Skip to content

Commit

Permalink
Fix bug #78008: dns_check_record() always return true on Alpine
Browse files Browse the repository at this point in the history 
- free handle before return result
- cleaned up remaining usage of MAXPACKET
- update dns_get_mx() to use the same approach

Closes GH-5854.
  • Loading branch information
@andypost @nikic
andypost authored and nikic committed Jul 15, 2020
1 parent ce149b0 commit 2c57378
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 18 deletions.
2 changes: 2 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ PHP NEWS
- Standard:
. Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
. Fixed bug #79817 (str_replace() does not handle INDIRECT elements). (Nikita)
. Fixed bug #78008 (dns_check_record() always return true on Alpine).
(Andy Postnikov)

?? ??? ????, PHP 7.3.20

Expand Down
32 changes: 14 additions & 18 deletions ext/standard/dns.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,10 +349,8 @@ static void _php_dns_free_res(struct __res_state *res) { /* {{{ */
Check DNS records corresponding to a given Internet host name or IP address */
PHP_FUNCTION(dns_check_record)
{
#ifndef MAXPACKET
#define MAXPACKET 8192 /* max packet size used internally by BIND */
#endif
u_char ans[MAXPACKET];
HEADER *hp;
querybuf answer;
char *hostname, *rectype = NULL;
size_t hostname_len, rectype_len = 0;
int type = T_MX, i;
Expand Down Expand Up @@ -410,14 +408,14 @@ PHP_FUNCTION(dns_check_record)
res_init();
#endif

RETVAL_TRUE;
i = php_dns_search(handle, hostname, C_IN, type, ans, sizeof(ans));
i = php_dns_search(handle, hostname, C_IN, type, answer.qb2, sizeof answer);
php_dns_free_handle(handle);

if (i < 0) {
RETVAL_FALSE;
RETURN_FALSE;
}

php_dns_free_handle(handle);
hp = (HEADER *)&answer;
RETURN_BOOL(ntohs(hp->ancount) != 0);
}
/* }}} */

Expand Down Expand Up @@ -1033,7 +1031,7 @@ PHP_FUNCTION(dns_get_mx)
zval *mx_list, *weight_list = NULL;
int count, qdc;
u_short type, weight;
u_char ans[MAXPACKET];
querybuf answer;
char buf[MAXHOSTNAMELEN];
HEADER *hp;
u_char *cp, *end;
Expand Down Expand Up @@ -1076,16 +1074,14 @@ PHP_FUNCTION(dns_get_mx)
res_init();
#endif

i = php_dns_search(handle, hostname, C_IN, DNS_T_MX, (u_char *)&ans, sizeof(ans));
i = php_dns_search(handle, hostname, C_IN, DNS_T_MX, answer.qb2, sizeof answer);
if (i < 0) {
php_dns_free_handle(handle);
RETURN_FALSE;
}
if (i > (int)sizeof(ans)) {
i = sizeof(ans);
}
hp = (HEADER *)&ans;
cp = (u_char *)&ans + HFIXEDSZ;
end = (u_char *)&ans +i;
hp = (HEADER *)&answer;
cp = answer.qb2 + HFIXEDSZ;
end = answer.qb2 + i;
for (qdc = ntohs((unsigned short)hp->qdcount); qdc--; cp += i + QFIXEDSZ) {
if ((i = dn_skipname(cp, end)) < 0 ) {
php_dns_free_handle(handle);
Expand All @@ -1107,7 +1103,7 @@ PHP_FUNCTION(dns_get_mx)
continue;
}
GETSHORT(weight, cp);
if ((i = dn_expand(ans, end, cp, buf, sizeof(buf)-1)) < 0) {
if ((i = dn_expand(answer.qb2, end, cp, buf, sizeof(buf)-1)) < 0) {
php_dns_free_handle(handle);
RETURN_FALSE;
}
Expand Down

0 comments on commit 2c57378

Please sign in to comment.