PHP :: Bug #73203 :: passing additional_parameters causes mail to fail

Bug #73203

passing additional_parameters causes mail to fail

Submitted:

2016-09-29 20:46 UTC

Modified:

2016-09-30 10:28 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

mberchtold at gmail dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

Mail related

PHP Version:

7.1.0RC3

OS:

Windows

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mberchtold at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-09-29 20:46 UTC] mberchtold at gmail dot com

Description:
------------
Problem
=======
mail throws this fatal error if an additional_parameters (even if it is an empty string) is passed to the function:
PHP Fatal error:  mail(): Escaped command exceeds the allowed length of 8192 bytes

Cause
=====
In the mail function, the extra_cmd is escaped with php_escape_shell_cmd:
https://github.com/php/php-src/blob/master/ext/standard/mail.c#L374

This is incorrect if the string is not passed to an executable. This is the case on Windows when SMTP is used (php.ini: mail.SMTP).

Solution
========
The additional_parameters argument should be ignored (and therefore not be escaped) if it is not used (not passed to a shell command). 

Also there seems to be another bug where php_escape_shell_cmd fails if an empty string is passed.

Test script:
---------------
mail("test@test.com", "subject", "message", "From: lala@test.com", "");

Actual result:
--------------
PHP Fatal error:  mail(): Escaped command exceeds the allowed length of 8192 bytes

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-09-30 08:21 UTC] cmb@php.net

-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb

[2016-09-30 08:21 UTC] cmb@php.net

Indeed, if $additional_parameters is empty an unsigned underflow
occurs, causing this error message.

[2016-09-30 08:29 UTC] yohgaki@php.net

@cmd Are you working on this? Please don't forget to update PHP_FUNCTION(mb_send_mail), if you modify PHP_FUNCTION(mail).
If you are not working on this, I'll.

[2016-09-30 08:37 UTC] cmb@php.net

Yes, I'm already working on this. Actually, mail() isn't the
issue, but rather php_escape_shell_cmd() which always fails when
called with an empty string. escapeshellcmd() doesn't call
php_escape_shell_cmd() when invoked with an empty string, but I
think we should fix php_escape_shell_cmd(), because it is PHP_API.

[2016-09-30 09:56 UTC] cmb@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e72165bb86aec6fc51dcb4d8d715e18be912ab67
Log: Fix #73203: passing additional_parameters causes mail to fail

[2016-09-30 09:56 UTC] cmb@php.net

-Status: Verified +Status: Closed

[2016-09-30 10:28 UTC] yohgaki@php.net

I agree. Your fix is the way to go.

[2016-10-17 10:07 UTC] bwoebi@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e72165bb86aec6fc51dcb4d8d715e18be912ab67
Log: Fix #73203: passing additional_parameters causes mail to fail

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC