php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40925 rfc822.c legacy routine buffer overflow
Submitted: 2007-03-26 18:57 UTC Modified: 2007-03-26 21:46 UTC
From: dan at westernitgroup dot com Assigned:
Status: Not a bug Package: IMAP related
PHP Version: 4.4.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dan at westernitgroup dot com
New email:
PHP Version: OS:

 

 [2007-03-26 18:57 UTC] dan at westernitgroup dot com 


Patches


Add a Patch
Pull Requests


Add a Pull Request
History
AllCommentsChangesGit/SVN commitsRelated reports            

            


 [2007-03-26 19:20 UTC] tony2001@php.net

Doesn't look like PHP problem.
Please update c-client to the latest available version and rebuild PHP.



 [2007-03-26 20:59 UTC] dan at westernitgroup dot com

Already done, I would not have posted here otherwise.



 [2007-03-26 21:04 UTC] tony2001@php.net

An abort in c-client still isn't something PHP can fix.
Please report this problem to c-client developers. 
See http://www.washington.edu/imap/



 [2007-03-26 21:29 UTC] dan at westernitgroup dot com

I have and this is their response.

Increasing the SENDBUFLEN to a sufficient size will make the "rfc822.c legacy routine buffer overflow" fatal error go away.  However, a better thing to do is to fix PHP to use c-client's new rfc822 header routines which do not require a fixed buffer (they flush the current buffer as
needed) rather than the legacy interface.



 [2007-03-26 21:46 UTC] tony2001@php.net

>However, a better thing to do is to fix PHP to use c-client's new
> rfc822 header routines which do not require a fixed buffer (they
>flush the current buffer as needed) rather than the legacy interface.

That's not going to happen in PHP4 and I honestly saying I doubt it'll happen ever because it's extremely difficult to add support for a new c-client functionality without actually _requiring_ some c-client version, which is not an option for such a widely used application as PHP.

So until c-client is missing a way to know its version and is breaking its own API between the releases, I guess we'll avoid using the new functionality and will stay with what we have now.

Though that doesn't mean we wouldn't review such a patch (of course if it does not add any new requirements).




        		
    











    


    

         
    


    

        
            
                PHP
                Copyright © 2001-2023 The PHP Group

                All rights reserved.
            
        		
        
            Last updated: Sat Sep 23 19:01:25 2023 UTC