Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.7

Bug #17867 Net_DNS_Resolver:nextid() can overflow
Submitted: 2010-09-16 11:55 UTC
From: trav Assigned: bate
Status: Closed Package: Net_DNS (version 1.0.5)
PHP Version: 5.1.6 OS: Linux
Roadmaps: (Not assigned)    

 [2010-09-16 11:55 UTC] trav (Travers Carter)
Description: ------------ Net_DNS_Resolver:nextid() can generate an id of 65536, which will lead to the the resolver sending an id of 0, but expecting an id of 65536 in the response. The problem is that the conditional to reset the counter to 1 (Resolver.php line 423) tests the value of a post-increment operation ($id++) where it should be a pre-increment operation (++$id) or just broken out into separate steps. If the counter is initialised to a value near 65535 by mt_rand() then the condition can be hit quickly leading to failed lookups Test script: --------------- require_once('pear/Net/DNS.php'); ini_set('mbstring.internal_encoding', 'latin1'); $resolver = new Net_DNS_Resolver(); // This is usually random [0,65535], put it near 65535 to trigger repeatably. $GLOBALS['_Net_DNS_packet_id'] = 65532; $resolver->nameservers = array(''); for ($i=0; $i<5; $i++) { $result = $resolver->query(''); print "$i: " . ($result ? 'OK' : 'FAIL') . "\n"; } Expected result: ---------------- All lookups succeed, ie 0: OK 1: OK 2: OK 3: OK 4: OK Actual result: -------------- The lookup where the id overflows fails: 0: OK 1: OK 2: OK 3: FAIL 4: OK


 [2010-09-16 12:22 UTC] trav (Travers Carter)
 [2010-09-16 14:20 UTC] bate (Marco Kaiser)
-Status: Open +Status: Closed -Assigned To: +Assigned To: bate
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.