php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45460 imap patch for fromlength fix in imap_headerinfo doesn't accept lengths of 1024
Submitted: 2008-07-08 16:16 UTC Modified: 2008-07-11 11:09 UTC
From: andrew at lifescale dot com Assigned: felipe
Status: Closed Package: IMAP related
PHP Version: 5.2.6 OS: FreeBSD 6.1
Private report: No CVE-ID:
 [2008-07-08 16:16 UTC] andrew at lifescale dot com
Description:
------------
There was a patch on April 1 for imap.c that added a sanity check to the from and subject lengths when calling imap_headerinfo()

http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.247&r2=1.248

The error message says that the from / subject lengths have to be between 1 and 1024.  However it will not accept a fromlength of 1024 due to the  >=  operator.  MAILTMPLEN is 1024

This causes a problem for the pear library IMAPv2 as it defaults the fromlength and subjectlength to 1024

Either the error message must be updated to MAILTMPLEN-1,  or the operator and char array must be changed (this is preferred as to not bust IMAPv2)


Reproduce code:
---------------
I don't have a good example as  I use IMAPv2.  However, it seems like a simple problem just by looking at the code

Expected result:
----------------
imap_headerinfo should accept a fromlength of 1024

Actual result:
--------------
A warning is given:

Jul  8 00:01:49 php: PHP Warning:  imap_headerinfo(): From length has to be between 1 and 1024 in /usr/local/lib/php/Mail/IMAPv2.php on line 1505



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-10 17:49 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2008-07-10 18:42 UTC] andrew at lifescale dot com
I noticed the buffer size for the from / subject data wasn't increased.

Does it not need to be:
fulladdress[MAILTMPLEN + 1];

Since a subject of 1024 would fill fulladdress and not have room for a null byte at the end?
 [2008-07-10 19:08 UTC] johannes@php.net
Felipe, please check that (sorry I'm too lazy to do it myself *g*)
 [2008-07-11 11:09 UTC] felipe@php.net
Opss, you are right. Fixed! Thanks. :)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 13:02:15 2014 UTC