php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67396 Stack exhaustion in imap_rfc822_parse_adrlist
Submitted: 2014-06-08 10:36 UTC Modified: 2014-06-10 18:43 UTC
From: mikispag at gmail dot com Assigned:
Status: Wont fix Package: IMAP related
PHP Version: 5.5.13 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
39 + 45 = ?
Subscribe to this entry?

 
 [2014-06-08 10:36 UTC] mikispag at gmail dot com 
Description:
------------
This is a stack exhaustion in PHP imap_rfc822_parse_adrlist, which calls libc-client rfc822_parse_phrase -> rfc822_parse_word

Test script:
---------------
<?php

imap_rfc822_parse_adrlist(str_repeat("x\n", 200000), "a");

?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-06-10 18:43 UTC] aharvey@php.net
-Status: Open +Status: Wont fix
 [2014-06-10 18:43 UTC] aharvey@php.net 
I don't think there's much we can do about this one: it's an issue in c-client, and attempting to clamp the input string to prevent this is going to result in madness, since it's going to vary depending on the OS, architecture, stack size, and so on. (See also the various bugs over the years about PCRE recursion.)

If c-client ever provides a non-recursive interface for this, then we can see about reimplementing imap_rfc822_parse_adrlist() to use it, but right now this is a won't fix.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 05 03:01:29 2024 UTC