php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25037 SendText infinite loop
Submitted: 2003-08-11 05:25 UTC Modified: 2003-08-11 11:38 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: richard at bradders2000 dot co dot uk Assigned: iliaa
Status: Closed Package: Mail related
PHP Version: 4.3.3RC3 OS: Windows Server 2003
Private report: No CVE-ID:
 [2003-08-11 05:25 UTC] richard at bradders2000 dot co dot uk
Description:
------------
When a message is > 1024 bytes in size and therefore broken down into 1024 chunks, there is a 'goto send_chunk;' being called an infinite number of times because the conditional statement 'if ((parts * 1024) < data_cln_len)' is always true if it is ever true. This basically causes the function to just keep on sending data to the smtp server.
Problem wasnt there in RC1, just RC2 and RC3.

Reproduce code:
---------------
		int parts = (int) floor(data_cln_len / 1024);
		p = data_cln;

		for (i = 0; i < parts; i++) {
			strlcpy(Buffer, p, 1024);
			Buffer[1024] = '\0';
			p += 1024;
send_chunk:
			/* send chunk */
			if ((res = Post(Buffer)) != SUCCESS) {
				efree(data_cln);
				return (res);
			}
		}

		if ((parts * 1024) < data_cln_len) {
			i = data_cln_len - (parts * 1024);
			strlcpy(Buffer, p, i);
			Buffer[i] = '\0';
			goto send_chunk;
		}


Expected result:
----------------
Data is sent in 1024 byte chunks. The remainder is then sent. Send is then terminated with '\r\n.\r\n'

Actual result:
--------------
Data is sent in 1024 byte chunks. The remainder is then sent...again and again and again and again. etc etc.
Send is never terminated.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-11 06:01 UTC] richard at bradders2000 dot co dot uk
Sorry, I had it as a 'SentText' issue... slight typo, should have been 'SendText'.
 [2003-08-11 11:38 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 16:02:22 2014 UTC