Skip to content

Instantly share code, notes, and snippets.

@smalyshev

smalyshev/77153.diff Secret

Created Nov 19, 2018
Embed
What would you like to do?
commit ce0770384fb70bcd27e9e8a2b4fe6a0dcbabefae
Author: Stanislav Malyshev <stas@php.net>
Date: Sun Nov 18 17:10:43 2018 -0800
Disable rsh/ssh functionality in imap by default (bug #77153)
diff --git a/UPGRADING b/UPGRADING
index 353ffa73ad..d0340868ed 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -64,6 +64,13 @@ PHP 5.6 UPGRADE NOTES
- cURL:
Uploads using the @file syntax are now unsupported by default.
+- IMAP:
+ Starting with 5.6.38, rsh/ssh logins are disabled by default. Use
+ imap.enable_insecure_rsh if you want to enable them. Note that the IMAP
+ library does not filter mailbox names before passing them to rsh/ssh
+ command, thus passing untrusted data to this function with rsh/ssh enabled
+ is insecure.
+
========================================
2. New Features
========================================
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 00eae89a96..f6feebe9f7 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -562,6 +562,15 @@ static const zend_module_dep imap_deps[] = {
};
/* }}} */
+
+/* {{{ PHP_INI
+ */
+PHP_INI_BEGIN()
+STD_PHP_INI_BOOLEAN("imap.enable_insecure_rsh", "0", PHP_INI_SYSTEM, OnUpdateBool, enable_rsh, zend_imap_globals, imap_globals)
+PHP_INI_END()
+/* }}} */
+
+
/* {{{ imap_module_entry
*/
zend_module_entry imap_module_entry = {
@@ -835,6 +844,8 @@ PHP_MINIT_FUNCTION(imap)
{
unsigned long sa_all = SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY;
+ REGISTER_INI_ENTRIES();
+
#ifndef PHP_WIN32
mail_link(&unixdriver); /* link in the unix driver */
mail_link(&mhdriver); /* link in the mh driver */
@@ -1052,6 +1063,12 @@ PHP_MINIT_FUNCTION(imap)
GC_TEXTS texts
*/
+ if (!IMAPG(enable_rsh)) {
+ /* disable SSH and RSH, see https://bugs.php.net/bug.php?id=77153 */
+ mail_parameters (NIL, SET_RSHTIMEOUT, 0);
+ mail_parameters (NIL, SET_SSHTIMEOUT, 0);
+ }
+
le_imap = zend_register_list_destructors_ex(mail_close_it, NULL, "imap", module_number);
return SUCCESS;
}
diff --git a/ext/imap/php_imap.h b/ext/imap/php_imap.h
index 3a1d048cd3..0c3ce78d48 100644
--- a/ext/imap/php_imap.h
+++ b/ext/imap/php_imap.h
@@ -214,6 +214,7 @@ ZEND_BEGIN_MODULE_GLOBALS(imap)
#endif
/* php_stream for php_mail_gets() */
php_stream *gets_stream;
+ zend_bool enable_rsh;
ZEND_END_MODULE_GLOBALS(imap)
#ifdef ZTS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.