dmitry Thu Oct 16 16:21:21 2008 UTC
Modified files:
/php-src/ext/imap config.m4 php_imap.c
Log:
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow)
http://cvs.php.net/viewvc.cgi/php-src/ext/imap/config.m4?r1=1.77&r2=1.78&diff_format=u
Index: php-src/ext/imap/config.m4
diff -u php-src/ext/imap/config.m4:1.77 php-src/ext/imap/config.m4:1.78
--- php-src/ext/imap/config.m4:1.77 Thu Jan 31 18:48:00 2008
+++ php-src/ext/imap/config.m4 Thu Oct 16 16:21:20 2008
@@ -1,5 +1,5 @@
dnl
-dnl $Id: config.m4,v 1.77 2008/01/31 18:48:00 nlopess Exp $
+dnl $Id: config.m4,v 1.78 2008/10/16 16:21:20 dmitry Exp $
dnl
AC_DEFUN([IMAP_INC_CHK],[if test -r "$i$1/c-client.h"; then
@@ -235,4 +235,40 @@
AC_MSG_RESULT(no)
AC_MSG_ERROR([build test failed. Please check the config.log for
details.])
], $TST_LIBS)
+
+ AC_MSG_CHECKING(whether rfc822_output_address_list function present)
+ PHP_TEST_BUILD(foobar, [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_RFC822_OUTPUT_ADDRESS_LIST, 1, [ ])
+ ], [
+ AC_MSG_RESULT(no)
+ ], [
+ $TST_LIBS
+ ], [
+#if defined(__GNUC__) && __GNUC__ >= 4
+# define PHP_IMAP_EXPORT __attribute__ ((visibility("default")))
+#else
+# define PHP_IMAP_EXPORT
+#endif
+
+ PHP_IMAP_EXPORT void mm_log(void){}
+ PHP_IMAP_EXPORT void mm_dlog(void){}
+ PHP_IMAP_EXPORT void mm_flags(void){}
+ PHP_IMAP_EXPORT void mm_fatal(void){}
+ PHP_IMAP_EXPORT void mm_critical(void){}
+ PHP_IMAP_EXPORT void mm_nocritical(void){}
+ PHP_IMAP_EXPORT void mm_notify(void){}
+ PHP_IMAP_EXPORT void mm_login(void){}
+ PHP_IMAP_EXPORT void mm_diskerror(void){}
+ PHP_IMAP_EXPORT void mm_status(void){}
+ PHP_IMAP_EXPORT void mm_lsub(void){}
+ PHP_IMAP_EXPORT void mm_list(void){}
+ PHP_IMAP_EXPORT void mm_exists(void){}
+ PHP_IMAP_EXPORT void mm_searched(void){}
+ PHP_IMAP_EXPORT void mm_expunged(void){}
+ void rfc822_output_address_list(void);
+ void (*f)(void);
+ char foobar () {f = rfc822_output_address_list;}
+ ])
+
fi
http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.259&r2=1.260&diff_format=u
Index: php-src/ext/imap/php_imap.c
diff -u php-src/ext/imap/php_imap.c:1.259 php-src/ext/imap/php_imap.c:1.260
--- php-src/ext/imap/php_imap.c:1.259 Mon Oct 6 01:19:07 2008
+++ php-src/ext/imap/php_imap.c Thu Oct 16 16:21:20 2008
@@ -26,7 +26,7 @@
| PHP 4.0 updates: Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_imap.c,v 1.259 2008/10/06 01:19:07 iliaa Exp $ */
+/* $Id: php_imap.c,v 1.260 2008/10/16 16:21:20 dmitry Exp $ */
#define IMAP41
@@ -40,6 +40,7 @@
#include "ext/standard/php_string.h"
#include "ext/standard/info.h"
#include "ext/standard/file.h"
+#include "ext/standard/php_smart_str.h"
#ifdef ERROR
#undef ERROR
@@ -72,10 +73,11 @@
# define PHP_IMAP_EXPORT
#endif
+
static void _php_make_header_object(zval *myzvalue, ENVELOPE *en TSRMLS_DC);
static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
-static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress,
zval *paddress TSRMLS_DC);
-static int _php_imap_address_size(ADDRESS *addresslist);
+static char* _php_imap_parse_address(ADDRESS *addresslist, zval *paddress
TSRMLS_DC);
+static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC);
/* the gets we use */
static char *php_mail_gets(readfn_t f, void *stream, unsigned long size,
GETS_DATA *md);
@@ -2473,7 +2475,7 @@
char *mailbox, *host, *personal;
int mailbox_len, host_len, personal_len;
ADDRESS *addr;
- char string[MAILTMPLEN];
+ char *string;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss", &mailbox,
&mailbox_len, &host, &host_len, &personal, &personal_len) == FAILURE) {
return;
@@ -2497,13 +2499,12 @@
addr->error=NIL;
addr->adl=NIL;
- if (_php_imap_address_size(addr) >= MAILTMPLEN) {
+ string = _php_rfc822_write_address(addr TSRMLS_CC);
+ if (string) {
+ RETVAL_STRING(string, 0);
+ } else {
RETURN_FALSE;
}
-
- string[0]='\0';
- rfc822_write_address(string, addr);
- RETVAL_STRING(string, 1);
}
/* }}} */
@@ -3213,7 +3214,7 @@
int sequence_len;
pils *imap_le_struct;
zval *myoverview;
- char address[MAILTMPLEN];
+ char *address;
long status, flags = 0L;
int argc = ZEND_NUM_ARGS();
@@ -3242,17 +3243,19 @@
if (env->subject) {
add_property_string(myoverview,
"subject", env->subject, 1);
}
- if (env->from &&
_php_imap_address_size(env->from) < MAILTMPLEN) {
+ if (env->from) {
env->from->next=NULL;
- address[0] = '\0';
- rfc822_write_address(address,
env->from);
- add_property_string(myoverview, "from",
address, 1);
+ address
=_php_rfc822_write_address(env->from TSRMLS_CC);
+ if (address) {
+ add_property_string(myoverview,
"from", address, 0);
+ }
}
- if (env->to && _php_imap_address_size(env->to)
< MAILTMPLEN) {
+ if (env->to) {
env->to->next = NULL;
- address[0] = '\0';
- rfc822_write_address(address, env->to);
- add_property_string(myoverview, "to",
address, 1);
+ address =
_php_rfc822_write_address(env->to TSRMLS_CC);
+ if (address) {
+ add_property_string(myoverview,
"to", address, 0);
+ }
}
if (env->date) {
add_property_string(myoverview, "date",
env->date, 1);
@@ -4144,6 +4147,43 @@
/* }}} */
/* Support Functions */
+
+#ifdef HAVE_RFC822_OUTPUT_ADDRESS_LIST
+/* {{{ _php_rfc822_soutr
+ */
+static long _php_rfc822_soutr (void *stream, char *string)
+{
+ smart_str *ret = (smart_str*)stream;
+ int len = strlen(string);
+
+ smart_str_appendl(ret, string, len);
+ return LONGT;
+}
+
+/* }}} */
+
+/* {{{ _php_rfc822_write_address
+ */
+static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC)
+{
+ char address[MAILTMPLEN];
+ smart_str ret = {0};
+ RFC822BUFFER buf;
+
+ buf.beg = address;
+ buf.cur = buf.beg;
+ buf.end = buf.beg + sizeof(address) - 1;
+ buf.s = &ret;
+ buf.f = _php_rfc822_soutr;
+ rfc822_output_address_list(&buf, addresslist, 0, NULL);
+ rfc822_output_flush(&buf);
+ smart_str_0(&ret);
+ return ret.c;
+}
+/* }}} */
+
+#else
+
/* {{{ _php_imap_get_address_size
*/
static int _php_imap_address_size (ADDRESS *addresslist)
@@ -4173,26 +4213,33 @@
/* }}} */
+/* {{{ _php_rfc822_write_address
+ */
+static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC)
+{
+ char address[SENDBUFLEN];
+ if (_php_imap_address_size(addresslist) >= SENDBUFLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Address buffer
overflow");
+ return NULL;
+ }
+ address[0] = 0;
+ rfc822_write_address(address, addresslist);
+ return estrdup(address);
+}
+/* }}} */
+#endif
/* {{{ _php_imap_parse_address
*/
-static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress,
zval *paddress TSRMLS_DC)
+static char* _php_imap_parse_address (ADDRESS *addresslist, zval *paddress
TSRMLS_DC)
{
+ char *fulladdress;
ADDRESS *addresstmp;
zval *tmpvals;
- char *tmpstr;
- int len=0;
addresstmp = addresslist;
- if ((len = _php_imap_address_size(addresstmp))) {
- tmpstr = (char *) pemalloc(len + 1, 1);
- tmpstr[0] = '\0';
- rfc822_write_address(tmpstr, addresstmp);
- *fulladdress = tmpstr;
- } else {
- *fulladdress = NULL;
- }
+ fulladdress = _php_rfc822_write_address(addresstmp TSRMLS_CC);
addresstmp = addresslist;
do {
@@ -4204,6 +4251,7 @@
if (addresstmp->host) add_property_string(tmpvals, "host",
addresstmp->host, 1);
add_next_index_object(paddress, tmpvals TSRMLS_CC);
} while ((addresstmp = addresstmp->next));
+ return fulladdress;
}
/* }}} */
@@ -4230,10 +4278,9 @@
if (en->to) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->to, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->to, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "toaddress", fulladdress,
1);
- free(fulladdress);
+ add_property_string(myzvalue, "toaddress", fulladdress,
0);
}
add_assoc_object(myzvalue, "to", paddress TSRMLS_CC);
}
@@ -4241,10 +4288,9 @@
if (en->from) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->from, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->from, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "fromaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "fromaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "from", paddress TSRMLS_CC);
}
@@ -4252,10 +4298,9 @@
if (en->cc) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->cc, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->cc, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "ccaddress", fulladdress,
1);
- free(fulladdress);
+ add_property_string(myzvalue, "ccaddress", fulladdress,
0);
}
add_assoc_object(myzvalue, "cc", paddress TSRMLS_CC);
}
@@ -4263,10 +4308,9 @@
if (en->bcc) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->bcc, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->bcc, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "bccaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "bccaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "bcc", paddress TSRMLS_CC);
}
@@ -4274,10 +4318,9 @@
if (en->reply_to) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->reply_to, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->reply_to, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "reply_toaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "reply_toaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "reply_to", paddress TSRMLS_CC);
}
@@ -4285,10 +4328,9 @@
if (en->sender) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->sender, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->sender, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "senderaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "senderaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "sender", paddress TSRMLS_CC);
}
@@ -4296,10 +4338,9 @@
if (en->return_path) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->return_path, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->return_path, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "return_pathaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "return_pathaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "return_path", paddress TSRMLS_CC);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
