mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Ws + cs + missing fix for MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation
This commit is contained in:
parent
5dfcb7dee0
commit
2162944156
@ -44,14 +44,21 @@
|
|||||||
#define EX_TEMPFAIL 75 /* temp failure; user is invited to retry */
|
#define EX_TEMPFAIL 75 /* temp failure; user is invited to retry */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define SKIP_LONG_HEADER_SEP(str, pos) \
|
#define SKIP_LONG_HEADER_SEP(str, pos) \
|
||||||
if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
|
if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
|
||||||
pos += 2; \
|
pos += 2; \
|
||||||
while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
|
while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
|
||||||
pos++; \
|
pos++; \
|
||||||
} \
|
} \
|
||||||
continue; \
|
continue; \
|
||||||
} \
|
} \
|
||||||
|
|
||||||
|
#define MAIL_ASCIIZ_CHECK(str, len) \
|
||||||
|
p = str; \
|
||||||
|
e = p + len; \
|
||||||
|
while ((p = memchr(p, '\0', (e - p)))) { \
|
||||||
|
*p = ' '; \
|
||||||
|
} \
|
||||||
|
|
||||||
/* {{{ proto int ezmlm_hash(string addr) U
|
/* {{{ proto int ezmlm_hash(string addr) U
|
||||||
Calculate EZMLM list hash value. */
|
Calculate EZMLM list hash value. */
|
||||||
@ -60,7 +67,7 @@ PHP_FUNCTION(ezmlm_hash)
|
|||||||
char *str = NULL;
|
char *str = NULL;
|
||||||
unsigned long h = 5381L;
|
unsigned long h = 5381L;
|
||||||
int j, str_len;
|
int j, str_len;
|
||||||
|
|
||||||
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&", &str, &str_len, UG(ascii_conv)) == FAILURE) {
|
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&", &str, &str_len, UG(ascii_conv)) == FAILURE) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -68,9 +75,9 @@ PHP_FUNCTION(ezmlm_hash)
|
|||||||
for (j = 0; j < str_len; j++) {
|
for (j = 0; j < str_len; j++) {
|
||||||
h = (h + (h << 5)) ^ (unsigned long) (unsigned char) tolower(str[j]);
|
h = (h + (h << 5)) ^ (unsigned long) (unsigned char) tolower(str[j]);
|
||||||
}
|
}
|
||||||
|
|
||||||
h = (h % 53);
|
h = (h % 53);
|
||||||
|
|
||||||
RETURN_LONG((int) h);
|
RETURN_LONG((int) h);
|
||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
@ -86,16 +93,23 @@ PHP_FUNCTION(mail)
|
|||||||
char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
|
char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
|
||||||
char *to_r, *subject_r;
|
char *to_r, *subject_r;
|
||||||
|
|
||||||
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss",
|
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", &to, &to_len, &subject, &subject_len, &message, &message_len,
|
||||||
&to, &to_len,
|
&headers, &headers_len, &extra_cmd, &extra_cmd_len) == FAILURE
|
||||||
&subject, &subject_len,
|
) {
|
||||||
&message, &message_len,
|
|
||||||
&headers, &headers_len,
|
|
||||||
&extra_cmd, &extra_cmd_len
|
|
||||||
) == FAILURE) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ASCIIZ check */
|
||||||
|
MAIL_ASCIIZ_CHECK(to, to_len);
|
||||||
|
MAIL_ASCIIZ_CHECK(subject, subject_len);
|
||||||
|
MAIL_ASCIIZ_CHECK(message, message_len);
|
||||||
|
if (headers) {
|
||||||
|
MAIL_ASCIIZ_CHECK(headers, headers_len);
|
||||||
|
}
|
||||||
|
if (extra_cmd) {
|
||||||
|
MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
|
||||||
|
}
|
||||||
|
|
||||||
if (to_len > 0) {
|
if (to_len > 0) {
|
||||||
to_r = estrndup(to, to_len);
|
to_r = estrndup(to, to_len);
|
||||||
for (; to_len; to_len--) {
|
for (; to_len; to_len--) {
|
||||||
@ -109,15 +123,14 @@ PHP_FUNCTION(mail)
|
|||||||
/* According to RFC 822, section 3.1.1 long headers may be separated into
|
/* According to RFC 822, section 3.1.1 long headers may be separated into
|
||||||
* parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
|
* parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
|
||||||
* To prevent these separators from being replaced with a space, we use the
|
* To prevent these separators from being replaced with a space, we use the
|
||||||
* SKIP_LONG_HEADER_SEP to skip over them.
|
* SKIP_LONG_HEADER_SEP to skip over them. */
|
||||||
*/
|
|
||||||
SKIP_LONG_HEADER_SEP(to_r, i);
|
SKIP_LONG_HEADER_SEP(to_r, i);
|
||||||
to_r[i] = ' ';
|
to_r[i] = ' ';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
to_r = to;
|
to_r = to;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (subject_len > 0) {
|
if (subject_len > 0) {
|
||||||
subject_r = estrndup(subject, subject_len);
|
subject_r = estrndup(subject, subject_len);
|
||||||
@ -127,7 +140,7 @@ PHP_FUNCTION(mail)
|
|||||||
}
|
}
|
||||||
subject_r[subject_len - 1] = '\0';
|
subject_r[subject_len - 1] = '\0';
|
||||||
}
|
}
|
||||||
for(i = 0; subject_r[i]; i++) {
|
for (i = 0; subject_r[i]; i++) {
|
||||||
if (iscntrl((unsigned char) subject_r[i])) {
|
if (iscntrl((unsigned char) subject_r[i])) {
|
||||||
SKIP_LONG_HEADER_SEP(subject_r, i);
|
SKIP_LONG_HEADER_SEP(subject_r, i);
|
||||||
subject_r[i] = ' ';
|
subject_r[i] = ' ';
|
||||||
@ -142,7 +155,7 @@ PHP_FUNCTION(mail)
|
|||||||
} else if (extra_cmd) {
|
} else if (extra_cmd) {
|
||||||
extra_cmd = php_escape_shell_cmd(extra_cmd);
|
extra_cmd = php_escape_shell_cmd(extra_cmd);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) {
|
if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) {
|
||||||
RETVAL_TRUE;
|
RETVAL_TRUE;
|
||||||
} else {
|
} else {
|
||||||
@ -192,10 +205,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
if (extra_cmd != NULL) {
|
if (extra_cmd != NULL) {
|
||||||
sendmail_cmd = emalloc (strlen (sendmail_path) + strlen (extra_cmd) + 2);
|
spprintf(&sendmail_cmd, 0, "%s %s", sendmail_path, extra_cmd);
|
||||||
strcpy (sendmail_cmd, sendmail_path);
|
|
||||||
strcat (sendmail_cmd, " ");
|
|
||||||
strcat (sendmail_cmd, extra_cmd);
|
|
||||||
} else {
|
} else {
|
||||||
sendmail_cmd = sendmail_path;
|
sendmail_cmd = sendmail_path;
|
||||||
}
|
}
|
||||||
@ -209,8 +219,9 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
|
|||||||
errno = 0;
|
errno = 0;
|
||||||
sendmail = popen(sendmail_cmd, "w");
|
sendmail = popen(sendmail_cmd, "w");
|
||||||
#endif
|
#endif
|
||||||
if (extra_cmd != NULL)
|
if (extra_cmd != NULL) {
|
||||||
efree (sendmail_cmd);
|
efree (sendmail_cmd);
|
||||||
|
}
|
||||||
|
|
||||||
if (sendmail) {
|
if (sendmail) {
|
||||||
#ifndef PHP_WIN32
|
#ifndef PHP_WIN32
|
||||||
@ -227,6 +238,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
|
|||||||
}
|
}
|
||||||
fprintf(sendmail, "\n%s\n", message);
|
fprintf(sendmail, "\n%s\n", message);
|
||||||
ret = pclose(sendmail);
|
ret = pclose(sendmail);
|
||||||
|
|
||||||
#ifdef PHP_WIN32
|
#ifdef PHP_WIN32
|
||||||
if (ret == -1)
|
if (ret == -1)
|
||||||
#else
|
#else
|
||||||
|
Loading…
Reference in New Issue
Block a user