File php-5.5.x-mail-header.cpanel.patch of Package scl-php56

Overview Repositories Revisions Requests Users Attributes Meta

File php-5.5.x-mail-header.cpanel.patch of Package scl-php56

From b599635d174d7ccd624202fb2bf3dc06fb14df7f Mon Sep 17 00:00:00 2001
From: Kurt Newman <kurt.newman@cpanel.net>
Date: Wed, 2 Sep 2015 10:29:21 -0500
Subject: [PATCH] php-5.5.x-mail-header

Case 61298: http://choon.net/opensource/php/php-5.5.x-mail-header.patch
---
 ext/standard/mail.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 17c09db..1aafbe2 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -334,6 +334,49 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
 		MAIL_RET(0);
 	}
 
+	/* Patched by Giam Teck Choon */
+	/* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
+	/* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
+	char *headers2=NULL;
+
+	// add a header in the form
+	//	X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr>
+	while(1) {
+		zval **server, **remote_addr, **forwarded_for, **php_self, **server_name;
+
+		if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE)
+			break;
+		if (Z_TYPE_PP(server)!=IS_ARRAY)
+			break;
+		if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE)
+			break;
+		if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE)
+			forwarded_for=NULL;
+		if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE)
+			break;
+		if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE)
+			break;
+		headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self)
+			+(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0)
+			+Z_STRLEN_PP(remote_addr));
+		strcpy(headers2, "X-PHP-Script: ");
+		strcat(headers2, Z_STRVAL_PP(server_name));
+		if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self));
+		}
+		else {
+			strcat(headers2, Z_STRVAL_PP(php_self));
+		}
+		strcat(headers2, " for ");
+		if (forwarded_for) {
+			strcat(headers2, Z_STRVAL_PP(forwarded_for));
+			strcat(headers2, ", ");
+		}
+		strcat(headers2, Z_STRVAL_PP(remote_addr));
+		break;
+	}
+	/* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
+
 	if (!sendmail_path) {
 #if (defined PHP_WIN32 || defined NETWARE)
 		/* handle old style win smtp sending */
@@ -397,6 +440,14 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char
 #endif
 		fprintf(sendmail, "To: %s\n", to);
 		fprintf(sendmail, "Subject: %s\n", subject);
+		/* Patched by Giam Teck Choon */
+		/* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
+		/* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
+		if (headers2 != NULL) {
+			fprintf(sendmail, "%s\n", headers2);
+			efree(headers2);
+		}
+		/* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
 		if (hdr != NULL) {
 			fprintf(sendmail, "%s\n", hdr);
 		}
-- 
2.5.0

Places

File php-5.5.x-mail-header.cpanel.patch of Package scl-php56

Places