php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45705 imap_rfc822_parse_adrlist() modifies passed address by adding NUL byte to it
Submitted: 2008-08-04 09:48 UTC Modified: 2008-08-04 21:18 UTC
From: jan at horde dot org Assigned: jani
Status: Closed Package: IMAP related
PHP Version: 5.3.0alpha1 OS: Linux
Private report: No CVE-ID:
 [2008-08-04 09:48 UTC] jan at horde dot org
Description:
------------
imap_rfc822_parse_adrlist() adds a NUL byte (actually replace a space with one) in the passed string argument.

Reproduce code:
---------------
--TEST--
imap_rfc822_parse_adrlist() adding NUL byte to argument.
--SKIPIF--
<?php if (!extension_exists('imap')) echo 'skip IMAP extension not installed'; ?>
--FILE--
<?php

$address = 'John Doe <john@example.com>';
imap_rfc822_parse_adrlist($address, null);
echo $address;

?>
--EXPECT--
John Doe <john@example.com>



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-08-04 13:12 UTC] jani@php.net
I guess this affects ALL places using rfc822_parse_adrlist() and not duplicating the passed data. I'll look into this. Maybe you could provide more tests those functions that use this c-client func? :)
 [2008-08-04 13:36 UTC] jani@php.net
Can't reproduce with PHP_5_2 branch. Looks like someone didn't bother merging some fixes from that branch to HEAD/PHP_5_3..
 [2008-08-04 14:27 UTC] jan at horde dot org
Looks like this only happens with imap_mail_compose() with uses rfc822_parse_adrlist(). imap_mail() with uses that function through _php_imap_mail() is not affected. New test:

--TEST--
imap_rfc822_parse_adrlist() adding NUL byte to argument.
--SKIPIF--
<?php if (!extension_exists('imap')) echo 'skip IMAP extension not installed'; ?>
--FILE--
<?php

$address = 'John Doe <john@example.com>';
imap_rfc822_parse_adrlist($address, null);
echo $address;

echo "\n";
$envelope = array('return_path' => 'John Doe <john@example.com>',
                  'from'        => 'John Doe <john@example.com>',
                  'reply_to'    => 'John Doe <john@example.com>',
                  'to'          => 'John Doe <john@example.com>',
                  'cc'          => 'John Doe <john@example.com>',
                  'bcc'         => 'John Doe <john@example.com>');
imap_mail_compose($envelope, array(1 => array()));
var_export($envelope);

echo "\n";
$to  = 'John Doe <john@example.com>';
$cc  = 'John Doe <john@example.com>';
$bcc = 'John Doe <john@example.com>';
imap_mail($to, 'Subject', 'Body', '', $cc, $bcc);
echo $to;
echo "\n";
echo $cc;
echo "\n";
echo $bcc;

?>
--EXPECT--
John Doe <john@example.com>
array (
  'return_path' => 'John Doe <john@example.com>',
  'from' => 'John Doe <john@example.com>',
  'reply_to' => 'John Doe <john@example.com>',
  'to' => 'John Doe <john@example.com>',
  'cc' => 'John Doe <john@example.com>',
  'bcc' => 'John Doe <john@example.com>',
)
John Doe <john@example.com>
John Doe <john@example.com>
John Doe <john@example.com>
 [2008-08-04 21:18 UTC] jani@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

And thanks for the tests. :)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 12:01:59 2014 UTC