From 1a18454da9bd4be564cf5df21dc2b53787527168 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 8 Feb 2015 04:04:32 +0000
Subject: getaddrinfo.c: GHOST vulnerability check

* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
  get rid of GHOST vulnerability on very old platforms.
* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
  check for the canonnical name.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/socket/getaddrinfo.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ext/socket/getaddrinfo.c')

diff --git a/ext/socket/getaddrinfo.c b/ext/socket/getaddrinfo.c
index a17d12b705..68f610e807 100644
--- a/ext/socket/getaddrinfo.c
+++ b/ext/socket/getaddrinfo.c
@@ -593,6 +593,7 @@ get_addr(const char *hostname, int af, struct addrinfo **res, struct addrinfo *p
 	} else
 		hp = getipnodebyname(hostname, af, AI_ADDRCONFIG, &h_error);
 #else
+	if (strlen(hostname) >= NI_MAXHOST) ERR(EAI_NODATA);
 	hp = gethostbyname((char*)hostname);
 	h_error = h_errno;
 #endif
-- 
cgit v1.2.3