Bug#325215: squirrelmail: file handle

Sun, 28 Aug 2005 06:48:12 -0700 

retitle 325215 Multiple attachments sometimes breaks due to chunk_split changed 
behaviour
tags 325215 patch
thanks

On Sat, 2005-08-27 at 10:05 +0200, Thijs Kinkhorst wrote:
> On Fri, 2005-08-26 at 18:16 -0300, Ezequiel Larrarte wrote:
> > Package: squirrelmail
> > Version: 2:1.4.4-6sarge1
> > Severity: grave
> > Justification: renders package unusable
> 
> Please, this is not a grave bug. That in some cases some attachments
> don't work doesn't render the package "unusable".

Ezequiel Larrarte wrote to me in private mail:
> based on debian reportbug:
> grave
> makes the package in question unusable by most or all
> users,              
>    or "causes data loss", or introduces a security hole allowing
> access to the accounts of users who use the package.
> 
> My attachment blows off == data loss! so .. It 's grave for me!!!

Please followup to the bug itself aswell, so all information is properly
recorded.

I'll check with my co-maintainer and possibly with the release manager
to see whether they think this issue should be fixed in stable. In any
case, we can't upload the new squirrelmail version to stable, we would
have to upload a new package containing just this fix. The updating
policy for stable is very strict (and that makes stable as stable as it
is) so it's unsure whether it will be accepted.

I've attached the patch that is used upstream for three months, and in
Debian testing/unstable without problems. The issue is that PHP changed
the behaviour of chunk_split in version 4.3.11, and appearently Debian
backported this also to their PHP 4.3.10 version (strange...).

I'll get back to you once I know whether this will be uploaded to stable
or not.

regards,
Thijs

diff -u -w -r1.18.2.21 -r1.18.2.22
--- Deliver.class.php	22 May 2005 08:30:30 -0000	1.18.2.21
+++ Deliver.class.php	3 Jun 2005 19:51:11 -0000	1.18.2.22
@@ -179,6 +179,11 @@
                 $encoded = '';
                 while ($tmp = fread($file, 570)) {
                    $body_part = chunk_split(base64_encode($tmp));
+                    // Up to 4.3.10 chunk_split always appends a newline, 
+                    // while in 4.3.11 it doesn't if the string to split 
+                    // is shorter than the chunk length.
+                    if( substr($body_part, -1 , 1 ) != "\n" )
+                        $body_part .= "\n";
                     $length += $this->clean_crlf($body_part);
                     if ($stream) {
                         $this->writeToStream($stream, $body_part);

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to