php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67396 Stack exhaustion in imap_rfc822_parse_adrlist
Submitted: 2014-06-08 10:36 UTC Modified: 2014-06-10 18:43 UTC
From: mikispag at gmail dot com Assigned:
Status: Wont fix Package: IMAP related
PHP Version: 5.5.13 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mikispag at gmail dot com
New email:
PHP Version: OS:

 

 [2014-06-08 10:36 UTC] mikispag at gmail dot com 
Description:
------------
This is a stack exhaustion in PHP imap_rfc822_parse_adrlist, which calls libc-client rfc822_parse_phrase -> rfc822_parse_word

Test script:
---------------
<?php

imap_rfc822_parse_adrlist(str_repeat("x\n", 200000), "a");

?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-10 18:43 UTC] aharvey@php.net
-Status: Open +Status: Wont fix
 [2014-06-10 18:43 UTC] aharvey@php.net 
I don't think there's much we can do about this one: it's an issue in c-client, and attempting to clamp the input string to prevent this is going to result in madness, since it's going to vary depending on the OS, architecture, stack size, and so on. (See also the various bugs over the years about PCRE recursion.)

If c-client ever provides a non-recursive interface for this, then we can see about reimplementing imap_rfc822_parse_adrlist() to use it, but right now this is a won't fix.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 10:01:29 2024 UTC