php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73203 passing additional_parameters causes mail to fail
Submitted: 2016-09-29 20:46 UTC Modified: 2016-09-30 10:28 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mberchtold at gmail dot com Assigned: cmb
Status: Closed Package: Mail related
PHP Version: 7.1.0RC3 OS: Windows
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mberchtold at gmail dot com
New email:
PHP Version: OS:

 

 [2016-09-29 20:46 UTC] mberchtold at gmail dot com
Description:
------------
Problem
=======
mail throws this fatal error if an additional_parameters (even if it is an empty string) is passed to the function:
PHP Fatal error:  mail(): Escaped command exceeds the allowed length of 8192 bytes

Cause
=====
In the mail function, the extra_cmd is escaped with php_escape_shell_cmd:
https://github.com/php/php-src/blob/master/ext/standard/mail.c#L374

This is incorrect if the string is not passed to an executable. This is the case on Windows when SMTP is used (php.ini: mail.SMTP).

Solution
========
The additional_parameters argument should be ignored (and therefore not be escaped) if it is not used (not passed to a shell command). 

Also there seems to be another bug where php_escape_shell_cmd fails if an empty string is passed.

Test script:
---------------
mail("test@test.com", "subject", "message", "From: lala@test.com", "");

Actual result:
--------------
PHP Fatal error:  mail(): Escaped command exceeds the allowed length of 8192 bytes

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-30 08:21 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2016-09-30 08:21 UTC] cmb@php.net
Indeed, if $additional_parameters is empty an unsigned underflow
occurs, causing this error message.
 [2016-09-30 08:29 UTC] yohgaki@php.net
@cmd Are you working on this? Please don't forget to update PHP_FUNCTION(mb_send_mail), if you modify PHP_FUNCTION(mail).
If you are not working on this, I'll.
 [2016-09-30 08:37 UTC] cmb@php.net
Yes, I'm already working on this. Actually, mail() isn't the
issue, but rather php_escape_shell_cmd() which always fails when
called with an empty string. escapeshellcmd() doesn't call
php_escape_shell_cmd() when invoked with an empty string, but I
think we should fix php_escape_shell_cmd(), because it is PHP_API.
 [2016-09-30 09:56 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e72165bb86aec6fc51dcb4d8d715e18be912ab67
Log: Fix #73203: passing additional_parameters causes mail to fail
 [2016-09-30 09:56 UTC] cmb@php.net
-Status: Verified +Status: Closed
 [2016-09-30 10:28 UTC] yohgaki@php.net
I agree. Your fix is the way to go.
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e72165bb86aec6fc51dcb4d8d715e18be912ab67
Log: Fix #73203: passing additional_parameters causes mail to fail
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Jul 25 00:01:37 2017 UTC