar = 0; int type, first_query = 1, store_results = 1; @@ -655,12 +655,14 @@ if (zend_get_parameters(ht, 2, &host, &fetch_type) == FAILURE) { WRONG_PARAM_COUNT; } + convert_to_long(fetch_type); type_param = Z_LVAL_P(fetch_type); break; case 4: if (zend_get_parameters(ht, 4, &host, &fetch_type, &authns, &addtl) == FAILURE) { WRONG_PARAM_COUNT; } + convert_to_long(fetch_type); type_param = Z_LVAL_P(fetch_type); pval_destructor(authns); addtl_recs = 1; /* We want the additional Records */ @@ -756,13 +758,12 @@ cp = answer.qb2 + HFIXEDSZ; end = answer.qb2 + n; - ans = &answer; - hp = (HEADER *)ans; + hp = (HEADER *)&answer; qd = ntohs(hp->qdcount); an = ntohs(hp->ancount); ns = ntohs(hp->nscount); ar = ntohs(hp->arcount); - + /* Skip QD entries, they're only used by dn_expand later on */ while (qd-- > 0) { n = dn_skipname(cp, end);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php