PHP :: Bug #80203 :: imap_mime_header_decode() is not binary safe

Bug #80203

imap_mime_header_decode() is not binary safe

Submitted:

2020-10-08 12:00 UTC

Modified:

2020-10-19 15:52 UTC

Votes:	2
Avg. Score:	4.5 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

cmb@php.net

Assigned:

Status:

Open

Package:

IMAP related

PHP Version:

7.3Git-2020-10-08 (Git)

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2020-10-08 12:00 UTC] cmb@php.net

Description:
------------
If NUL bytes are encoded in the encoded-word, the decoded text
is truncated at that position.

Test script:
---------------
<?php
var_dump(bin2hex(imap_mime_header_decode("=?UTF-8?Q?foo=00bar?=")[0]->text));
var_dump(bin2hex(imap_mime_header_decode("=?UTF-8?B?Zm9vAGJhcg==?=")[0]->text));
?>


Expected result:
----------------
string(14) "666f6f00626172"
string(14) "666f6f00626172"


Actual result:
--------------
string(6) "666f6f"
string(6) "666f6f"

Patches

Pull Requests

Pull requests:

Fix #80203: imap_mime_header_decode() is not binary safe (php-src/6301)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-10-08 12:00 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2020-10-08 12:19 UTC] cmb@php.net

The following pull request has been associated:

Patch Name: Fix #80203: imap_mime_header_decode() is not binary safe
On GitHub:  https://github.com/php/php-src/pull/6301
Patch:      https://github.com/php/php-src/pull/6301.patch

[2020-10-19 08:09 UTC] cmb@php.net

Related To: Bug #80201

[2020-10-19 15:52 UTC] cmb@php.net

-Status: Assigned +Status: Open -Assigned To: cmb +Assigned To:

[2020-10-19 15:52 UTC] cmb@php.net

It appears there are several more places where the IMAP extension
is not binary safe.  Fixing this piecemeal doesn't look right, but
I won't have time for a full review now.

[2023-05-31 17:41 UTC] stevesmith22 at aol dot com

(https://www.psucollegian.com/studentreviews/how-to-renew-passport-online/article_079279bc-01ef-11ed-9921-cb5b6a07263a.html)github.com

(https://www.psucollegian.com/studentreviews/pretty-litter-review/article_52fd99fe-01f4-11ed-8663-af0fd7de4d76.html)github.com

(https://www.psucollegian.com/studentreviews/spoton-virtual-smart-fence-review/article_b1c7451a-01fa-11ed-b288-736fe38b782e.html)github.com

(https://www.psucollegian.com/studentreviews/best-lost-passport-replacement-service/article_08b3455a-02e0-11ed-a606-2b660b871f4d.html)github.com

(https://www.psucollegian.com/studentreviews/frizzlife-water-filter-review/article_27c8b6c2-02e6-11ed-b1f9-430cafcbac67.html)github.com

(https://www.psucollegian.com/studentreviews/seed-probiotics-review/article_7ffdbdec-06c4-11ed-b851-4b3d7b8d1584.html)github.com

(https://www.psucollegian.com/studentreviews/best-tyent-water-ionizer-reviews/article_c6c238d8-06ca-11ed-acb9-0736fca20ca2.html)github.com

(https://www.psucollegian.com/studentreviews/halo-collar-wireless-dog-fence-review/article_e2faf842-06d3-11ed-9d8d-735aa47a36f7.html)github.com

(https://www.psucollegian.com/studentreviews/halo-collar-vs-spoton-collar-reviews/article_728bad1c-06d9-11ed-a793-83139a016ab3.html)github.com

(https://www.psucollegian.com/studentreviews/k9-training-institute-review/article_dff182ec-0921-11ed-97ab-27ba1846257c.html)github.com

(https://www.psucollegian.com/studentreviews/k9-training-institute-review/article_dff182ec-0921-11ed-97ab-27ba1846257c.html)github.com

(https://www.psucollegian.com/studentreviews/best-cyber-insurance-companies-for-cyber-liability-protection/article_d6650d3a-0db7-11ed-bc87-634b377be8c0.html)github.com

(https://www.psucollegian.com/studentreviews/best-cincinnati-seo-companies-consultants-local-experts-reviewed/article_3906d466-11b2-11ed-a065-cb791dcbefdc.html)github.com

(https://www.psucollegian.com/studentreviews/hydroviv-water-filter-review-shark-tank/article_a11d4c72-11b4-11ed-abf3-87d977da2799.html)github.com


(https://www.psucollegian.com/studentreviews/best-gps-dog-collar-and-wireless-fence/article_e485ff58-1caa-11ed-99c7-c7d3cbf7e649.html)github.com

(https://www.psucollegian.com/studentreviews/best-smart-dog-collars-and-gps-trackers-reviewed/article_5b38501c-2307-11ed-9dd7-2b6587d884e3.html)github.com

(https://www.psucollegian.com/studentreviews/best-wireless-dog-fence-collars-reviewed/article_7e0dd914-24aa-11ed-b2cf-a3c2f071979a.html)github.com

(https://www.psucollegian.com/studentreviews/dyper-review-bamboo-disposable-diaper-subscription/article_4807d6fe-255d-11ed-847c-d7728507cee3.html)github.com

(https://www.psucollegian.com/studentreviews/embr-wave-2-review-cooling-bracelet/article_c981fe86-2584-11ed-a34b-6f12544c6e5f.html)github.com

(https://www.psucollegian.com/studentreviews/total-transformation-masterclass-review-by-k9-training-institute/article_bc4549cc-2abf-11ed-a8cf-a7afcaf4ca4f.html)github.com

(https://www.psucollegian.com/furtheringeducation/best-gold-ira-companies-for-rollovers/article_7f3ae5c6-2ee5-11ed-8f69-cba677c82fc1.html)github.com

(https://www.psucollegian.com/studentreviews/erc-employee-retention-credit/article_b64976ec-328f-11ed-b5d9-ef4b18546201.html)github.com

(https://www.psucollegian.com/furtheringeducation/truck-dispatch-training-courses/article_38f2f3f0-351c-11ed-8a59-23b1bc5901a1.html)github.com

(https://www.psucollegian.com/furtheringeducation/online-truck-dispatch-training-course/article_ed23e282-35d8-11ed-bc5e-cfbf09e2b59c.html)github.com

(https://www.psucollegian.com/furtheringeducation/gold-ira-rollover/article_bfe7aa74-3a6a-11ed-aeca-f331017d2862.html)github.com

(https://www.psucollegian.com/furtheringeducation/goldco-review/article_c53f7892-3850-11ed-b178-1f69856a9c5b.html)github.com

(https://www.psucollegian.com/studentreviews/best-minecraft-server-hosting-services/article_c2539778-3b87-11ed-a222-1f16ce0a910a.html)github.com

(https://www.psucollegian.com/studentreviews/bad-dog-behavior-issues-and-solutions/article_e99a4676-4594-11ed-836f-57e72788ec34.html)github.com

(https://www.psucollegian.com/studentreviews/apex-minecraft-hosting-review/article_ff7d85d2-45a5-11ed-a8b2-6f9b64205a9f.html)github.com

(https://www.psucollegian.com/studentreviews/dentitox-pro-review/article_04877a8c-45a2-11ed-af64-cb0a37d5267f.html)github.com

(https://www.psucollegian.com/studentreviews/madison-hair-color-reviews/article_d51a7854-48a2-11ed-a060-4b36ec8328d9.html)github.com

(https://www.psucollegian.com/studentreviews/best-portable-dog-fence-for-camping/article_9c537372-4e29-11ed-830c-1bb4351b94d5.html)github.com

(https://www.psucollegian.com/studentreviews/best-dog-training-collars/article_becbe4ca-4e56-11ed-9eec-bbc2ca6fef71.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-stop-dog-from-biting/article_fcf9305c-6762-11ed-ae1d-2fa46e6f55ef.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-stop-my-dog-from-pulling-on-leash/article_de885f54-69aa-11ed-a684-ffa4f62861c7.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-get-your-dog-to-stop-barking/article_a8aaae3e-69ad-11ed-946d-777adc90dc29.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-train-your-dog/article_8878d430-69dd-11ed-93b1-db37ab392de5.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-teach-a-dog-to-come-when-called/article_746a5122-69e6-11ed-ba8c-07891ff5784c.html)github.com

(https://www.psucollegian.com/studentreviews/best-gold-investment-companies/article_e4588490-77f6-11ed-86c4-57f60840cc98.html)github.com

(https://www.psucollegian.com/studentreviews/best-silver-ira-companies/article_c2bb9f36-724a-11ed-ab80-e78be0f4080b.html)github.com

(https://www.psucollegian.com/studentreviews/best-precious-metals-ira-companies/article_83c8e636-813f-11ed-a2d3-b3dbf32a83d2.html)github.com

(https://www.psucollegian.com/studentreviews/augusta-precious-metals-review/article_c4aef554-6ccd-11ed-ade7-d79085458468.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-move-401k-to-gold-ira/article_bde55ada-8ad0-11ed-95c8-b30a77c15cff.html)github.com

(https://www.psucollegian.com/studentreviews/trainpetdog-review/article_9154e5e4-8b98-11ed-b11e-c3f5ed2fd86e.html)github.com

(https://www.psucollegian.com/studentreviews/best-entry-level-jobs/article_1badfa0e-8b63-11ed-81e2-7fbbf939b57d.html)github.com

(https://www.psucollegian.com/studentreviews/best-applicant-tracking-system/article_ac34c8bc-8b7e-11ed-9197-ff2c3c2ce932.html)github.com

(https://www.psucollegian.com/studentreviews/best-online-eyelash-extension-course/article_73dcfabc-86dc-11ed-a386-b78a6a9b8e31.html)github.com

(https://www.psucollegian.com/studentreviews/how-to-convert-your-401k-to-physical-gold/article_1e969a82-8dcf-11ed-b585-2307405478bc.html)github.com

(https://www.psucollegian.com/studentreviews/best-water-softener/article_27e1b068-9374-11ed-bf1d-cf64b0c0fd1c.html)github.com

(https://www.psucollegian.com/studentreviews/spiritdog-training-review/article_ef944a2e-9371-11ed-aa33-b72554773ae1.html)github.com

(https://www.psucollegian.com/studentreviews/401k-to-gold-ira-rollover-guide/article_f9d262a8-a3db-11ed-b73e-d789b9cac13a.html)github.com

(https://www.psucollegian.com/studentreviews/best-chamber-vacuum-sealers/article_b16c6662-b6af-11ed-8182-3f77c5ff89b9.html)github.com

(https://www.psucollegian.com/studentreviews/best-automatic-self-cleaning-litter-boxes/article_fbfa7a1c-bc3a-11ed-8771-63d82f8f341d.html)github.com

(https://www.psucollegian.com/studentreviews/best-barber-chairs-for-sale/article_3dd6a3b4-be90-11ed-af93-bbc4cc8888fe.html)github.com

(https://www.psucollegian.com/studentreviews/red-rock-secured-review/article_4e69a3a0-c441-11ed-af29-8fff2556d055.html)github.com

(https://www.psucollegian.com/studentreviews/buy-instagram-likes/article_c66b4e8c-c1b5-11ed-9484-03a9827c7fe0.html)github.com

(https://www.psucollegian.com/studentreviews/buy-instagram-followers/article_0ea6f4da-c1b6-11ed-8ea2-ff5fb1215112.html)github.com

(https://www.psucollegian.com/studentreviews/best-food-truck-generators/article_e36c8ec8-c82d-11ed-9008-a3c36a82fd33.html)github.com

(https://www.psucollegian.com/studentreviews/home-storage-gold-ira/article_17f67eb4-c82a-11ed-bd19-8760545d9233.html)github.com

(https://www.psucollegian.com/studentreviews/best-bidet-converter-kits/article_1b9df91e-c827-11ed-a428-a7fa974dc7de.html)github.com

(https://www.psucollegian.com/studentreviews/electronic-message-centers/article_d869653a-ca5f-11ed-9ef7-27fb06a94e8f.html)github.com

(https://www.psucollegian.com/studentreviews/best-laptop-for-working-from-home/article_1ff2e8ae-c9bb-11ed-bc90-8b4c90ac6ded.html)github.com

(https://www.psucollegian.com/studentreviews/expanded-metal/article_9bd37666-d008-11ed-9091-eb25363eb679.html)github.com

(https://www.psucollegian.com/studentreviews/convert-ira-to-gold/article_09218222-eaac-11ed-8326-1f8b4e775b2a.html)github.com

(https://www.psucollegian.com/studentreviews/gold-ira-investing-guide/article_443d8d50-eabc-11ed-aa2a-530e05daeac9.html)github.com

(https://www.psucollegian.com/studentreviews/gold-ira-a-good-investment/article_3933696a-eb85-11ed-9539-df145c82bebc.html)github.com

(https://www.psucollegian.com/studentreviews/nclex-practice-questions/article_700e1bf0-ef46-11ed-b840-ff782003c11a.html)github.com

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Apr 01 00:01:30 2025 UTC