php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40925 rfc822.c legacy routine buffer overflow
Submitted: 2007-03-26 18:57 UTC Modified: 2007-03-26 21:46 UTC
From: dan at westernitgroup dot com Assigned:
Status: Not a bug Package: IMAP related
PHP Version: 4.4.6 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dan at westernitgroup dot com
New email:
PHP Version: OS:

 

 [2007-03-26 18:57 UTC] dan at westernitgroup dot com

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-26 19:20 UTC] tony2001@php.net
Doesn't look like PHP problem.
Please update c-client to the latest available version and rebuild PHP.
 [2007-03-26 20:59 UTC] dan at westernitgroup dot com
Already done, I would not have posted here otherwise.
 [2007-03-26 21:04 UTC] tony2001@php.net
An abort in c-client still isn't something PHP can fix.
Please report this problem to c-client developers. 
See http://www.washington.edu/imap/
 [2007-03-26 21:29 UTC] dan at westernitgroup dot com
I have and this is their response.

Increasing the SENDBUFLEN to a sufficient size will make the "rfc822.c legacy routine buffer overflow" fatal error go away.  However, a better thing to do is to fix PHP to use c-client's new rfc822 header routines which do not require a fixed buffer (they flush the current buffer as
needed) rather than the legacy interface.
 [2007-03-26 21:46 UTC] tony2001@php.net
>However, a better thing to do is to fix PHP to use c-client's new
> rfc822 header routines which do not require a fixed buffer (they
>flush the current buffer as needed) rather than the legacy interface.

That's not going to happen in PHP4 and I honestly saying I doubt it'll happen ever because it's extremely difficult to add support for a new c-client functionality without actually _requiring_ some c-client version, which is not an option for such a widely used application as PHP.

So until c-client is missing a way to know its version and is breaking its own API between the releases, I guess we'll avoid using the new functionality and will stay with what we have now.

Though that doesn't mean we wouldn't review such a patch (of course if it does not add any new requirements).
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Aug 19 19:01:27 2019 UTC