Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:81451
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12323 invoked from network); 30 Jan 2015 19:24:29 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Jan 2015 19:24:29 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.48 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.220.48 mail-pa0-f48.google.com  
Received: from [209.85.220.48] ([209.85.220.48:50858] helo=mail-pa0-f48.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B4/A2-34022-C6ADBC45 for <internals@lists.php.net>; Fri, 30 Jan 2015 14:24:29 -0500
Received: by mail-pa0-f48.google.com with SMTP id ey11so55870272pad.7
        for <internals@lists.php.net>; Fri, 30 Jan 2015 11:24:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        bh=g3zq2u2pQDQiIdYqtM16qsc2UYOnFh28CdcmQRtcDGY=;
        b=cWrbih+OQ2WxdA0PFNluE46xZRP1YPKgViyh8Wz0H/A6ZZ3mt5EqjKZcry6Sfq16Qq
         +M3kdBdqjwq9IMIZt9oSPAPST6bie7cg8VFdr61ssTmYXeZvPig63xCazgcAi23/hK7n
         NVXmFLKT1IVI3vVoRE/569YuqFcMK222eHqNC2bBLJGU9/lrzl4Igx0RVodVpwguwxEc
         4wT3n67mMVHSW9MaxaCnAENX6WMDyUg+mkrFqJywdO6v/Ts2NwT+z1w++bd40byL0mCp
         VoZecy+bn0Nyl9agWoJkAh4+kh/ccJcGM9nF+1ykUtIetJQKxxJeL31Ukcu10N3QkFcC
         scnQ==
X-Received: by 10.66.118.198 with SMTP id ko6mr10934847pab.96.1422645865870;
        Fri, 30 Jan 2015 11:24:25 -0800 (PST)
Received: from Stas-Air.local (108-66-6-48.lightspeed.sntcca.sbcglobal.net. [108.66.6.48])
        by mx.google.com with ESMTPSA id dg5sm2859769pbb.67.2015.01.30.11.24.24
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 30 Jan 2015 11:24:25 -0800 (PST)
Message-ID: <54CBDA66.6020207@gmail.com>
Date: Fri, 30 Jan 2015 11:24:22 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Patrick Schaaf <php@bof.de>, Robert Williams <rewilliams@thesba.com>
CC: internals <internals@lists.php.net>
References: <1C66727D-D166-4831-87E4-35F11F398FFE@thesba.com> <CAJ26g5TzvWqVgTfWCEyCB=oJ2HoJUFS5_T0rABPW6mOegeVyQw@mail.gmail.com>
In-Reply-To: <CAJ26g5TzvWqVgTfWCEyCB=oJ2HoJUFS5_T0rABPW6mOegeVyQw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] How does the PHP Ghost one-liner work?
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

>> does this indicate any problems with PHP?
> 
> No.

That said, it may make sense to put a cap on gethostbyname() argument as
a public service, if we can find a good limit. IIRC, there are limits on
both FQDN and hostname component lengths, so if we check for these
limits, we may add protection for people that for unexplicable reasons
upgrade their PHP but not their glibc.

-- 
Stas Malyshev
smalyshev@gmail.com