iliaa Tue Aug 30 18:02:45 2005 EDT
Added files:
/php-src/ext/imap/tests bug32589.phpt
Modified files:
/php-src/ext/imap php_imap.c
Log:
Fixed bug #32589 (possible crash inside imap_mail_compose() function).
http://cvs.php.net/diff.php/php-src/ext/imap/php_imap.c?r1=1.208&r2=1.209&ty=u
Index: php-src/ext/imap/php_imap.c
diff -u php-src/ext/imap/php_imap.c:1.208 php-src/ext/imap/php_imap.c:1.209
--- php-src/ext/imap/php_imap.c:1.208 Sun Aug 7 18:06:27 2005
+++ php-src/ext/imap/php_imap.c Tue Aug 30 18:02:43 2005
@@ -26,7 +26,7 @@
| PHP 4.0 updates: Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_imap.c,v 1.208 2005/08/07 22:06:27 sniper Exp $ */
+/* $Id: php_imap.c,v 1.209 2005/08/30 22:02:43 iliaa Exp $ */
#define IMAP41
@@ -2908,6 +2908,7 @@
custom_headers_param = mail_newbody_parameter();
convert_to_string_ex(env_data);
custom_headers_param->value = (char *)
fs_get(Z_STRLEN_PP(env_data) + 1);
+ custom_headers_param->attribute = NULL;
memcpy(custom_headers_param->value,
Z_STRVAL_PP(env_data), Z_STRLEN_PP(env_data) + 1);
zend_hash_move_forward(Z_ARRVAL_PP(pvalue));
custom_headers_param->next = tmp_param;
@@ -2939,7 +2940,7 @@
convert_to_string_ex(pvalue);
tmp_param = mail_newbody_parameter();
tmp_param->value = cpystr(Z_STRVAL_PP(pvalue));
- tmp_param->attribute = "CHARSET";
+ tmp_param->attribute = cpystr("CHARSET");
tmp_param->next = bod->parameter;
bod->parameter = tmp_param;
}
@@ -2949,7 +2950,7 @@
while
(zend_hash_get_current_data(Z_ARRVAL_PP(pvalue), (void **) &disp_data) ==
SUCCESS) {
disp_param = mail_newbody_parameter();
zend_hash_get_current_key(Z_ARRVAL_PP(pvalue), &key, &ind, 0);
- disp_param->attribute = key;
+ disp_param->attribute = cpystr(key);
convert_to_string_ex(disp_data);
disp_param->value = (char *)
fs_get(Z_STRLEN_PP(disp_data) + 1);
memcpy(disp_param->value,
Z_STRVAL_PP(disp_data), Z_STRLEN_PP(disp_data) + 1);
@@ -2983,7 +2984,7 @@
while
(zend_hash_get_current_data(Z_ARRVAL_PP(pvalue), (void **) &disp_data) ==
SUCCESS) {
disp_param = mail_newbody_parameter();
zend_hash_get_current_key(Z_ARRVAL_PP(pvalue), &key, &ind, 0);
- disp_param->attribute = key;
+ disp_param->attribute = cpystr(key);
convert_to_string_ex(disp_data);
disp_param->value = (char *)
fs_get(Z_STRLEN_PP(disp_data) + 1);
memcpy(disp_param->value,
Z_STRVAL_PP(disp_data), Z_STRLEN_PP(disp_data) + 1);
@@ -3047,7 +3048,7 @@
tmp_param = mail_newbody_parameter();
tmp_param->value = (char *)
fs_get(Z_STRLEN_PP(pvalue) + 1);
memcpy(tmp_param->value, Z_STRVAL_PP(pvalue),
Z_STRLEN_PP(pvalue) + 1);
- tmp_param->attribute = "CHARSET";
+ tmp_param->attribute = cpystr("CHARSET");
tmp_param->next = bod->parameter;
bod->parameter = tmp_param;
}
@@ -3057,7 +3058,7 @@
while
(zend_hash_get_current_data(Z_ARRVAL_PP(pvalue), (void **) &disp_data) ==
SUCCESS) {
disp_param =
mail_newbody_parameter();
zend_hash_get_current_key(Z_ARRVAL_PP(pvalue), &key, &ind, 0);
- disp_param->attribute = key;
+ disp_param->attribute =
cpystr(key);
convert_to_string_ex(disp_data);
disp_param->value = (char *)
fs_get(Z_STRLEN_PP(disp_data) + 1);
memcpy(disp_param->value,
Z_STRVAL_PP(disp_data), Z_STRLEN_PP(disp_data) + 1);
@@ -3091,7 +3092,7 @@
while
(zend_hash_get_current_data(Z_ARRVAL_PP(pvalue), (void **) &disp_data) ==
SUCCESS) {
disp_param =
mail_newbody_parameter();
zend_hash_get_current_key(Z_ARRVAL_PP(pvalue), &key, &ind, 0);
- disp_param->attribute = key;
+ disp_param->attribute =
cpystr(key);
convert_to_string_ex(disp_data);
disp_param->value = (char *)
fs_get(Z_STRLEN_PP(disp_data) + 1);
memcpy(disp_param->value,
Z_STRVAL_PP(disp_data), Z_STRLEN_PP(disp_data) + 1);
http://cvs.php.net/co.php/php-src/ext/imap/tests/bug32589.phpt?r=1.1&p=1
Index: php-src/ext/imap/tests/bug32589.phpt
+++ php-src/ext/imap/tests/bug32589.phpt
--TEST--
Bug #32589 (crash inside imap_mail_compose() function)
--SKIPIF--
<?php
if (!extension_loaded("imap")) {
die("skip imap extension not available");
}
?>
--FILE--
<?php
$m_envelope["To"] = "[EMAIL PROTECTED]";
$m_part1["type"] = TYPEMULTIPART;
$m_part1["subtype"] = "mixed";
$m_part2["type"] = TYPETEXT;
$m_part2["subtype"] = "plain";
$m_part2["description"] = "text_message";
$m_part2["charset"] = "ISO-8859-2";
$m_part2["contents.data"] = "hello";
$m_body[1] = $m_part1;
$m_body[2] = $m_part2;
echo imap_mail_compose($m_envelope, $m_body);
?>
--EXPECTF--
MIME-Version: 1.0
Content-Type: MULTIPART/mixed; BOUNDARY="%s"
%s
Content-Type: TEXT/plain; CHARSET=ISO-8859-2
Content-Description: text_message
hello
%s
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
