PHP :: Bug #80203 :: imap_mime_header_decode() is not binary safe

Bug #80203

imap_mime_header_decode() is not binary safe

Submitted:

2020-10-08 12:00 UTC

Modified:

2020-10-19 15:52 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

cmb@php.net

Assigned:

Status:

Open

Package:

IMAP related

PHP Version:

7.3Git-2020-10-08 (Git)

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cmb@php.net
New email:
PHP Version:		OS:

New Comment:

[2020-10-08 12:00 UTC] cmb@php.net

Description:
------------
If NUL bytes are encoded in the encoded-word, the decoded text
is truncated at that position.

Test script:
---------------
<?php
var_dump(bin2hex(imap_mime_header_decode("=?UTF-8?Q?foo=00bar?=")[0]->text));
var_dump(bin2hex(imap_mime_header_decode("=?UTF-8?B?Zm9vAGJhcg==?=")[0]->text));
?>


Expected result:
----------------
string(14) "666f6f00626172"
string(14) "666f6f00626172"


Actual result:
--------------
string(6) "666f6f"
string(6) "666f6f"

Patches

Add a Patch

Pull Requests

Pull requests:

Fix #80203: imap_mime_header_decode() is not binary safe (php-src/6301)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-10-08 12:00 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2020-10-08 12:19 UTC] cmb@php.net

The following pull request has been associated:

Patch Name: Fix #80203: imap_mime_header_decode() is not binary safe
On GitHub:  https://github.com/php/php-src/pull/6301
Patch:      https://github.com/php/php-src/pull/6301.patch

[2020-10-19 08:09 UTC] cmb@php.net

Related To: Bug #80201

[2020-10-19 15:52 UTC] cmb@php.net

-Status: Assigned +Status: Open -Assigned To: cmb +Assigned To:

[2020-10-19 15:52 UTC] cmb@php.net

It appears there are several more places where the IMAP extension
is not binary safe.  Fixing this piecemeal doesn't look right, but
I won't have time for a full review now.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Wed May 31 16:03:37 2023 UTC