php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50977 imap_headerinfo Address buffer overflow
Submitted: 2010-02-09 19:00 UTC Modified: 2013-02-18 00:34 UTC
Votes:30
Avg. Score:4.7 ± 0.6
Reproduced:27 of 28 (96.4%)
Same Version:9 (33.3%)
Same OS:12 (44.4%)
From: lokitek at gmail dot com Assigned:
Status: No Feedback Package: IMAP related
PHP Version: 5.2.12 OS: CentOS 5.4
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-02-09 19:00 UTC] lokitek at gmail dot com
Description:
------------
While using the imap_headerinfo() function to obtain information about emails that I check via IMAP, I noticed that PHP complained about imap_headerinfo() Address buffer overflow.
A bit of investigation revealed that a spam message containing 500+ CC email addresses caused this issue.

Reproduce code:
---------------
// Send an email with 500+ CCd users. then use imap_headerinfo() to // obtain all header information.
// [from doc]
$mBox = imap_open("{host:143/imap/novalidate-cert}INBOX}", $username, $password); // open as imap
$header = imap_header($mBox, 1); // get first mails header

// imap_headerinfo() will crash with the following error:
// PHP Fatal error:  imap_headerinfo(): Address buffer overflow



Expected result:
----------------
I expect to information about the given message number by reading its headers and returned in an object format

Actual result:
--------------
PHP Fatal error:  imap_headerinfo(): Address buffer overflow

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-09 19:06 UTC] pajoye@php.net
Which imap version do you use?
 [2010-02-10 00:12 UTC] lokitek at gmail dot com
I don't think that it makes a huge difference, but I just realized that I'm on php-5.2.11 and using php-imap-5.2.11

If this isn't what you're after, just let me know and I can do a bit of debugging all around.

Thanks!
 [2010-02-10 00:16 UTC] pajoye@php.net
I'm not asking which PHP version you use (try 5.2.12, instead of 5.2.11) but which c-client library you use. c-client is the imap library used by the php imap extension.
 [2010-02-10 16:06 UTC] lokitek at gmail dot com
The c-client library is:
libc-client 2004g-2.2.1 

2004 sounds somewhat old, should I try to find an upgrade for it?
 [2010-02-10 16:24 UTC] pajoye@php.net
Yes, or you may drop centos as well, known to have outdated versions of everything. Please let us know if it still happens once you have a decent version if c-client.
 [2010-02-10 20:26 UTC] lokitek at gmail dot com
drop centOS isn't all that easy - What would you recommend instead? ;)

I'll update c-client and will let you know.
Thanks!
 [2010-02-20 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-25 20:06 UTC] felipe@php.net
-Status: No Feedback +Status: Feedback
 [2010-04-25 20:06 UTC] felipe@php.net
Any news?
 [2010-11-01 11:54 UTC] paul at fubra dot com
I'm also experiencing this error with CentOS release 5.3 (Final).

yum list libc-client

libc-client.i386 2004g-2.2.1
 [2010-11-07 21:25 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2011-09-12 15:56 UTC] jeremy at thomersonfamily dot com
Although the OP never responded with a backtrace, it seems fairly easy to reproduce.  I'm seeing it when I receive a message that has around 560 recipients in the "TO" field.  If you are not able to easily reproduce it with that info, please reply to this thread and I'll provide additional debugging information.
 [2013-02-18 00:34 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-04-16 09:27 UTC] rakesh at vivaconnect dot co
I experienced this bug today with php-imap 5.4.13-1.el5 on Centos 5. The package was installed via Remi repository.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 09:02:29 2014 UTC