php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15595 imap routines hang when "To" header is too large
Submitted: 2002-02-18 04:23 UTC Modified: 2002-06-27 18:19 UTC
From: charlesb at ekit-inc dot com Assigned:
Status: Closed Package: IMAP related
PHP Version: 4.1.1 OS: Solaris-i86
Private report: No CVE-ID: None
 [2002-02-18 04:23 UTC] charlesb at ekit-inc dot com
The starting point for this was that our webmail (customised IMP)would crash if the "To" header was too large.  Probably the header violates rfc822, but php should be able to cope, or at least fail gracefully and not hang.

We are running php built with the imap4.5 uwash c-client, with ldap, with mysql.  Apache is built with mods rewrite, mime_magic, the lastest fastcgi, the latest modssl.  The fastcgi connection is used for most pages rendered from our site.

Playing around with truss led us to suspect mime_header_decode was at fault, ie:

php_if_imap_mime_header_decode+0x6d3:           movl   (%ebx),%edx

Now, in getting a gdb backtrace, things got very wierd.  Below is the output - but it occurs not only when we try to read the email with the oversized to header, but when I try to do something mundane like parse the whole mailbox.

So maybe there are two problems, needless to say - I hope the truss line is useful, because I wouldn't rely on the gdb backtrace.

Thanks.

Program received signal SIGPIPE, Broken pipe.
0xdfee1f3b in _writev ()
(gdb) bt
#0  0xdfee1f3b in _writev ()
#1  0x80b2254 in ssl_io_unregister ()
#2  0x81ba5f4 in ap_hook_call ()
#3  0x81b9d41 in ap_hook_call ()
#4  0x8196641 in ap_bfilbuf ()
#5  0x8196a6c in ap_bfilbuf ()   
#6  0x8196b38 in ap_bwrite () 
#7  0x816537e in php_mergesort () 
#8  0x8166ec5 in php_mergesort () 
#9  0x816749d in php_mergesort () 
#10 0x8197ddb in ap_invoke_handler () 
#11 0x81ac451 in ap_some_auth_required ()
#12 0x81ac4b0 in ap_process_request ()
#13 0x81a3ad1 in ap_child_terminate ()
#14 0x81a3c80 in ap_child_terminate ()
#15 0x81a3ddb in ap_child_terminate ()
#16 0x81a43d8 in ap_child_terminate ()
#17 0x81a4b9b in main ()
#18 0x809b947 in _start ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-18 08:29 UTC] sander@php.net
Can you provide a simple sample script?
 [2002-02-18 18:09 UTC] charlesb at ekit-inc dot com
An exact script is difficult. (I've spent a day or two trying to pin it down to a simple routine, not with any great success).

However, it looks like

$h = @imap_header($imp->stream, imap_msgno($imp->stream, $msgnum));

is hanging with a message that has to header of about 4K (again, this probably violates rfc822, but it shouldn't hang like it does).

$imp->stream is constructed like this (as you'd expect):

$connstr = '{' . $this->server . ':' . $this->port . '}' . $this->mailbox;
$this->stream = @imap_open($connstr, $this->user, $this->pass);


Thanks.
 [2002-03-11 04:47 UTC] charlesb at ekit-inc dot com
Is there anything I can do to help this along?  We've been bitten twice by this in the last few days.
 [2002-03-11 09:37 UTC] sniper@php.net
First of all you should try with the latest c-client.

--Jani

 [2002-03-11 20:52 UTC] charlesb at ekit-inc dot com
We upgraded last week to 4.1.2, the problem still occurs.
 [2002-03-11 21:30 UTC] sniper@php.net
Try the latest _c-client_ library, not PHP.

As this is most likely not bug in PHP but in the 
c-client library itself.

--Jani

 [2002-03-12 23:36 UTC] charlesb at ekit-inc dot com
I built php again with imap-2001a's c-client, and the problem still occurred.

Other suggestions for things I could try?  Thanks, Charles
 [2002-04-04 07:31 UTC] sniper@php.net
This is most likely a c-client bug. Try opening the same
failing mail with Pine.

--Jani

 [2002-05-07 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2002-05-07 22:09 UTC] charlesb at ekit-inc dot com
Were you able to open the sample mail I sent?  If so, can you tell me what system/c-client you guys were using?

(to my knowledge we were using the latest possible)
 [2002-06-24 00:47 UTC] charlesb at ekit-inc dot com
You may be interested to know that we tried the up-and-coming version of zope-webmail and pointed it to the imap server/user that contained this message with massive To headers (that crashed apache/php) and the message was loaded and displayed without any problems at all.
 [2002-06-26 23:57 UTC] sniper@php.net
I never got that test email..can you send it again?

 [2002-06-27 02:12 UTC] charlesb at ekit-inc dot com
Sent file as attachment to sniper@php.net

Thanks.
 [2002-06-27 18:19 UTC] sniper@php.net
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Dec 06 23:03:35 2021 UTC