iliaa Wed Jul 21 17:57:13 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src NEWS
/php-src/ext/imap php_imap.c
Log:
MFH: Fixed bug #29209 (imap_fetchbody() doesn't check message index).
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.705&r2=1.1247.2.706&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.705 php-src/NEWS:1.1247.2.706
--- php-src/NEWS:1.1247.2.705 Mon Jul 19 21:03:34 2004
+++ php-src/NEWS Wed Jul 21 17:57:12 2004
@@ -6,6 +6,8 @@
for doing performance stats without warnings in server-log. (Uwe Schindler)
- Fixed bug #29226 (ctype_* functions missing validation of numeric string
representations). (Ilia)
+- Fixed bug #29209 (imap_fetchbody() doesn't check message index). (Ilia,
+ tony2001 at phpclub dot net)
- Fixed bug #29116 (Zend constant warning uses memory after free). (Marcus,
jdolecek at NetBSD dot org)
- Fixed bug #29114 (Potential double free in php_stat). (Sara)
http://cvs.php.net/diff.php/php-src/ext/imap/php_imap.c?r1=1.142.2.24&r2=1.142.2.25&ty=u
Index: php-src/ext/imap/php_imap.c
diff -u php-src/ext/imap/php_imap.c:1.142.2.24 php-src/ext/imap/php_imap.c:1.142.2.25
--- php-src/ext/imap/php_imap.c:1.142.2.24 Sun Jul 4 12:53:02 2004
+++ php-src/ext/imap/php_imap.c Wed Jul 21 17:57:13 2004
@@ -26,7 +26,7 @@
| PHP 4.0 updates: Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_imap.c,v 1.142.2.24 2004/07/04 16:53:02 iliaa Exp $ */
+/* $Id: php_imap.c,v 1.142.2.25 2004/07/21 21:57:13 iliaa Exp $ */
#define IMAP41
@@ -181,6 +181,12 @@
/* True globals, no need for thread safety */
static int le_imap;
+#define PHP_IMAP_CHECK_MSGNO(msgindex) \
+ if ((msgindex < 1) || ((unsigned) msgindex >
imap_le_struct->imap_stream->nmsgs)) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Bad message number");
\
+ RETURN_FALSE; \
+ } \
+
/* {{{ mail_close_it
*/
static void mail_close_it(zend_rsrc_list_entry *rsrc TSRMLS_DC)
@@ -1485,10 +1491,7 @@
convert_to_string_ex(defaulthost);
}
- if (!Z_LVAL_PP(msgno) || Z_LVAL_PP(msgno) < 1 || (unsigned) Z_LVAL_PP(msgno) >
imap_le_struct->imap_stream->nmsgs) {
- php_error(E_WARNING, "%s(): Bad message number",
get_active_function_name(TSRMLS_C));
- RETURN_FALSE;
- }
+ PHP_IMAP_CHECK_MSGNO(Z_LVAL_PP(msgno));
if (mail_fetchstructure(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), NIL)) {
cache = mail_elt(imap_le_struct->imap_stream, Z_LVAL_PP(msgno));
@@ -1737,10 +1740,8 @@
} else {
msgindex = Z_LVAL_PP(msgno);
}
- if ((msgindex < 1) || ((unsigned) msgindex >
imap_le_struct->imap_stream->nmsgs)) {
- php_error(E_WARNING, "%s(): Bad message number",
get_active_function_name(TSRMLS_C));
- RETURN_FALSE;
- }
+
+ PHP_IMAP_CHECK_MSGNO(msgindex);
mail_fetchstructure_full(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), &body
, myargc == 3 ? Z_LVAL_PP(flags) : NIL);
@@ -1775,6 +1776,8 @@
convert_to_long_ex(flags);
}
+ PHP_IMAP_CHECK_MSGNO(Z_LVAL_PP(msgno));
+
body = mail_fetchbody_full(imap_le_struct->imap_stream, Z_LVAL_PP(msgno),
Z_STRVAL_PP(sec), &len, myargc==4 ? Z_LVAL_PP(flags) : NIL);
if (!body) {
@@ -2478,10 +2481,7 @@
msgindex = Z_LVAL_PP(msgno);
}
- if ((msgindex < 1) || ((unsigned) msgindex >
imap_le_struct->imap_stream->nmsgs)) {
- php_error(E_WARNING, "%s(): Bad message number",
get_active_function_name(TSRMLS_C));
- RETURN_FALSE;
- }
+ PHP_IMAP_CHECK_MSGNO(msgindex);
RETVAL_STRING(mail_fetchheader_full(imap_le_struct->imap_stream,
Z_LVAL_PP(msgno), NIL, NIL, (myargc == 3 ? Z_LVAL_PP(flags) : NIL)), 1);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
