php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #48620 X-PHP-Originating-Script assumes no trailing CRLF in $headers
Submitted: 2009-06-20 17:49 UTC Modified: 2009-06-21 15:30 UTC
From: shahar dot e at zend dot com Assigned:
Status: Closed Package: Mail related
PHP Version: 5.3.0RC4 OS: Mac OS X 10.5
Private report: No CVE-ID:
 [2009-06-20 17:49 UTC] shahar dot e at zend dot com
Description:
------------
It is very possible for a developer to use code like in the attached reproduction code to send an e-mail. However, when mail.add_x_header is On, using this code will cause the X-PHP-Originating-Script to show in the message body instead of as a header. 

This is because mail() assumes the $headers parameter is a string which does not end with a trailing CRLF - while in practice it very well may be (it works well when mail.add_x_header is Off). 




Reproduce code:
---------------
<?php

$headers = array(
	'X-Foo' => 'bar',
	'From' => 'some-guy@example.com',
	'Priority' => 'Urgent'
);

$hdrStr = '';
foreach($headers as $k => $v) {
	$hdrStr .= "$k: $v\r\n";
}

mail('someone-else@example.com', 
     'Testing add_x_header', 
     'This is a test', 
     $hdrStr);


Expected result:
----------------
Mail to look like:
                                                                                                                                                                                                                                                               
To: someone-else@example.com
Subject: Testing add_x_header
X-Foo: bar
From: some-guy@example.com
Priority: Urgent
Date: Sat, 20 Jun 2009 20:37:34 +0300 (IDT)
X-PHP-Originating-Script: 503:mailtest.php

This is a test


Actual result:
--------------
To: someone-else@example.com
Subject: Testing add_x_header
X-Foo: bar
From: some-guy@example.com
Priority: Urgent
Date: Sat, 20 Jun 2009 20:37:34 +0300 (IDT)

X-PHP-Originating-Script: 503:mailtest.php

This is a test



* this is how I receive the e-mail in GMail - perhaps there is some header mangling but you get the point

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-20 19:39 UTC] shahar dot e at zend dot com
I used this patch to fix it (not sure if it's the most suitable way):

--- ext/standard/mail.c.orig    2009-06-20 22:25:10.000000000 +0300
+++ ext/standard/mail.c 2009-06-20 22:29:52.000000000 +0300
@@ -241,7 +241,10 @@
                php_basename(tmp, strlen(tmp), NULL, 0,&f, &f_len TSRMLS_CC);
 
                if (headers != NULL) {
-                       spprintf(&hdr, 0, "%s\r\nX-PHP-Originating-Script: %ld:%s\n", headers, php_getuid(), f);
+                       spprintf(&hdr, 0, "%s%sX-PHP-Originating-Script: %ld:%s\n", 
+                               headers, 
+                               (headers[strlen(headers) - 1] == '\n' ? ""  : "\r\n"),
+                               php_getuid(), f);
                } else {
                        spprintf(&hdr, 0, "X-PHP-Originating-Script: %ld:%s\n", php_getuid(), f);
                }
 [2009-06-21 15:30 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC