Skip to content

Commit a1544a5

Browse files
devnexendevnexen
committed
ext/sockets: socket_addrinfo_lookup narrowing down socket family check.
1 parent 5a9f5a6 commit a1544a5

File tree

2 files changed

+7
-3
lines changed

2 files changed

+7
-3
lines changed

ext/sockets/sockets.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2774,8 +2774,11 @@ PHP_FUNCTION(socket_addrinfo_lookup)
27742774
zend_argument_type_error(3, "\"ai_family\" key must be of type int, %s given", zend_zval_type_name(hint));
27752775
RETURN_THROWS();
27762776
}
2777-
if (val < 0 || val >= AF_MAX) {
2778-
zend_argument_value_error(3, "\"ai_family\" key must be between 0 and %d", AF_MAX - 1);
2777+
// Some platforms support also PF_LOCAL/AF_UNIX (e.g. FreeBSD) but the security concerns implied
2778+
// make it not worth handling it (e.g. unwarranted write permissions on the socket).
2779+
// Note existing socket_addrinfo* api already forbid such case.
2780+
if (val != AF_INET && val != AF_INET6) {
2781+
zend_argument_value_error(3, "\"ai_family\" key must be AF_INET or AF_INET6");
27792782
RETURN_THROWS();
27802783
}
27812784
hints.ai_family = (int)val;
@@ -2856,6 +2859,7 @@ PHP_FUNCTION(socket_addrinfo_bind)
28562859
php_sock->blocking = 1;
28572860

28582861
switch(php_sock->type) {
2862+
// ZEND_ASSERT ? Addrinfo being opaque read-only, should not happen with previous change
28592863
case AF_UNIX:
28602864
{
28612865
// AF_UNIX sockets via getaddrino are not implemented due to security problems

ext/sockets/tests/socket_getaddrinfo_error.phpt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ socket_addrinfo_lookup(): Argument #3 ($hints) "ai_family" key must be of type i
110110
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_socktype" key must be of type int, stdClass given
111111
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_flags" key must be of type int, stdClass given
112112
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_protocol" key must be of type int, stdClass given
113-
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_family" key must be between 0 and %d
113+
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_family" key must be AF_INET or AF_INET6
114114
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_socktype" key must be between 0 and %d
115115
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_flags" key must be between 0 and %d
116116
socket_addrinfo_lookup(): Argument #3 ($hints) "ai_protocol" key must be between 0 and %d

0 commit comments

Comments
 (0)