diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-06-09 22:11:20 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-06-09 22:11:55 -0700 |
| commit | 3a857b95cea35987aaef93fb08e6e9cbd6c6f483 (patch) | |
| tree | e0f8b44e2b65c8c930dec7be8676aa0c00fcb64c | |
| parent | 2fa226f60dd6f0911795dcc2dc8011f78e7655d9 (diff) | |
| parent | f1ffb4b1ade5dc995d7815786ca7956fff34b440 (diff) | |
| download | php-git-PHP-5.4.42.tar.gz | |
Merge branch 'PHP-5.4' into PHP-5.4.42php-5.4.42PHP-5.4.42
* PHP-5.4:
add NEWS
Fixed bug #68776
fix test
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt | 4 | ||||
| -rw-r--r-- | ext/standard/mail.c | 44 | ||||
| -rw-r--r-- | ext/standard/tests/mail/mail_basic6.phpt | 329 |
4 files changed, 379 insertions, 2 deletions
@@ -12,6 +12,10 @@ PHP NEWS - Litespeed SAPI: . Fixed bug #68812 (Unchecked return value). (George Wang) +- Mail: + . Fixed bug #68776 (mail() does not have mail header injection prevention for + additional headers). (Yasuo) + - Postgres: . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi) diff --git a/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt b/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt index 75004e2a74..e0d0923642 100644 --- a/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt +++ b/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt @@ -15,9 +15,9 @@ $result = $doc->loadHTMLFile(""); assert('$result === false'); $doc = new DOMDocument(); $result = $doc->loadHTMLFile("text.html\0something"); -assert('$result === null'); +assert('$result === false'); ?> --EXPECTF-- %r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile(): Empty string supplied as input %s -%r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile() expects parameter 1 to be a valid path, string given %s +%r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile(): Invalid file source %s diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 1ebc8fecb7..448013a472 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -221,6 +221,44 @@ void php_mail_log_to_file(char *filename, char *message, size_t message_size TSR } +static int php_mail_detect_multiple_crlf(char *hdr) { + /* This function detects multiple/malformed multiple newlines. */ + size_t len; + + if (!hdr) { + return 0; + } + + /* Should not have any newlines at the beginning. */ + /* RFC 2822 2.2. Header Fields */ + if (*hdr < 33 || *hdr > 126 || *hdr == ':') { + return 1; + } + + while(*hdr) { + if (*hdr == '\r') { + if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) { + /* Malformed or multiple newlines. */ + return 1; + } else { + hdr += 2; + } + } else if (*hdr == '\n') { + if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') { + /* Malformed or multiple newlines. */ + return 1; + } else { + hdr += 2; + } + } else { + hdr++; + } + } + + return 0; +} + + /* {{{ php_mail */ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char *extra_cmd TSRMLS_DC) @@ -266,6 +304,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char efree(tmp); } + if (PG(mail_x_header)) { const char *tmp = zend_get_executed_filename(TSRMLS_C); char *f; @@ -281,6 +320,11 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char efree(f); } + if (hdr && php_mail_detect_multiple_crlf(hdr)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Multiple or malformed newlines found in additional_header"); + MAIL_RET(0); + } + if (!sendmail_path) { #if (defined PHP_WIN32 || defined NETWARE) /* handle old style win smtp sending */ diff --git a/ext/standard/tests/mail/mail_basic6.phpt b/ext/standard/tests/mail/mail_basic6.phpt new file mode 100644 index 0000000000..d0d45b78f3 --- /dev/null +++ b/ext/standard/tests/mail/mail_basic6.phpt @@ -0,0 +1,329 @@ +--TEST-- +Test mail() function : basic functionality +--INI-- +sendmail_path=tee mailBasic.out >/dev/null +mail.add_x_header = Off +--SKIPIF-- +<?php +if(substr(PHP_OS, 0, 3) == "WIN") + die("skip Won't run on Windows"); +?> +--FILE-- +<?php +/* Prototype : int mail(string to, string subject, string message [, string additional_headers [, string additional_parameters]]) + * Description: Send an email message with invalid addtional_headers + * Source code: ext/standard/mail.c + * Alias to functions: + */ + +echo "*** Testing mail() : basic functionality ***\n"; + + +// Valid header +$to = 'user@example.com'; +$subject = 'Test Subject'; +$message = 'A Message'; +$additional_headers = "HEAD1: a\r\nHEAD2: b\r\n"; +$outFile = "mailBasic.out"; +@unlink($outFile); + +echo "-- Valid Header --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo file_get_contents($outFile); +unlink($outFile); + +// Valid header +$additional_headers = "HEAD1: a\nHEAD2: b\n"; +@unlink($outFile); + +echo "-- Valid Header --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Valid header +// \r is accepted as valid. This may be changed to invalid. +$additional_headers = "HEAD1: a\rHEAD2: b\r"; +@unlink($outFile); + +echo "-- Valid Header --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +//=============================================================================== +// Invalid header +$additional_headers = "\nHEAD1: a\nHEAD2: b\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\rHEAD1: a\nHEAD2: b\r"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\r\nHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\r\n\r\nHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\n\nHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "\r\rHEAD1: a\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - preceeding newline--\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\r\n\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\r\n\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\n\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\r\rHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\n\rHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +$additional_headers = "HEAD1: a\n\r\nHEAD2: b\r\n"; +@unlink($outFile); + +echo "-- Invalid Header - multiple newlines in the middle --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\r\n\n"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\n\n"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\n"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +// Invalid header +// Invalid, but PHP_FUNCTION(mail) trims newlines +$additional_headers = "HEAD1: a\r\nHEAD2: b\r"; +@unlink($outFile); + +echo "-- Invalid Header - trailing newlines --\n"; +// Calling mail() with all additional headers +var_dump( mail($to, $subject, $message, $additional_headers) ); +echo @file_get_contents($outFile); +@unlink($outFile); + +?> +===DONE=== +--EXPECTF-- +*** Testing mail() : basic functionality *** +-- Valid Header -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Valid Header -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Valid Header -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a
HEAD2: b + +A Message +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - preceeding newline-- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - multiple newlines in the middle -- + +Warning: mail(): Multiple or malformed newlines found in additional_header in %s/mail_basic6.php on line %d +bool(false) +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +-- Invalid Header - trailing newlines -- +bool(true) +To: user@example.com +Subject: Test Subject +HEAD1: a +HEAD2: b + +A Message +===DONE=== |