From: Andy Postnikov <apostnikov@gmail.com>
Date: Tue, 14 Jul 2020 01:14:05 +0000 (+0300)
Subject: Fix bug #78008: dns_check_record() always return true on Alpine
X-Git-Tag: php-7.3.21RC1~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2c57378bd3725b82ac1217b636e21e3006b5ca03;p=php

Fix bug #78008: dns_check_record() always return true on Alpine

- free handle before return result
- cleaned up remaining usage of MAXPACKET
- update dns_get_mx() to use the same approach

Closes GH-5854.
---

diff --git a/NEWS b/NEWS
index b230a84c5c..0aa1b695b5 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,8 @@ PHP                                                                        NEWS
 - Standard:
   . Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
   . Fixed bug #79817 (str_replace() does not handle INDIRECT elements). (Nikita)
+  . Fixed bug #78008 (dns_check_record() always return true on Alpine).
+    (Andy Postnikov)
 
 ?? ??? ????, PHP 7.3.20
 
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index 4ee40aa5ec..705c8e4fad 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -349,10 +349,8 @@ static void _php_dns_free_res(struct __res_state *res) { /* {{{ */
    Check DNS records corresponding to a given Internet host name or IP address */
 PHP_FUNCTION(dns_check_record)
 {
-#ifndef MAXPACKET
-#define MAXPACKET  8192 /* max packet size used internally by BIND */
-#endif
-	u_char ans[MAXPACKET];
+	HEADER *hp;
+	querybuf answer;
 	char *hostname, *rectype = NULL;
 	size_t hostname_len, rectype_len = 0;
 	int type = T_MX, i;
@@ -410,14 +408,14 @@ PHP_FUNCTION(dns_check_record)
 	res_init();
 #endif
 
-	RETVAL_TRUE;
-	i = php_dns_search(handle, hostname, C_IN, type, ans, sizeof(ans));
+	i = php_dns_search(handle, hostname, C_IN, type, answer.qb2, sizeof answer);
+	php_dns_free_handle(handle);
 
 	if (i < 0) {
-		RETVAL_FALSE;
+		RETURN_FALSE;
 	}
-
-	php_dns_free_handle(handle);
+	hp = (HEADER *)&answer;
+	RETURN_BOOL(ntohs(hp->ancount) != 0);
 }
 /* }}} */
 
@@ -1033,7 +1031,7 @@ PHP_FUNCTION(dns_get_mx)
 	zval *mx_list, *weight_list = NULL;
 	int count, qdc;
 	u_short type, weight;
-	u_char ans[MAXPACKET];
+	querybuf answer;
 	char buf[MAXHOSTNAMELEN];
 	HEADER *hp;
 	u_char *cp, *end;
@@ -1076,16 +1074,14 @@ PHP_FUNCTION(dns_get_mx)
 	res_init();
 #endif
 
-	i = php_dns_search(handle, hostname, C_IN, DNS_T_MX, (u_char *)&ans, sizeof(ans));
+	i = php_dns_search(handle, hostname, C_IN, DNS_T_MX, answer.qb2, sizeof answer);
 	if (i < 0) {
+		php_dns_free_handle(handle);
 		RETURN_FALSE;
 	}
-	if (i > (int)sizeof(ans)) {
-		i = sizeof(ans);
-	}
-	hp = (HEADER *)&ans;
-	cp = (u_char *)&ans + HFIXEDSZ;
-	end = (u_char *)&ans +i;
+	hp = (HEADER *)&answer;
+	cp = answer.qb2 + HFIXEDSZ;
+	end = answer.qb2 + i;
 	for (qdc = ntohs((unsigned short)hp->qdcount); qdc--; cp += i + QFIXEDSZ) {
 		if ((i = dn_skipname(cp, end)) < 0 ) {
 			php_dns_free_handle(handle);
@@ -1107,7 +1103,7 @@ PHP_FUNCTION(dns_get_mx)
 			continue;
 		}
 		GETSHORT(weight, cp);
-		if ((i = dn_expand(ans, end, cp, buf, sizeof(buf)-1)) < 0) {
+		if ((i = dn_expand(answer.qb2, end, cp, buf, sizeof(buf)-1)) < 0) {
 			php_dns_free_handle(handle);
 			RETURN_FALSE;
 		}