From: Maylein at ub dot uni-heidelberg dot de Operating system: Linux 2.6.22 PHP version: 5.2.4 PHP Bug Type: Reproducible crash Bug description: IMAP toolkit crash: rfc822.c legacy routine buffer, overflow
Description: ------------ I am using the uw imap c-client-library with php-5.2.4 and apache 2.0.61 for my webmailer software TWIG. Some actions causes the httpd child to crash: httpd: IMAP toolkit crash: rfc822.c legacy routine buffer overflow See also http://bugs.php.net/bug.php?id=40925&edit=1 uw imap developers say that it is definitely a php issue which you have been denying in former bug reports. So please have a second thought on this issue. Here is the response of the uw imap developers: > PHP is calling c-client legacy RFC 822 header generation routines > that write headers into a "big enough buffer". These routines were > never intended for external use. > There is no way in the old interface to know how much space is left > in the buffer. Those routines were written in 1988 when that was > "good enough". They were left unfixed because supposedly "nobody > used them". When it became clear that people were using those > routines after all, they were replaced by routines with proper > buffer checking. > The old routine names exist as compatibility interfaces into the new > routines, but the old interface itself prevents proper checking. > ... > Let's be clear; if PHP calls these old routines, it is not just a > core dump issue; it is a security bug. The abort catches some, but > NOT all of the buffer overflows. > ... > In case it wasn't clear from the previous message, there is nothing > to fix at the c-client end. That "legacy routine buffer overflow" > is effectively the same thing as getting a SEGV from strcpy(). As > the message says, it's a detected buffer overflow. But there is > nothing that c-client can do to recover. > The fix is not to call the routine that has the buffer overflow, but > that has to be in PHP. > I'm sorry that this is bad news for you, especially as the PHP > developers seem to be unable to understand the issue (and thus are > telling you to talk to me). Actual result: -------------- httpd child crashes with a buffer overflow httpd: IMAP toolkit crash: rfc822.c legacy routine buffer overflow -- Edit bug report at http://bugs.php.net/?id=42862&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42862&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42862&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42862&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42862&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42862&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42862&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=42862&r=needscript Try newer version: http://bugs.php.net/fix.php?id=42862&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42862&r=support Expected behavior: http://bugs.php.net/fix.php?id=42862&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42862&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42862&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42862&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42862&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42862&r=dst IIS Stability: http://bugs.php.net/fix.php?id=42862&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42862&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42862&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42862&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=42862&r=mysqlcfg