inspired by the recent hype regarding the GHOST vulnerability, I had a closer look at our mail form. Indeed, that might allow an exploit for the GHOST vulnerability, if PHP uses an underlying vulnerable getbyhostname(). However, I assume that many servers are not vulnerable to GHOST, and those that are may well have even severe vulnerabilities. Some evidence may be that it has gotten quite silent regarding GHOST on the web, if I'm not mistaken. Anyhow, I don't consider this something that CMSimple_XH should take care for -- a patch should be applied to glibc.
Nonetheless I suggest the following patch for XH 1.6.6:
Code: Select all
Index: cmsimple/classes/Mailform.php
===================================================================
--- cmsimple/classes/Mailform.php (revision 1480)
+++ cmsimple/classes/Mailform.php (working copy)
@@ -445,7 +445,9 @@
? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
: idn_to_ascii($domain);
}
- if (gethostbyname($domain) == $domain) {
+ if ($domain
+ && (strlen($domain) > 255 || gethostbyname($domain) == $domain)
+ ) {
return false;
}
return true;
Users running CMSimple_XH on a server vulnerable to GHOST should ask their provider to install a patch. Otherwise you could apply the patch. For those not accustomed to patches: just remove the line with a minus sign at the beginning, and insert the lines with a plus sign (but without the plus sign!).