PHP :: Bug #20707 :: incorrect behavior of mail() with Bcc:

Bug #20707

incorrect behavior of mail() with Bcc:

Submitted:

2002-11-28 17:33 UTC

Modified:

2002-12-02 04:02 UTC

Votes:	2
Avg. Score:	4.5 ± 0.5
Reproduced:	1 of 2 (50.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

support at shocart dot cz

Assigned:

Status:

Closed

Package:

Mail related

PHP Version:

4.3.0RC2

OS:

win 2000

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	support at shocart dot cz
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-11-28 17:33 UTC] support at shocart dot cz

A bug in the SendText() function in php-4.3.0RC2\win32\sendmail.c module can cause incorrect sending of messages to addresses in Cc: and Bcc: fields in the additional headers string.

mail($recipient, $subject, $message, $headers);
Example:
assume $recipient, adr1, adr2 etc represent valid addresses, and XX any other headers

$headers = "Cc: adr1, adr2\nXX" 
sends messages for recipient, adr1 and adr2, ie. OK
$headers = "Bcc: adr1, adr2\nXX" 
sends messages for recipient, and two copies for both adr1 and adr2.
$headers = "Cc: adr1\nBcc: adr2\nXX" 
sends messages for recipient, adr1 and two copies for adr2.
$headers = "BCc: adr1\nCc: adr2\nXX" 
sends messages for recipient, two copies for adr1 and none for adr2.

The cause is in the SendText() parsing headers string for cc and bcc fields (from line 418 on). The code:
	if (headers && (pos1 = strstr(headers_lc, "cc:"))) {
recognize cc: substring in the bcc: resulting in duplicating messages for bcc: addresses

more robust code could look like:
char *pos;
if (headers) {
    pos=headers_lc;
    while ((pos=strstr(pos,"cc:"))) {
        if((pos>headers_lc)&&(*(pos-1)=='b')) {
            pos+=3;   //bcc: found, skip it now
        } else {
            pos+=3;
            pos1=headers+(pos-headers_lc);
            ... the rest of the routine lines 423 to 444
        }
    } // in case of more cc lines or bcc prior to cc
}
... lines 447 to 471
// similar loop for bcc ie.
    pos=headers_lc;
    while ((pos=strstr(pos,"bcc:"))) {
        pos +=4;
        pos1=headers+(pos-headers_lc);
        ... the rest of the routine lines 477 to 519 with respective modifications to generating the stripped_header string.

zbynek

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-29 07:09 UTC] support at shocart dot cz

The loop may introduce other troubles if someone adds user-defined header with ...cc: string. Thus it'll be safer to use 
if((pos>headers_lc)&&(!iscntrl(*(pos-1)))) { ...some other header, skip it... } else { ...correct one, proceed...}

Another problem might arise if there is not PCRE support in the function php_win32_mail_trim_header() and so we have unmodified headers string (line 178). Then it can't be granted that the test for CRLF
if (NULL == (pos2 = strstr(pos1, "\r\n"))) 
on the lines 423 and 477 gives correct results.

[2002-12-01 23:04 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2002-12-02 03:21 UTC] support at shocart dot cz

Works perfectly now here using
  http://snaps.php.net/win32/php4-win32-latest.zip
Thanks for the fix.

[2002-12-02 04:02 UTC] derick@php.net

Reported as fixed by the user

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 08:01:30 2024 UTC