dmitry Thu Oct 16 16:20:53 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src NEWS
/php-src/ext/imap config.m4 php_imap.c
Log:
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1260&r2=1.2027.2.547.2.1261&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1260 php-src/NEWS:1.2027.2.547.2.1261
--- php-src/NEWS:1.2027.2.547.2.1260 Thu Oct 16 15:36:45 2008
+++ php-src/NEWS Thu Oct 16 16:20:52 2008
@@ -16,6 +16,8 @@
- Fixed bug #44251, #41125 (PDO + quote() + prepare() can result in segfault).
(tsteiner at nerdclub dot net)
- Fixed bug #43723 (SOAP not sent properly from client for <choice>). (Dmitry)
+- Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer
+ overflow). (Dmitry)
- Fixed bug #42078 (pg_meta_data mix tables metadata from different schemas).
(Felipe)
- Fixed bug #37100 (data is returned truncated with BINARY CURSOR). (Tony)
http://cvs.php.net/viewvc.cgi/php-src/ext/imap/config.m4?r1=1.69.4.7&r2=1.69.4.8&diff_format=u
Index: php-src/ext/imap/config.m4
diff -u php-src/ext/imap/config.m4:1.69.4.7 php-src/ext/imap/config.m4:1.69.4.8
--- php-src/ext/imap/config.m4:1.69.4.7 Sun Feb 11 09:25:32 2007
+++ php-src/ext/imap/config.m4 Thu Oct 16 16:20:53 2008
@@ -1,5 +1,5 @@
dnl
-dnl $Id: config.m4,v 1.69.4.7 2007/02/11 09:25:32 tony2001 Exp $
+dnl $Id: config.m4,v 1.69.4.8 2008/10/16 16:20:53 dmitry Exp $
dnl
AC_DEFUN([IMAP_INC_CHK],[if test -r "$i$1/c-client.h"; then
@@ -229,4 +229,34 @@
AC_MSG_RESULT(no)
AC_MSG_ERROR([build test failed. Please check the config.log for
details.])
], $TST_LIBS)
+
+ AC_MSG_CHECKING(whether rfc822_output_address_list function present)
+ PHP_TEST_BUILD(foobar, [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_RFC822_OUTPUT_ADDRESS_LIST, 1, [ ])
+ ], [
+ AC_MSG_RESULT(no)
+ ], [
+ $TST_LIBS
+ ], [
+ void mm_log(void){}
+ void mm_dlog(void){}
+ void mm_flags(void){}
+ void mm_fatal(void){}
+ void mm_critical(void){}
+ void mm_nocritical(void){}
+ void mm_notify(void){}
+ void mm_login(void){}
+ void mm_diskerror(void){}
+ void mm_status(void){}
+ void mm_lsub(void){}
+ void mm_list(void){}
+ void mm_exists(void){}
+ void mm_searched(void){}
+ void mm_expunged(void){}
+ void rfc822_output_address_list(void);
+ void (*f)(void);
+ char foobar () {f = rfc822_output_address_list;}
+ ])
+
fi
http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.36&r2=1.208.2.7.2.37&diff_format=u
Index: php-src/ext/imap/php_imap.c
diff -u php-src/ext/imap/php_imap.c:1.208.2.7.2.36
php-src/ext/imap/php_imap.c:1.208.2.7.2.37
--- php-src/ext/imap/php_imap.c:1.208.2.7.2.36 Mon Aug 4 21:16:22 2008
+++ php-src/ext/imap/php_imap.c Thu Oct 16 16:20:53 2008
@@ -26,7 +26,7 @@
| PHP 4.0 updates: Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_imap.c,v 1.208.2.7.2.36 2008/08/04 21:16:22 jani Exp $ */
+/* $Id: php_imap.c,v 1.208.2.7.2.37 2008/10/16 16:20:53 dmitry Exp $ */
#define IMAP41
@@ -40,6 +40,7 @@
#include "ext/standard/php_string.h"
#include "ext/standard/info.h"
#include "ext/standard/file.h"
+#include "ext/standard/php_smart_str.h"
#ifdef ERROR
#undef ERROR
@@ -66,10 +67,11 @@
#define SENDBUFLEN 16385
#endif
+
static void _php_make_header_object(zval *myzvalue, ENVELOPE *en TSRMLS_DC);
static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
-static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress,
zval *paddress TSRMLS_DC);
-static int _php_imap_address_size(ADDRESS *addresslist);
+static char* _php_imap_parse_address(ADDRESS *addresslist, zval *paddress
TSRMLS_DC);
+static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC);
/* the gets we use */
static char *php_mail_gets(readfn_t f, void *stream, unsigned long size,
GETS_DATA *md);
@@ -2112,7 +2114,7 @@
{
zval **mailbox, **host, **personal;
ADDRESS *addr;
- char string[MAILTMPLEN];
+ char *string;
if (ZEND_NUM_ARGS() != 3 || zend_get_parameters_ex(3, &mailbox, &host,
&personal) == FAILURE) {
ZEND_WRONG_PARAM_COUNT();
@@ -2140,13 +2142,12 @@
addr->error=NIL;
addr->adl=NIL;
- if (_php_imap_address_size(addr) >= MAILTMPLEN) {
+ string = _php_rfc822_write_address(addr TSRMLS_CC);
+ if (string) {
+ RETVAL_STRING(string, 0);
+ } else {
RETURN_FALSE;
}
-
- string[0]='\0';
- rfc822_write_address(string, addr);
- RETVAL_STRING(string, 1);
}
/* }}} */
@@ -2880,7 +2881,7 @@
zval **streamind, **sequence, **pflags;
pils *imap_le_struct;
zval *myoverview;
- char address[MAILTMPLEN];
+ char *address;
long status, flags=0L;
int myargc = ZEND_NUM_ARGS();
@@ -2915,17 +2916,19 @@
if (env->subject) {
add_property_string(myoverview,
"subject", env->subject, 1);
}
- if (env->from &&
_php_imap_address_size(env->from) < MAILTMPLEN) {
+ if (env->from) {
env->from->next=NULL;
- address[0] = '\0';
- rfc822_write_address(address,
env->from);
- add_property_string(myoverview, "from",
address, 1);
+ address
=_php_rfc822_write_address(env->from TSRMLS_CC);
+ if (address) {
+ add_property_string(myoverview,
"from", address, 0);
+ }
}
- if (env->to && _php_imap_address_size(env->to)
< MAILTMPLEN) {
+ if (env->to) {
env->to->next = NULL;
- address[0] = '\0';
- rfc822_write_address(address, env->to);
- add_property_string(myoverview, "to",
address, 1);
+ address =
_php_rfc822_write_address(env->to TSRMLS_CC);
+ if (address) {
+ add_property_string(myoverview,
"to", address, 0);
+ }
}
if (env->date) {
add_property_string(myoverview, "date",
env->date, 1);
@@ -3870,6 +3873,43 @@
/* }}} */
/* Support Functions */
+
+#ifdef HAVE_RFC822_OUTPUT_ADDRESS_LIST
+/* {{{ _php_rfc822_soutr
+ */
+static long _php_rfc822_soutr (void *stream, char *string)
+{
+ smart_str *ret = (smart_str*)stream;
+ int len = strlen(string);
+
+ smart_str_appendl(ret, string, len);
+ return LONGT;
+}
+
+/* }}} */
+
+/* {{{ _php_rfc822_write_address
+ */
+static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC)
+{
+ char address[MAILTMPLEN];
+ smart_str ret = {0};
+ RFC822BUFFER buf;
+
+ buf.beg = address;
+ buf.cur = buf.beg;
+ buf.end = buf.beg + sizeof(address) - 1;
+ buf.s = &ret;
+ buf.f = _php_rfc822_soutr;
+ rfc822_output_address_list(&buf, addresslist, 0, NULL);
+ rfc822_output_flush(&buf);
+ smart_str_0(&ret);
+ return ret.c;
+}
+/* }}} */
+
+#else
+
/* {{{ _php_imap_get_address_size
*/
static int _php_imap_address_size (ADDRESS *addresslist)
@@ -3899,26 +3939,33 @@
/* }}} */
+/* {{{ _php_rfc822_write_address
+ */
+static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC)
+{
+ char address[SENDBUFLEN];
+ if (_php_imap_address_size(addresslist) >= SENDBUFLEN) {
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Address buffer
overflow");
+ return NULL;
+ }
+ address[0] = 0;
+ rfc822_write_address(address, addresslist);
+ return estrdup(address);
+}
+/* }}} */
+#endif
/* {{{ _php_imap_parse_address
*/
-static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress,
zval *paddress TSRMLS_DC)
+static char* _php_imap_parse_address (ADDRESS *addresslist, zval *paddress
TSRMLS_DC)
{
+ char *fulladdress;
ADDRESS *addresstmp;
zval *tmpvals;
- char *tmpstr;
- int len=0;
addresstmp = addresslist;
- if ((len = _php_imap_address_size(addresstmp))) {
- tmpstr = (char *) pemalloc(len + 1, 1);
- tmpstr[0] = '\0';
- rfc822_write_address(tmpstr, addresstmp);
- *fulladdress = tmpstr;
- } else {
- *fulladdress = NULL;
- }
+ fulladdress = _php_rfc822_write_address(addresstmp TSRMLS_CC);
addresstmp = addresslist;
do {
@@ -3930,6 +3977,7 @@
if (addresstmp->host) add_property_string(tmpvals, "host",
addresstmp->host, 1);
add_next_index_object(paddress, tmpvals TSRMLS_CC);
} while ((addresstmp = addresstmp->next));
+ return fulladdress;
}
/* }}} */
@@ -3956,10 +4004,9 @@
if (en->to) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->to, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->to, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "toaddress", fulladdress,
1);
- free(fulladdress);
+ add_property_string(myzvalue, "toaddress", fulladdress,
0);
}
add_assoc_object(myzvalue, "to", paddress TSRMLS_CC);
}
@@ -3967,10 +4014,9 @@
if (en->from) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->from, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->from, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "fromaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "fromaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "from", paddress TSRMLS_CC);
}
@@ -3978,10 +4024,9 @@
if (en->cc) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->cc, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->cc, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "ccaddress", fulladdress,
1);
- free(fulladdress);
+ add_property_string(myzvalue, "ccaddress", fulladdress,
0);
}
add_assoc_object(myzvalue, "cc", paddress TSRMLS_CC);
}
@@ -3989,10 +4034,9 @@
if (en->bcc) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->bcc, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->bcc, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "bccaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "bccaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "bcc", paddress TSRMLS_CC);
}
@@ -4000,10 +4044,9 @@
if (en->reply_to) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->reply_to, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->reply_to, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "reply_toaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "reply_toaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "reply_to", paddress TSRMLS_CC);
}
@@ -4011,10 +4054,9 @@
if (en->sender) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->sender, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->sender, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "senderaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "senderaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "sender", paddress TSRMLS_CC);
}
@@ -4022,10 +4064,9 @@
if (en->return_path) {
MAKE_STD_ZVAL(paddress);
array_init(paddress);
- _php_imap_parse_address(en->return_path, &fulladdress, paddress
TSRMLS_CC);
+ fulladdress = _php_imap_parse_address(en->return_path, paddress
TSRMLS_CC);
if (fulladdress) {
- add_property_string(myzvalue, "return_pathaddress",
fulladdress, 1);
- free(fulladdress);
+ add_property_string(myzvalue, "return_pathaddress",
fulladdress, 0);
}
add_assoc_object(myzvalue, "return_path", paddress TSRMLS_CC);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
