On Jan 30, 2015, at 12:05, Patrick Schaaf mailto:p...@bof.de>>
wrote:
> % php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);’
What a funny way to say gethostbyname(str_repeat("0", 2501));
Wow, I somehow missed the interpolation of $e into the value… .
Guess I was too focused on
Hi!
>> does this indicate any problems with PHP?
>
> No.
That said, it may make sense to put a cap on gethostbyname() argument as
a public service, if we can find a good limit. IIRC, there are limits on
both FQDN and hostname component lengths, so if we check for these
limits, we may add protect
On 30/01/2015 18:42, Robert Williams wrote:
% php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);’
What’s not being discussed is how it works. From the naive viewpoint of a PHP
end-user, I’d expect this one-liner to have the same effect:
% php -r '$e="0$e"; gethostbyname($e);’
Am 30.01.2015 20:09 schrieb "Leigh" :
>
> Well, I guess in theory we should be limiting the size of input to
> gethostbyname to 255 characters.
Yeah, but in theory the C library gethostbyname() should do the same...
There will be a lot of things that could be checked up-front instead of
relying on
On 30 January 2015 at 19:05, Patrick Schaaf wrote:
> Am 30.01.2015 19:43 schrieb "Robert Williams" :
>>
>> % php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);’
>
> What a funny way to say gethostbyname(str_repeat("0", 2501));
>
>> does this indicate any problems with PHP?
>
> No.
Am 30.01.2015 19:43 schrieb "Robert Williams" :
>
> % php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);’
What a funny way to say gethostbyname(str_repeat("0", 2501));
> does this indicate any problems with PHP?
No.
best regards
Patrick
A PHP one-liner is being bandied about as one test of the recently discovered
Ghost vulnerability in gethostbyname(). Taken from:
http://ma.ttias.be/quick-tests-ghost-gethostbyname-vulnerability-cve-2015-0235/
Here it is:
% php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);’
W
