Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:rkwasny:rebuild
php5
php-5.2.6-CVE-2008-2829.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.2.6-CVE-2008-2829.patch of Package php5
Index: ext/imap/config.m4 =================================================================== RCS file: /repository/php-src/ext/imap/config.m4,v retrieving revision 1.69.4.7 retrieving revision 1.69.4.8 diff -u -p -r1.69.4.7 -r1.69.4.8 --- ext/imap/config.m4 11 Feb 2007 09:25:32 -0000 1.69.4.7 +++ ext/imap/config.m4 16 Oct 2008 16:20:53 -0000 1.69.4.8 @@ -1,5 +1,5 @@ dnl -dnl $Id: config.m4,v 1.69.4.7 2007/02/11 09:25:32 tony2001 Exp $ +dnl $Id: config.m4,v 1.69.4.8 2008/10/16 16:20:53 dmitry Exp $ dnl AC_DEFUN([IMAP_INC_CHK],[if test -r "$i$1/c-client.h"; then @@ -229,4 +229,34 @@ if test "$PHP_IMAP" != "no"; then AC_MSG_RESULT(no) AC_MSG_ERROR([build test failed. Please check the config.log for details.]) ], $TST_LIBS) + + AC_MSG_CHECKING(whether rfc822_output_address_list function present) + PHP_TEST_BUILD(foobar, [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_RFC822_OUTPUT_ADDRESS_LIST, 1, [ ]) + ], [ + AC_MSG_RESULT(no) + ], [ + $TST_LIBS + ], [ + void mm_log(void){} + void mm_dlog(void){} + void mm_flags(void){} + void mm_fatal(void){} + void mm_critical(void){} + void mm_nocritical(void){} + void mm_notify(void){} + void mm_login(void){} + void mm_diskerror(void){} + void mm_status(void){} + void mm_lsub(void){} + void mm_list(void){} + void mm_exists(void){} + void mm_searched(void){} + void mm_expunged(void){} + void rfc822_output_address_list(void); + void (*f)(void); + char foobar () {f = rfc822_output_address_list;} + ]) + fi Index: ext/imap/php_imap.c =================================================================== RCS file: /repository/php-src/ext/imap/php_imap.c,v retrieving revision 1.208.2.7.2.31 retrieving revision 1.208.2.7.2.37 diff -u -p -r1.208.2.7.2.31 -r1.208.2.7.2.37 --- ext/imap/php_imap.c 17 Apr 2008 11:04:49 -0000 1.208.2.7.2.31 +++ ext/imap/php_imap.c 16 Oct 2008 16:20:53 -0000 1.208.2.7.2.37 @@ -26,7 +26,7 @@ | PHP 4.0 updates: Zeev Suraski <zeev@zend.com> | +----------------------------------------------------------------------+ */ -/* $Id: php_imap.c,v 1.208.2.7.2.31 2008/04/17 11:04:49 felipe Exp $ */ +/* $Id: php_imap.c,v 1.208.2.7.2.37 2008/10/16 16:20:53 dmitry Exp $ */ #define IMAP41 @@ -40,6 +40,7 @@ #include "ext/standard/php_string.h" #include "ext/standard/info.h" #include "ext/standard/file.h" +#include "ext/standard/php_smart_str.h" #ifdef ERROR #undef ERROR @@ -66,10 +67,11 @@ MAILSTREAM DEFAULTPROTO; #define SENDBUFLEN 16385 #endif + static void _php_make_header_object(zval *myzvalue, ENVELOPE *en TSRMLS_DC); static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC); -static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC); -static int _php_imap_address_size(ADDRESS *addresslist); +static char* _php_imap_parse_address(ADDRESS *addresslist, zval *paddress TSRMLS_DC); +static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC); /* the gets we use */ static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md); @@ -717,23 +719,26 @@ PHP_RSHUTDOWN_FUNCTION(imap) } /* }}} */ - -/* {{{ PHP_MINFO_FUNCTION - */ -PHP_MINFO_FUNCTION(imap) -{ - php_info_print_table_start(); +#if !defined(CCLIENTVERSION) #if HAVE_IMAP2004 - php_info_print_table_row(2, "IMAP c-Client Version", "2004"); +#define CCLIENTVERSION "2004" #elif HAVE_IMAP2001 - php_info_print_table_row(2, "IMAP c-Client Version", "2001"); +#define CCLIENTVERSION "2001" #elif HAVE_IMAP2000 - php_info_print_table_row(2, "IMAP c-Client Version", "2000"); +#define CCLIENTVERSION "2000" #elif defined(IMAP41) - php_info_print_table_row(2, "IMAP c-Client Version", "4.1"); +#define CCLIENTVERSION "4.1" #else - php_info_print_table_row(2, "IMAP c-Client Version", "4.0"); +#define CCLIENTVERSION "4.0" +#endif #endif + +/* {{{ PHP_MINFO_FUNCTION + */ +PHP_MINFO_FUNCTION(imap) +{ + php_info_print_table_start(); + php_info_print_table_row(2, "IMAP c-Client Version", CCLIENTVERSION); #if HAVE_IMAP_SSL php_info_print_table_row(2, "SSL Support", "enabled"); #endif @@ -1451,7 +1456,7 @@ PHP_FUNCTION(imap_list_full) } /* }}} */ -/* {{{ proto array imap_scan(resource stream_id, string ref, string pattern, string content) +/* {{{ proto array imap_listscan(resource stream_id, string ref, string pattern, string content) Read list of mailboxes containing a certain string */ PHP_FUNCTION(imap_listscan) { @@ -1575,7 +1580,7 @@ PHP_FUNCTION(imap_headerinfo) pils *imap_le_struct; MESSAGECACHE *cache; ENVELOPE *en; - char dummy[2000], fulladdress[MAILTMPLEN]; + char dummy[2000], fulladdress[MAILTMPLEN + 1]; int myargc = ZEND_NUM_ARGS(); if (myargc < 2 || myargc > 5 || zend_get_parameters_ex(myargc, &streamind, &msgno, &fromlength, &subjectlength, &defaulthost) == FAILURE) { @@ -1587,8 +1592,8 @@ PHP_FUNCTION(imap_headerinfo) convert_to_long_ex(msgno); if (myargc >= 3) { convert_to_long_ex(fromlength); - if (Z_LVAL_PP(fromlength) < 0 || Z_LVAL_PP(fromlength) >= MAILTMPLEN) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "From length has to be between 1 and %i", MAILTMPLEN); + if (Z_LVAL_PP(fromlength) < 0 || Z_LVAL_PP(fromlength) > MAILTMPLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "From length has to be between 0 and %d", MAILTMPLEN); RETURN_FALSE; } } else { @@ -1596,8 +1601,8 @@ PHP_FUNCTION(imap_headerinfo) } if (myargc >= 4) { convert_to_long_ex(subjectlength); - if (Z_LVAL_PP(subjectlength) < 0 || Z_LVAL_PP(subjectlength) >= MAILTMPLEN) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject length has to be between 1 and %i", MAILTMPLEN); + if (Z_LVAL_PP(subjectlength) < 0 || Z_LVAL_PP(subjectlength) > MAILTMPLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Subject length has to be between 0 and %d", MAILTMPLEN); RETURN_FALSE; } } else { @@ -2109,7 +2114,7 @@ PHP_FUNCTION(imap_rfc822_write_address) { zval **mailbox, **host, **personal; ADDRESS *addr; - char string[MAILTMPLEN]; + char *string; if (ZEND_NUM_ARGS() != 3 || zend_get_parameters_ex(3, &mailbox, &host, &personal) == FAILURE) { ZEND_WRONG_PARAM_COUNT(); @@ -2137,13 +2142,12 @@ PHP_FUNCTION(imap_rfc822_write_address) addr->error=NIL; addr->adl=NIL; - if (_php_imap_address_size(addr) >= MAILTMPLEN) { + string = _php_rfc822_write_address(addr TSRMLS_CC); + if (string) { + RETVAL_STRING(string, 0); + } else { RETURN_FALSE; } - - string[0]='\0'; - rfc822_write_address(string, addr); - RETVAL_STRING(string, 1); } /* }}} */ @@ -2154,7 +2158,8 @@ PHP_FUNCTION(imap_rfc822_parse_adrlist) zval **str, **defaulthost, *tovals; ADDRESS *addresstmp; ENVELOPE *env; - + char *str_copy; + if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &str, &defaulthost) == FAILURE) { ZEND_WRONG_PARAM_COUNT(); } @@ -2165,7 +2170,10 @@ PHP_FUNCTION(imap_rfc822_parse_adrlist) env = mail_newenvelope(); - rfc822_parse_adrlist(&env->to, Z_STRVAL_PP(str), Z_STRVAL_PP(defaulthost)); + /* rfc822_parse_adrlist() modifies passed string. Copy it. */ + str_copy = estrndup(Z_STRVAL_PP(str), Z_STRLEN_PP(str)); + rfc822_parse_adrlist(&env->to, str_copy, defaulthost); + efree(str_copy); array_init(return_value); @@ -2873,7 +2881,7 @@ PHP_FUNCTION(imap_fetch_overview) zval **streamind, **sequence, **pflags; pils *imap_le_struct; zval *myoverview; - char address[MAILTMPLEN]; + char *address; long status, flags=0L; int myargc = ZEND_NUM_ARGS(); @@ -2908,17 +2916,19 @@ PHP_FUNCTION(imap_fetch_overview) if (env->subject) { add_property_string(myoverview, "subject", env->subject, 1); } - if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) { + if (env->from) { env->from->next=NULL; - address[0] = '\0'; - rfc822_write_address(address, env->from); - add_property_string(myoverview, "from", address, 1); + address =_php_rfc822_write_address(env->from TSRMLS_CC); + if (address) { + add_property_string(myoverview, "from", address, 0); + } } - if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) { + if (env->to) { env->to->next = NULL; - address[0] = '\0'; - rfc822_write_address(address, env->to); - add_property_string(myoverview, "to", address, 1); + address = _php_rfc822_write_address(env->to TSRMLS_CC); + if (address) { + add_property_string(myoverview, "to", address, 0); + } } if (env->date) { add_property_string(myoverview, "date", env->date, 1); @@ -2961,7 +2971,7 @@ PHP_FUNCTION(imap_mail_compose) BODY *bod=NULL, *topbod=NULL; PART *mypart=NULL, *part; PARAMETER *param, *disp_param = NULL, *custom_headers_param = NULL, *tmp_param = NULL; - char *tmp=NULL, *mystring=NULL, *t=NULL, *tempstring=NULL; + char *tmp=NULL, *mystring=NULL, *t=NULL, *tempstring=NULL, *str_copy = NULL; int toppart = 0; if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &envelope, &body) == FAILURE) { @@ -2978,50 +2988,55 @@ PHP_FUNCTION(imap_mail_compose) RETURN_FALSE; } +#define PHP_RFC822_PARSE_ADRLIST(target, value) \ + str_copy = estrndup(Z_STRVAL_PP(value), Z_STRLEN_PP(value)); \ + rfc822_parse_adrlist(target, str_copy, "NO HOST"); \ + efree(str_copy); + env = mail_newenvelope(); if (zend_hash_find(Z_ARRVAL_PP(envelope), "remail", sizeof("remail"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - env->remail=cpystr(Z_STRVAL_PP(pvalue)); + env->remail = cpystr(Z_STRVAL_PP(pvalue)); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "return_path", sizeof("return_path"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue) - rfc822_parse_adrlist(&env->return_path, Z_STRVAL_PP(pvalue), "NO HOST"); + PHP_RFC822_PARSE_ADRLIST(&env->return_path, pvalue); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "date", sizeof("date"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - env->date=cpystr(Z_STRVAL_PP(pvalue)); + env->date = cpystr(Z_STRVAL_PP(pvalue)); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "from", sizeof("from"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - rfc822_parse_adrlist (&env->from, Z_STRVAL_PP(pvalue), "NO HOST"); + PHP_RFC822_PARSE_ADRLIST(&env->from, pvalue); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "reply_to", sizeof("reply_to"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - rfc822_parse_adrlist (&env->reply_to, Z_STRVAL_PP(pvalue), "NO HOST"); + PHP_RFC822_PARSE_ADRLIST(&env->reply_to, pvalue); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "in_reply_to", sizeof("in_reply_to"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - env->in_reply_to=cpystr(Z_STRVAL_PP(pvalue)); + env->in_reply_to = cpystr(Z_STRVAL_PP(pvalue)); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "subject", sizeof("subject"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - env->subject=cpystr(Z_STRVAL_PP(pvalue)); + env->subject = cpystr(Z_STRVAL_PP(pvalue)); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "to", sizeof("to"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - rfc822_parse_adrlist (&env->to, Z_STRVAL_PP(pvalue), "NO HOST"); + PHP_RFC822_PARSE_ADRLIST(&env->to, pvalue); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "cc", sizeof("cc"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - rfc822_parse_adrlist (&env->cc, Z_STRVAL_PP(pvalue), "NO HOST"); + PHP_RFC822_PARSE_ADRLIST(&env->cc, pvalue); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "bcc", sizeof("bcc"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - rfc822_parse_adrlist (&env->bcc, Z_STRVAL_PP(pvalue), "NO HOST"); + PHP_RFC822_PARSE_ADRLIST(&env->bcc, pvalue); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "message_id", sizeof("message_id"), (void **) &pvalue)== SUCCESS) { convert_to_string_ex(pvalue); - env->message_id=cpystr(Z_STRVAL_PP(pvalue)); + env->message_id = cpystr(Z_STRVAL_PP(pvalue)); } if (zend_hash_find(Z_ARRVAL_PP(envelope), "custom_headers", sizeof("custom_headers"), (void **) &pvalue)== SUCCESS) { @@ -3858,6 +3873,43 @@ static int _php_rfc822_len(char *str) /* }}} */ /* Support Functions */ + +#ifdef HAVE_RFC822_OUTPUT_ADDRESS_LIST +/* {{{ _php_rfc822_soutr + */ +static long _php_rfc822_soutr (void *stream, char *string) +{ + smart_str *ret = (smart_str*)stream; + int len = strlen(string); + + smart_str_appendl(ret, string, len); + return LONGT; +} + +/* }}} */ + +/* {{{ _php_rfc822_write_address + */ +static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC) +{ + char address[MAILTMPLEN]; + smart_str ret = {0}; + RFC822BUFFER buf; + + buf.beg = address; + buf.cur = buf.beg; + buf.end = buf.beg + sizeof(address) - 1; + buf.s = &ret; + buf.f = _php_rfc822_soutr; + rfc822_output_address_list(&buf, addresslist, 0, NULL); + rfc822_output_flush(&buf); + smart_str_0(&ret); + return ret.c; +} +/* }}} */ + +#else + /* {{{ _php_imap_get_address_size */ static int _php_imap_address_size (ADDRESS *addresslist) @@ -3887,26 +3939,33 @@ static int _php_imap_address_size (ADDRE /* }}} */ +/* {{{ _php_rfc822_write_address + */ +static char* _php_rfc822_write_address(ADDRESS *addresslist TSRMLS_DC) +{ + char address[SENDBUFLEN]; + if (_php_imap_address_size(addresslist) >= SENDBUFLEN) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, "Address buffer overflow"); + return NULL; + } + address[0] = 0; + rfc822_write_address(address, addresslist); + return estrdup(address); +} +/* }}} */ +#endif /* {{{ _php_imap_parse_address */ -static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC) +static char* _php_imap_parse_address (ADDRESS *addresslist, zval *paddress TSRMLS_DC) { + char *fulladdress; ADDRESS *addresstmp; zval *tmpvals; - char *tmpstr; - int len=0; addresstmp = addresslist; - if ((len = _php_imap_address_size(addresstmp))) { - tmpstr = (char *) pemalloc(len + 1, 1); - tmpstr[0] = '\0'; - rfc822_write_address(tmpstr, addresstmp); - *fulladdress = tmpstr; - } else { - *fulladdress = NULL; - } + fulladdress = _php_rfc822_write_address(addresstmp TSRMLS_CC); addresstmp = addresslist; do { @@ -3918,6 +3977,7 @@ static void _php_imap_parse_address (ADD if (addresstmp->host) add_property_string(tmpvals, "host", addresstmp->host, 1); add_next_index_object(paddress, tmpvals TSRMLS_CC); } while ((addresstmp = addresstmp->next)); + return fulladdress; } /* }}} */ @@ -3944,10 +4004,9 @@ static void _php_make_header_object(zval if (en->to) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->to, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->to, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "toaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "toaddress", fulladdress, 0); } add_assoc_object(myzvalue, "to", paddress TSRMLS_CC); } @@ -3955,10 +4014,9 @@ static void _php_make_header_object(zval if (en->from) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->from, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->from, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "fromaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "fromaddress", fulladdress, 0); } add_assoc_object(myzvalue, "from", paddress TSRMLS_CC); } @@ -3966,10 +4024,9 @@ static void _php_make_header_object(zval if (en->cc) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->cc, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->cc, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "ccaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "ccaddress", fulladdress, 0); } add_assoc_object(myzvalue, "cc", paddress TSRMLS_CC); } @@ -3977,10 +4034,9 @@ static void _php_make_header_object(zval if (en->bcc) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->bcc, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->bcc, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "bccaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "bccaddress", fulladdress, 0); } add_assoc_object(myzvalue, "bcc", paddress TSRMLS_CC); } @@ -3988,10 +4044,9 @@ static void _php_make_header_object(zval if (en->reply_to) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->reply_to, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->reply_to, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "reply_toaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "reply_toaddress", fulladdress, 0); } add_assoc_object(myzvalue, "reply_to", paddress TSRMLS_CC); } @@ -3999,10 +4054,9 @@ static void _php_make_header_object(zval if (en->sender) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->sender, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->sender, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "senderaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "senderaddress", fulladdress, 0); } add_assoc_object(myzvalue, "sender", paddress TSRMLS_CC); } @@ -4010,10 +4064,9 @@ static void _php_make_header_object(zval if (en->return_path) { MAKE_STD_ZVAL(paddress); array_init(paddress); - _php_imap_parse_address(en->return_path, &fulladdress, paddress TSRMLS_CC); + fulladdress = _php_imap_parse_address(en->return_path, paddress TSRMLS_CC); if (fulladdress) { - add_property_string(myzvalue, "return_pathaddress", fulladdress, 1); - free(fulladdress); + add_property_string(myzvalue, "return_pathaddress", fulladdress, 0); } add_assoc_object(myzvalue, "return_path", paddress TSRMLS_CC); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor