From 1a18454da9bd4be564cf5df21dc2b53787527168 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 8 Feb 2015 04:04:32 +0000
Subject: getaddrinfo.c: GHOST vulnerability check

* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
  get rid of GHOST vulnerability on very old platforms.
* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
  check for the canonnical name.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/socket/raddrinfo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ext/socket/raddrinfo.c')

diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c
index 1d2b9f953e..e13684ac74 100644
--- a/ext/socket/raddrinfo.c
+++ b/ext/socket/raddrinfo.c
@@ -617,7 +617,8 @@ make_hostent_internal(struct hostent_arg *arg)
     }
     rb_ary_push(ary, rb_str_new2(hostp));
 
-    if (addr->ai_canonname && (h = gethostbyname(addr->ai_canonname))) {
+    if (addr->ai_canonname && strlen(addr->ai_canonname) < NI_MAXHOST &&
+	(h = gethostbyname(addr->ai_canonname))) {
         names = rb_ary_new();
         if (h->h_aliases != NULL) {
             for (pch = h->h_aliases; *pch; pch++) {
-- 
cgit v1.2.3