|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55336 mail() function is not thread safe for Windows builds
Submitted: 2011-08-01 11:50 UTC Modified: 2017-10-24 07:35 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (100.0%)
From: grabli_2005 at mail dot ru Assigned:
Status: Open Package: Network related
PHP Version: 5.4.0alpha2 OS: Windows
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-08-01 11:50 UTC] grabli_2005 at mail dot ru
win32\sendmail.c contans static variables and not thread safe.

Test script:
It`s not so easy to write test script, because of multithreading and needs of test SMTP server.

Expected result:
mail() funtion should be thread safe.
I`ve found this bug years ago. I`ve re-write sendmail.c to not use global variables for php 5.3.0.
Also I make it compilable for nix build, so mail() may not start heavy sendmail process and connect directly to local SMTP.
You can get this versions here

Actual result:
mail() fountion is not thread safe.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-01 12:02 UTC] grabli_2005 at mail dot ru
-Summary: mail() fountion is not thread safe for Windows builds +Summary: mail() function is not thread safe for Windows builds
 [2011-08-01 12:02 UTC] grabli_2005 at mail dot ru
fixed typo in title
 [2011-08-01 12:55 UTC]
-Status: Open +Status: Feedback
 [2011-08-01 12:55 UTC]
Please provide a patch against 5.3 and 5.4.

Also I'm not sure about your statement.
 [2011-08-01 13:40 UTC] grabli_2005 at mail dot ru
I`ve provide this patches as reference only, not as product quality code replacement.
The only difference that I note since 5.3.0 is FormatEmailAddress function, that omits <> around emails.

You can check my statment:
look at /ext/standard/mail.c function php_mail
Here nix path: 	sendmail = popen(sendmail_cmd, "w");
Here win32 path: if (TSendMail(INI_STR("SMTP"), &tsm_err, &tsm_errmsg, hdr, subject, to, message, NULL, NULL, NULL TSRMLS_CC) == FAILURE) {

TSendMail located in win32\sendmail.c
here global variables:

char Buffer[MAIL_BUFFER_SIZE];

/* socket related data */
#ifndef NETWARE
struct hostent *adr;
int WinsockStarted;
/* values set by the constructor */
char *AppName;
#endif	/* NETWARE */
SOCKADDR_IN sock_in;
char MailHost[HOST_NAME_LEN];
char LocalHost[HOST_NAME_LEN];

It`s placed under #ifndef THREAD_SAFE, but THREAD_SAFE not defined anywhere even when compile with ZTS. More often _THREAD_SAFE used around the code.
If you define THREAD_SAFE it`s break sendmail.c compilation, because rest of code uses this variables without any define switch.

You can simply debug or place debug printf() in TSendMail and see that this code executed and uses global variables.

win32\time.c have same issue.
 [2011-08-03 18:20 UTC] grabli_2005 at mail dot ru
-Status: Feedback +Status: Open
 [2011-08-03 18:20 UTC] grabli_2005 at mail dot ru
switch status to open, see details in previous comment
 [2011-08-22 14:51 UTC]
Have you encountered any issues specific to this finding? I suppose we could make a new globals, like PW32G for SendMail and stash the variables in there.
 [2011-08-28 20:16 UTC] grabli_2005 at mail dot ru
Yep, I`ve got buffer corruption and socket leak under threading.
There no need of TSRM code, socket handle and buffer can be allocated on stack, it`s not so big (4kb).
 [2011-08-28 21:29 UTC]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: pajoye
 [2011-08-28 21:29 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Would rock if you can provide one.
 [2011-08-30 20:50 UTC] grabli_2005 at mail dot ru
-Status: Feedback +Status: Assigned
 [2011-08-30 20:50 UTC] grabli_2005 at mail dot ru
Link you provide is for crash-point backtrace. Read cearfully - it`s not crashed, it`s not thread safe.
Problem function - win32\sendmail.c->TSendMail (with subfunctions) which uses global variables without any locking.
Also I can`t change status back to "Open", only avalable options for now is assigned and closed.
 [2017-10-24 07:35 UTC]
-Status: Assigned +Status: Open -Assigned To: pajoye +Assigned To:
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC