php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #67717
Patch dbs-parser.patch revision 2014-07-30 13:50 UTC by remi@php.net
Patch repro.patch revision 2014-07-30 13:18 UTC by remi@php.net
Patch dns-parser.patch revision 2014-07-30 12:44 UTC by remi@php.net

Patch repro.patch for *Network Functions Bug #67717

Patch version 2014-07-30 13:18 UTC

Return to Bug #67717 | Download this patch
Patch Revisions:

Developer: remi@php.net

diff -up ./client.php.old ./client.php
--- ./client.php.old	2014-07-30 15:16:59.509708030 +0200
+++ ./client.php	2014-07-30 15:11:22.032597512 +0200
@@ -0,0 +1,10 @@
+<?php
+define('NUM', 2);
+for ($i=1 ; $i<=NUM ; $i++) {
+  echo "Asking $i\n";
+  $r = dns_get_record("www$i.php.net", DNS_TXT); 
+  print_r($r);
+}
+echo "Asking end\n";
+$r = dns_get_record("www.php.net", DNS_TXT); 
+?>
diff -up ./server.php.old ./server.php
--- ./server.php.old	2014-07-30 15:16:59.509708030 +0200
+++ ./server.php	2014-07-30 15:11:22.438601251 +0200
@@ -0,0 +1,41 @@
+<?php
+
+// crasher response
+// (declares \xff\xff long TXT data, but provides no data at all) 
+$replies = array(
+	1 => "\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x03\x77\x77\x77\x03\x70\x68\x70\x03\x6e\x65\x74\x00\x00\x10\x00\x01\xc0\x0c\x00\x10\x00\x01\x00\x00\x01\x2c\xff\xff",
+	2 => "\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\x03\x77\x77\x77\x03\x70\x68\x70\x03\x6e\x65\x74\x00\x00\x10\x00\x01\xc0\x0c\x00\x10\x00\x01\x00\x00\x01\x2c\x00\x01\xff",
+);
+
+if (!($s = socket_create(AF_INET, SOCK_DGRAM, 0))) {
+    $ec = socket_last_error();
+    $em = socket_strerror($ec);
+    die("socket_create: [$ec] $em\n");
+}
+
+if( ! socket_bind($s, "127.0.0.1" , 53) ){
+    $ec = socket_last_error();
+    $em = socket_strerror($ec);
+    die("socket_bind: [$ec] $em\n");
+}
+
+// dummy crasher responser until www.php.net questioned
+do {
+    echo "Expecting DNS TXT Query for www.php.net\n";
+    $r = socket_recvfrom($s, $b, 512, 0, $ip, $port);
+    echo "  Query from $ip:$port ($r bytes) " . bin2hex($b) . " \n";
+    $tid = substr($b, 0, 2);
+    echo "  DNS Transaction ID: <" . bin2hex($tid) . ">\n";
+    if (preg_match("/www([0-9]+)\x03php\x03net/", $b, $res)) {
+        printf("  Answer %s\n", $res[1]);
+        $reply = $replies[$res[1]];
+    } else {
+        $reply = $replies[1];   // random answer
+    }
+    $bytes_sent = socket_sendto($s, $tid . $reply, strlen($reply) , 0 , $ip , $port);
+    echo "  Answer sent ($bytes_sent bytes) " . bin2hex($tid . $reply) . " \n\n";
+} while (! strpos($b, "www\x03php\x03net"));
+ 
+socket_close($s);
+echo "  Ending\n";
+?>
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC