From 42f2ae0572e61da94246c910ec0cf1eddd221cd1 Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Mon, 5 Feb 2018 09:04:07 +0100
Subject: [PATCH] fix bug #75916 DNS_CAA record results contain garbage

It is assumed that DNS_CAA record values are zero terminated,
while its length is defined as (RDATA_LENGTH - tag_length - 2).
---
 NEWS                                          |  4 ++
 ext/standard/dns.c                            |  5 ++-
 .../tests/network/dns_get_record_caa.phpt     | 41 +++++++++++--------
 3 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/NEWS b/NEWS
index 8771adff17..671f0f9977 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,10 @@ PHP                                                                        NEWS
 - ODBC:
   . Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol)
 
+- Standard:
+  . Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike, 
+    Philip Sharp)
+
 01 Feb 2018, PHP 7.1.14
 
 - Core:
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index c476a1c013..8e102f816f 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -549,7 +549,10 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
 			CHECKCP(n);
 			add_assoc_stringl(subarray, "tag", (char*)cp, n);
 			cp += n;
-			add_assoc_string(subarray, "value", (char*)cp);
+			n = dlen - n - 2;
+			CHECKCP(n);
+			add_assoc_stringl(subarray, "value", (char*)cp, n);
+			cp += n;
 			break;
 		case DNS_T_TXT:
 			{
diff --git a/ext/standard/tests/network/dns_get_record_caa.phpt b/ext/standard/tests/network/dns_get_record_caa.phpt
index 121bb92ae7..21286921e1 100644
--- a/ext/standard/tests/network/dns_get_record_caa.phpt
+++ b/ext/standard/tests/network/dns_get_record_caa.phpt
@@ -7,25 +7,32 @@ if (getenv("SKIP_ONLINE_TESTS")) die("skip online test");
 ?>
 --FILE--
 <?php
-/* This must be a domain that publishes an RFC6844 CAA-type DNS record */
-$domain = 'google.com';
-$match = false;
-$dns = dns_get_record($domain, DNS_CAA);
-if (count($dns) > 0) {
-    if (array_key_exists('type', $dns[0])
-    and $dns[0]['type'] == 'CAA'
-    and array_key_exists('flags', $dns[0])
-    and array_key_exists('tag', $dns[0])
-    and array_key_exists('value', $dns[0])
-    ) {
-        $match = true;
+/* This must be domains which publish an RFC6844 CAA-type DNS record */
+$domains = ["big.basic.caatestsuite.com", "google.com"];
+foreach ($domains as $domain) {
+    $match = false;
+    $dns = dns_get_record($domain, DNS_CAA);
+    if (count($dns) > 0) {
+        if (array_key_exists("type", $dns[0])
+        and $dns[0]["type"] == "CAA"
+        and array_key_exists("flags", $dns[0])
+        and array_key_exists("tag", $dns[0])
+        and array_key_exists("value", $dns[0])
+        ) {
+            $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-.";
+            if (strlen($dns[0]["value"]) == strspn($dns[0]["value"], $chars)) {
+                $match = true;
+            }
+        }
+    }
+    if ($match) {
+        echo "CAA record found\n";
+    } else {
+        echo "CAA lookup failed\n";
+        var_dump($dns);
     }
-}
-if ($match) {
-    echo "CAA record found\n";
-} else {
-    echo "CAA Lookup failed\n";
 }
 ?>
 --EXPECT--
 CAA record found
+CAA record found
-- 
2.40.0