File php-CVE-2019-9022.patch of Package php7.18238
X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Fdns.c;h=b5fbcb96f968c83ecf75c39900cf7d88e19fff3a;hp=8e102f816f6e45a6cdf9c4ff548c9b853a1f1e65;hb=8d3dfabef459fe7815e8ea2fd68753fd17859d7b;hpb=31f59e1f3074ab344b473dde6077a6844ca87264
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index 8e102f8..b5fbcb9 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -459,6 +459,10 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
GETLONG(ttl, cp);
GETSHORT(dlen, cp);
CHECKCP(dlen);
+ if (dlen == 0) {
+ /* No data in the response - nothing to do */
+ return NULL;
+ }
if (type_to_fetch != T_ANY && type != type_to_fetch) {
cp += dlen;
return cp;
@@ -549,6 +553,9 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
CHECKCP(n);
add_assoc_stringl(subarray, "tag", (char*)cp, n);
cp += n;
+ if ( (size_t) dlen < ((size_t)n) + 2 ) {
+ return NULL;
+ }
n = dlen - n - 2;
CHECKCP(n);
add_assoc_stringl(subarray, "value", (char*)cp, n);