standard dns.c

Antony Dovgal Fri, 21 Oct 2005 06:56:48 -0700

tony2001                Fri Oct 21 09:49:03 2005 EDT

  Modified files:              (Branch: PHP_5_1)
    /php-src/ext/standard       dns.c 
  Log:
  MFH: fix possible crash in dns_get_record()
  cleanup code a bit
  (partly fixes #34938)
  
  
http://cvs.php.net/diff.php/php-src/ext/standard/dns.c?r1=1.70&r2=1.70.2.1&ty=u
Index: php-src/ext/standard/dns.c
diff -u php-src/ext/standard/dns.c:1.70 php-src/ext/standard/dns.c:1.70.2.1
--- php-src/ext/standard/dns.c:1.70     Wed Aug  3 10:07:58 2005
+++ php-src/ext/standard/dns.c  Fri Oct 21 09:49:01 2005
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dns.c,v 1.70 2005/08/03 14:07:58 sniper Exp $ */
+/* $Id: dns.c,v 1.70.2.1 2005/10/21 13:49:01 tony2001 Exp $ */
 
 /* {{{ includes */
 #include "php.h"
@@ -373,6 +373,8 @@
        char name[MAXHOSTNAMELEN];
        int have_v6_break = 0, in_v6_break = 0;
 
+       *subarray = NULL;
+
        n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof(name)) 
- 2);
        if (n < 0) {
                return NULL;
@@ -384,13 +386,11 @@
        GETLONG(ttl, cp);
        GETSHORT(dlen, cp);
        if (type_to_fetch != T_ANY && type != type_to_fetch) {
-               *subarray = NULL;
                cp += dlen;
                return cp;
        }
 
        if (!store) {
-               *subarray = NULL;
                cp += dlen;
                return cp;
        }
@@ -640,7 +640,7 @@
        int type_to_fetch, type_param = PHP_DNS_ANY;
        struct __res_state res;
        HEADER *hp;
-       querybuf buf, answer, *ans;
+       querybuf buf, answer;
        u_char *cp = NULL, *end = NULL;
        long n, qd, an, ns = 0, ar = 0;
        int type, first_query = 1, store_results = 1;
@@ -655,12 +655,14 @@
                        if (zend_get_parameters(ht, 2, &host, &fetch_type) == 
FAILURE) {
                                WRONG_PARAM_COUNT;
                        }
+                       convert_to_long(fetch_type);
                        type_param = Z_LVAL_P(fetch_type);
                        break;
                case 4:
                        if (zend_get_parameters(ht, 4, &host, &fetch_type, 
&authns, &addtl) == FAILURE) {
                                WRONG_PARAM_COUNT;
                        }
+                       convert_to_long(fetch_type);
                        type_param = Z_LVAL_P(fetch_type);
                        pval_destructor(authns);
                        addtl_recs = 1;         /* We want the additional 
Records */
@@ -756,13 +758,12 @@
                
                        cp = answer.qb2 + HFIXEDSZ;
                        end = answer.qb2 + n;
-                       ans = &answer;
-                       hp = (HEADER *)ans;
+                       hp = (HEADER *)&answer;
                        qd = ntohs(hp->qdcount);
                        an = ntohs(hp->ancount);
                        ns = ntohs(hp->nscount);
                        ar = ntohs(hp->arcount);
-               
+       
                        /* Skip QD entries, they're only used by dn_expand 
later on */
                        while (qd-- > 0) {
                                n = dn_skipname(cp, end);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_1) /ext/standard dns.c

Reply via email to