File php-CVE-2019-9022.patch of Package php7.18238

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Fdns.c;h=b5fbcb96f968c83ecf75c39900cf7d88e19fff3a;hp=8e102f816f6e45a6cdf9c4ff548c9b853a1f1e65;hb=8d3dfabef459fe7815e8ea2fd68753fd17859d7b;hpb=31f59e1f3074ab344b473dde6077a6844ca87264

diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index 8e102f8..b5fbcb9 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -459,6 +459,10 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
 	GETLONG(ttl, cp);
 	GETSHORT(dlen, cp);
 	CHECKCP(dlen);
+	if (dlen == 0) {
+		/* No data in the response - nothing to do */
+		return NULL;
+	}
 	if (type_to_fetch != T_ANY && type != type_to_fetch) {
 		cp += dlen;
 		return cp;
@@ -549,6 +553,9 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
 			CHECKCP(n);
 			add_assoc_stringl(subarray, "tag", (char*)cp, n);
 			cp += n;
+			if ( (size_t) dlen < ((size_t)n) + 2 ) {
+				return NULL;
+			}
 			n = dlen - n - 2;
 			CHECKCP(n);
 			add_assoc_stringl(subarray, "value", (char*)cp, n);