php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81422 Potential double-free in mailparse_uudecode_all()
Submitted: 2021-09-07 09:42 UTC Modified: 2021-09-07 09:42 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: mailparse (PECL)
PHP Version: 7.4Git-2021-09-07 (Git) OS: *
Private report: No CVE-ID: None
 [2021-09-07 09:42 UTC] cmb@php.net
Description:
------------
When there are multiple uuencoded parts in the file processed by
mailparse_uudecode_all(), the outpath of the main file is released
multiple times which can result in a double-free, possibly
resulting in a segfault.


Test script:
---------------
<?php
$data = <<<'EOD'
begin 644 foo
`
end

begin 644 bar
`
end

EOD;
$stream = fopen('php://memory', 'w+');
fwrite($stream, $data);
rewind($stream);
$parsed = mailparse_uudecode_all($stream);
var_dump(count($parsed));
?>


Expected result:
----------------
int(3)

Actual result:
--------------
segfault

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-07 09:42 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2021-09-07 09:52 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #81422: Potential double-free in mailparse_uudecode_all()
On GitHub:  https://github.com/php/pecl-mail-mailparse/pull/17
Patch:      https://github.com/php/pecl-mail-mailparse/pull/17.patch
 [2021-09-07 10:20 UTC] git@php.net
Automatic comment on behalf of cmb69
Revision: https://github.com/php/pecl-mail-mailparse/commit/7fe7a0316f7bc0c9111d00a2c916d87b3db47d0f
Log: Fix #81422: Potential double-free in mailparse_uudecode_all()
 [2021-09-07 10:20 UTC] git@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 19 10:03:36 2021 UTC