diff options
author | Stefan Esser <sesser@php.net> | 2002-06-13 18:54:45 +0000 |
---|---|---|
committer | Stefan Esser <sesser@php.net> | 2002-06-13 18:54:45 +0000 |
commit | 2eb859842b1a3931b0930c013ccce2baa6a77921 (patch) | |
tree | c1ff46138beb5965aa7cb27f2cbbba69d52c104f | |
parent | cf4002fd58c801a12aabd87067b1282679e3f7ea (diff) | |
download | php-git-2eb859842b1a3931b0930c013ccce2baa6a77921.tar.gz |
Fixed: possible bufferunderrun (worst case == invalid free bytes counter)
Fixed: isXXXX macros need (unsigned char) cast
Fixed: bug#17746 - control chars are now filtered within "to" and "subject" parameters
-rw-r--r-- | ext/standard/mail.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 4aae220074..74d4178607 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -70,7 +70,7 @@ PHP_FUNCTION(ezmlm_hash) PHP_FUNCTION(mail) { char *to=NULL, *message=NULL, *headers=NULL, *subject=NULL, *extra_cmd=NULL; - int to_len,message_len,headers_len,subject_len,extra_cmd_len; + int to_len,message_len,headers_len,subject_len,extra_cmd_len,i; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sss|ss", @@ -83,14 +83,22 @@ PHP_FUNCTION(mail) return; } - for(to_len--;to_len;to_len--) { - if(!isspace(to[to_len]))break; - to[to_len]='\0'; + if (to_len > 0) { + for(to_len--;to_len;to_len--) { + if(!isspace((unsigned char)to[to_len]))break; + to[to_len]='\0'; + } + for(i=0;!iscntrl((unsigned char)to[i]);i++) {} + to[i]='\0'; } - for(subject_len--;subject_len;subject_len--) { - if(!isspace(subject[subject_len]))break; - subject[subject_len]='\0'; + if (subject_len > 0) { + for(subject_len--;subject_len;subject_len--) { + if(!isspace((unsigned char)subject[subject_len]))break; + subject[subject_len]='\0'; + } + for(i=0;!iscntrl((unsigned char)subject[i]);i++) {} + subject[i]='\0'; } if(extra_cmd) |