getaddrinfo.c: GHOST vulnerability check

* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
  get rid of GHOST vulnerability on very old platforms.
* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
  check for the canonnical name.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,11 @@
+Sun Feb  8 13:04:25 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/socket/getaddrinfo.c (get_addr): reject too long hostname to
+	  get rid of GHOST vulnerability on very old platforms.
+
+	* ext/socket/raddrinfo.c (make_hostent_internal): ditto, paranoic
+	  check for the canonnical name.
+
 Sun Feb  8 12:48:38 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* ext/win32/lib/win32/registry.rb (Win32::Registry::API): use wide

ext/socket/getaddrinfo.c

@@ -593,6 +593,7 @@ get_addr(const char *hostname, int af, struct addrinfo **res, struct addrinfo *p
 	} else
 		hp = getipnodebyname(hostname, af, AI_ADDRCONFIG, &h_error);
 #else
+	if (strlen(hostname) >= NI_MAXHOST) ERR(EAI_NODATA);
 	hp = gethostbyname((char*)hostname);
 	h_error = h_errno;
 #endif

ext/socket/raddrinfo.c

@@ -617,7 +617,8 @@ make_hostent_internal(struct hostent_arg *arg)
     }
     rb_ary_push(ary, rb_str_new2(hostp));
 
-    if (addr->ai_canonname && (h = gethostbyname(addr->ai_canonname))) {
+    if (addr->ai_canonname && strlen(addr->ai_canonname) < NI_MAXHOST &&
+	(h = gethostbyname(addr->ai_canonname))) {
         names = rb_ary_new();
         if (h->h_aliases != NULL) {
             for (pch = h->h_aliases; *pch; pch++) {