diff options
Diffstat (limited to 'dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch')
-rw-r--r-- | dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch b/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch new file mode 100644 index 0000000..93701e9 --- /dev/null +++ b/dev-lang/php/files/5.0.5/php5.0.5-mbstring-header_inj.patch @@ -0,0 +1,133 @@ +--- ext/mbstring/mbstring.c 2005/02/21 15:15:08 1.214.2.4 ++++ ext/mbstring/mbstring.c 2005/11/25 22:18:45 1.214.2.7 +@@ -17,7 +17,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: mbstring.c,v 1.214.2.4 2005/02/21 15:15:08 moriyoshi Exp $ */ ++/* $Id: mbstring.c,v 1.214.2.7 2005/11/25 22:18:45 hirokawa Exp $ */ + + /* + * PHP 4 Multibyte String module "mbstring" +@@ -2267,7 +2267,7 @@ PHP_FUNCTION(mb_list_encodings) + } + /* }}} */ + +-/* {{{ proto string mb_encode_mimeheader(string str [, string charset [, string transfer-encoding [, string linefeed]]]) ++/* {{{ proto string mb_encode_mimeheader(string str [, string charset [, string transfer-encoding [, string linefeed [, int indent]]]]) + Converts the string to MIME "encoded-word" in the format of =?charset?(B|Q)?encoded_string?= */ + PHP_FUNCTION(mb_encode_mimeheader) + { +@@ -2279,12 +2279,13 @@ PHP_FUNCTION(mb_encode_mimeheader) + int trans_enc_name_len; + char *linefeed = "\r\n"; + int linefeed_len; ++ int indent = 0; + + mbfl_string_init(&string); + string.no_language = MBSTRG(current_language); + string.no_encoding = MBSTRG(current_internal_encoding); + +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sss", (char **)&string.val, &string.len, &charset_name, &charset_name_len, &trans_enc_name, &trans_enc_name_len, &linefeed, &linefeed_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sssl", (char **)&string.val, &string.len, &charset_name, &charset_name_len, &trans_enc_name, &trans_enc_name_len, &linefeed, &linefeed_len, &indent) == FAILURE) { + return; + } + +@@ -2314,7 +2315,7 @@ PHP_FUNCTION(mb_encode_mimeheader) + } + + mbfl_string_init(&result); +- ret = mbfl_mime_header_encode(&string, &result, charset, transenc, linefeed, 0); ++ ret = mbfl_mime_header_encode(&string, &result, charset, transenc, linefeed, indent); + if (ret != NULL) { + RETVAL_STRINGL((char *)ret->val, ret->len, 0) /* the string is already strdup()'ed */ + } else { +@@ -2770,6 +2771,15 @@ PHP_FUNCTION(mb_decode_numericentity) + */ + #if HAVE_SENDMAIL + ++#define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos) \ ++ if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \ ++ pos += 3; \ ++ while (str[pos] == ' ' || str[pos] == '\t') { \ ++ pos++; \ ++ } \ ++ continue; \ ++ } ++ + #define APPEND_ONE_CHAR(ch) do { \ + if (token.a > 0) { \ + smart_str_appendc(&token, ch); \ +@@ -2981,6 +2991,9 @@ PHP_FUNCTION(mb_send_mail) + int subject_len; + char *extra_cmd=NULL; + int extra_cmd_len; ++ int i; ++ char *to_r; ++ char *force_extra_parameters = INI_STR("mail.force_extra_parameters"); + struct { + int cnt_type:1; + int cnt_trans_enc:1; +@@ -3086,7 +3099,30 @@ PHP_FUNCTION(mb_send_mail) + } + + /* To: */ +- if (to == NULL || to_len <= 0) { ++ if (to != NULL) { ++ if (to_len > 0) { ++ to_r = estrndup(to, to_len); ++ for (; to_len; to_len--) { ++ if (!isspace((unsigned char) to_r[to_len - 1])) { ++ break; ++ } ++ to_r[to_len - 1] = '\0'; ++ } ++ for (i = 0; to_r[i]; i++) { ++ if (iscntrl((unsigned char) to_r[i])) { ++ /* According to RFC 822, section 3.1.1 long headers may be separated into ++ * parts using CRLF followed at least one linear-white-space character ('\t' or ' '). ++ * To prevent these separators from being replaced with a space, we use the ++ * SKIP_LONG_HEADER_SEP_MBSTRING to skip over them. ++ */ ++ SKIP_LONG_HEADER_SEP_MBSTRING(to_r, i); ++ to_r[i] = ' '; ++ } ++ } ++ } else { ++ to_r = to; ++ } ++ } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing To: field"); + err = 1; + } +@@ -3182,12 +3218,20 @@ PHP_FUNCTION(mb_send_mail) + mbfl_memory_device_output('\0', &device); + headers = (char *)device.buffer; + +- if (!err && php_mail(to, subject, message, headers, extra_cmd TSRMLS_CC)) { ++ if (force_extra_parameters) { ++ extra_cmd = estrdup(force_extra_parameters); ++ } else if (extra_cmd) { ++ extra_cmd = php_escape_shell_cmd(extra_cmd); ++ } ++ ++ if (!err && php_mail(to_r, subject, message, headers, extra_cmd TSRMLS_CC)) { + RETVAL_TRUE; + } else { + RETVAL_FALSE; + } +- ++ if (to_r != to) { ++ efree(to_r); ++ } + if (subject_buf) { + efree((void *)subject_buf); + } +@@ -3198,6 +3242,7 @@ PHP_FUNCTION(mb_send_mail) + zend_hash_destroy(&ht_headers); + } + ++#undef SKIP_LONG_HEADER_SEP_MBSTRING + #undef APPEND_ONE_CHAR + #undef SEPARATE_SMART_STR + #undef PHP_MBSTR_MAIL_MIME_HEADER1 |