PHP :: Bug #67396 :: Stack exhaustion in imap_rfc822_parse

Bug #67396	Stack exhaustion in imap_rfc822_parse_adrlist
Submitted:	2014-06-08 10:36 UTC	Modified:	2014-06-10 18:43 UTC
From:	mikispag at gmail dot com	Assigned:
Status:	Wont fix	Package:	IMAP related
PHP Version:	5.5.13	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2014-06-08 10:36 UTC] mikispag at gmail dot com

Description:
------------
This is a stack exhaustion in PHP imap_rfc822_parse_adrlist, which calls libc-client rfc822_parse_phrase -> rfc822_parse_word

Test script:
---------------
<?php

imap_rfc822_parse_adrlist(str_repeat("x\n", 200000), "a");

?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-06-10 18:43 UTC] aharvey@php.net

-Status: Open +Status: Wont fix

[2014-06-10 18:43 UTC] aharvey@php.net

I don't think there's much we can do about this one: it's an issue in c-client, and attempting to clamp the input string to prevent this is going to result in madness, since it's going to vary depending on the OS, architecture, stack size, and so on. (See also the various bugs over the years about PCRE recursion.)

If c-client ever provides a non-recursive interface for this, then we can see about reimplementing imap_rfc822_parse_adrlist() to use it, but right now this is a won't fix.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Dec 20 22:00:01 2025 UTC