summaryrefslogtreecommitdiff
path: root/ext/socket
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-02-08 04:04:32 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-02-08 04:04:32 +0000
commit1a18454da9bd4be564cf5df21dc2b53787527168 (patch)
tree64b545a2da4b286f8511444afef78dc89472a7bf /ext/socket
parenta6516ff5f7f0daab88b44c64c8bd9dfa5317d6d0 (diff)
getaddrinfo.c: GHOST vulnerability check
* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to get rid of GHOST vulnerability on very old platforms. * ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic check for the canonnical name. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/socket')
-rw-r--r--ext/socket/getaddrinfo.c1
-rw-r--r--ext/socket/raddrinfo.c3
2 files changed, 3 insertions, 1 deletions
diff --git a/ext/socket/getaddrinfo.c b/ext/socket/getaddrinfo.c
index a17d12b..68f610e 100644
--- a/ext/socket/getaddrinfo.c
+++ b/ext/socket/getaddrinfo.c
@@ -593,6 +593,7 @@ get_addr(const char *hostname, int af, struct addrinfo **res, struct addrinfo *p
} else
hp = getipnodebyname(hostname, af, AI_ADDRCONFIG, &h_error);
#else
+ if (strlen(hostname) >= NI_MAXHOST) ERR(EAI_NODATA);
hp = gethostbyname((char*)hostname);
h_error = h_errno;
#endif
diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c
index 1d2b9f9..e13684a 100644
--- a/ext/socket/raddrinfo.c
+++ b/ext/socket/raddrinfo.c
@@ -617,7 +617,8 @@ make_hostent_internal(struct hostent_arg *arg)
}
rb_ary_push(ary, rb_str_new2(hostp));
- if (addr->ai_canonname && (h = gethostbyname(addr->ai_canonname))) {
+ if (addr->ai_canonname && strlen(addr->ai_canonname) < NI_MAXHOST &&
+ (h = gethostbyname(addr->ai_canonname))) {
names = rb_ary_new();
if (h->h_aliases != NULL) {
for (pch = h->h_aliases; *pch; pch++) {