Skip to content

Don't overflow the buffer on bad DNS TXT records#690

Closed
ptarjan wants to merge 1 commit into
php:masterfrom
ptarjan:master
Closed

Don't overflow the buffer on bad DNS TXT records#690
ptarjan wants to merge 1 commit into
php:masterfrom
ptarjan:master

Conversation

@ptarjan
Copy link
Copy Markdown
Contributor

@ptarjan ptarjan commented Jun 10, 2014

dlen can be small but then the chunk length could exceed it and
overrun the buffer.

An example site with this bug is berlin.polemb.net running this code:

  $types = array('AAAA' => 1, 'A' => 1);
  $records = dns_get_record("berlin.polemb.net",
                            DNS_A | DNS_TXT | DNS_AAAA | DNS_CNAME,
                            );
  var_dump($records);

Don't overflow the buffer on bad DNS TXT records
e2702e2 
`dlen` can be small but then the chunk length could exceed it and
overrun the buffer.
@php-pulls
Copy link
Copy Markdown

php-pulls commented Jun 11, 2014

Comment on behalf of pollita at php.net:

Committed 4f73394

Slight difference: truncates bad records rather than ignoring them.

@php-pulls php-pulls closed this Jun 11, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ptarjan @php-pulls @sgolemon