php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70145 From field incorrectly parsed from headers
Submitted: 2015-07-27 00:43 UTC Modified: 2015-07-27 13:43 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mberchtold at gmail dot com Assigned: cmb
Status: Closed Package: Mail related
PHP Version: 7.0.0beta2 OS: Windows
Private report: No CVE-ID:
 [2015-07-27 00:43 UTC] mberchtold at gmail dot com
Description:
------------
the mail function incorrectly parses the From field from the headers.

For example the when passing the following headers:
$headers = "DKIM-Signature: v=1; a=rsa-sha1; bh=ZOokPFyLIFHFdZq7e/+JaJ+LVDI=; c=relaxed; d=test.com; h=from:to:subject; s=mail;
Date: Mon, 27 Jul 2015 00:24:55 +0000
From: =?UTF-8?Q?test?= <sales@test.com>
To: mb@test.com";

the mail function fails and logs the following warning:
PHP Warning:  mail(): &quot;sendmail_from&quot; not set in php.ini or custom &quot;From:&quot; header missing in test.php on line 1

The problem seems to be that the mail implementation is confused by the extra from in the first header:
 h=from:to:subject; s=mail; 


Test script:
---------------
// reproduces the bug
mail("mb@test.com", "subject", "message1", "DKIM-Signature: v=1; a=rsa-sha1; bh=ZOokPFyLIFHFdZq7e/+JaJ+LVDI=; c=relaxed; d=test.com; h=from:to:subject; s=mail; 
Date: Mon, 27 Jul 2015 00:24:55 +0000
From: =?UTF-8?Q?test?= <sales@test.com>
To: mb@test.com");

// does not reproduce the bug
mail("mb@test.com", "subject", "message1", "DKIM-Signature: v=1; a=rsa-sha1; bh=ZOokPFyLIFHFdZq7e/+JaJ+LVDI=; c=relaxed; d=test.com;
Date: Mon, 27 Jul 2015 00:24:55 +0000
From: =?UTF-8?Q?test?= <sales@test.com>
To: mb@test.com");


Expected result:
----------------
no warning

Actual result:
--------------
PHP Warning:  mail(): &quot;sendmail_from&quot; not set in php.ini or custom &quot;From:&quot; header missing in test.php on line 1


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-27 00:49 UTC] mberchtold at gmail dot com
The bug is here:
https://github.com/php/php-src/blob/master/win32/sendmail.c#L245

	} else if (	headers_lc &&
				(pos1 = strstr(headers_lc->val, "from:")) &&
				((pos1 == headers_lc->val) || (*(pos1-1) == '\n'))
	) {
 [2015-07-27 13:02 UTC] cmb@php.net
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: cmb
 [2015-07-27 13:02 UTC] cmb@php.net
Indeed, the algorithm is too limited. We'd need to loop over
headers_lc looking for additional potetential From header fields.
 [2015-08-19 09:08 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0562ec85df659dc3675ca26bec102b30ab25329d
Log: Fix bug #70145 From field incorrectly parsed from headers
 [2015-08-19 09:08 UTC] ab@php.net
-Status: Analyzed +Status: Closed
 [2015-09-03 18:10 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0562ec85df659dc3675ca26bec102b30ab25329d
Log: Fix bug #70145 From field incorrectly parsed from headers
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0562ec85df659dc3675ca26bec102b30ab25329d
Log: Fix bug #70145 From field incorrectly parsed from headers
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC