diff options
Diffstat (limited to 'ext/standard/mail.c')
-rw-r--r-- | ext/standard/mail.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 1ebc8fecb7..448013a472 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -221,6 +221,44 @@ void php_mail_log_to_file(char *filename, char *message, size_t message_size TSR } +static int php_mail_detect_multiple_crlf(char *hdr) { + /* This function detects multiple/malformed multiple newlines. */ + size_t len; + + if (!hdr) { + return 0; + } + + /* Should not have any newlines at the beginning. */ + /* RFC 2822 2.2. Header Fields */ + if (*hdr < 33 || *hdr > 126 || *hdr == ':') { + return 1; + } + + while(*hdr) { + if (*hdr == '\r') { + if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) { + /* Malformed or multiple newlines. */ + return 1; + } else { + hdr += 2; + } + } else if (*hdr == '\n') { + if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') { + /* Malformed or multiple newlines. */ + return 1; + } else { + hdr += 2; + } + } else { + hdr++; + } + } + + return 0; +} + + /* {{{ php_mail */ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char *extra_cmd TSRMLS_DC) @@ -266,6 +304,7 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char efree(tmp); } + if (PG(mail_x_header)) { const char *tmp = zend_get_executed_filename(TSRMLS_C); char *f; @@ -281,6 +320,11 @@ PHPAPI int php_mail(char *to, char *subject, char *message, char *headers, char efree(f); } + if (hdr && php_mail_detect_multiple_crlf(hdr)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Multiple or malformed newlines found in additional_header"); + MAIL_RET(0); + } + if (!sendmail_path) { #if (defined PHP_WIN32 || defined NETWARE) /* handle old style win smtp sending */ |