Skip to content

Instantly share code, notes, and snippets.

@cmb69 cmb69/bug77020.patch Secret
Created Oct 16, 2018

Embed
What would you like to do?
PHP bug #77020
From 7056128fbf5c96a344ae661d664729fd066759ac Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 16 Oct 2018 16:42:52 +0200
Subject: [PATCH] Fix #77020: null pointer dereference in imap_mail
If an empty $message is passed to imap_mail(), we must not set message
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
(opposed to pointers to NUL).
---
ext/imap/php_imap.c | 1 -
ext/imap/tests/bug77020.phpt | 15 +++++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 ext/imap/tests/bug77020.phpt
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 24b18212a3..32c2e87fcc 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -4097,7 +4097,6 @@ PHP_FUNCTION(imap_mail)
if (!ZSTR_LEN(message)) {
/* this is not really an error, so it is allowed. */
php_error_docref(NULL, E_WARNING, "No message string in mail command");
- message = NULL;
}
if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL,
diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt
new file mode 100644
index 0000000000..8a65232eec
--- /dev/null
+++ b/ext/imap/tests/bug77020.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #77020 (null pointer dereference in imap_mail)
+--SKIPIF--
+<?php
+if (!extension_loaded('imap')) die('skip imap extension not available');
+?>
+--FILE--
+<?php
+imap_mail('1', 1, NULL);
+?>
+===DONE===
+--EXPECTF--
+Warning: imap_mail(): No message string in mail command in %s on line %d
+%s
+===DONE===
--
2.17.0.windows.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.