-
-
Save smalyshev/aae34ba0a831e9a5c4824b1ee89579c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit ce0770384fb70bcd27e9e8a2b4fe6a0dcbabefae | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Sun Nov 18 17:10:43 2018 -0800 | |
Disable rsh/ssh functionality in imap by default (bug #77153) | |
diff --git a/UPGRADING b/UPGRADING | |
index 353ffa73ad..d0340868ed 100644 | |
--- a/UPGRADING | |
+++ b/UPGRADING | |
@@ -64,6 +64,13 @@ PHP 5.6 UPGRADE NOTES | |
- cURL: | |
Uploads using the @file syntax are now unsupported by default. | |
+- IMAP: | |
+ Starting with 5.6.38, rsh/ssh logins are disabled by default. Use | |
+ imap.enable_insecure_rsh if you want to enable them. Note that the IMAP | |
+ library does not filter mailbox names before passing them to rsh/ssh | |
+ command, thus passing untrusted data to this function with rsh/ssh enabled | |
+ is insecure. | |
+ | |
======================================== | |
2. New Features | |
======================================== | |
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c | |
index 00eae89a96..f6feebe9f7 100644 | |
--- a/ext/imap/php_imap.c | |
+++ b/ext/imap/php_imap.c | |
@@ -562,6 +562,15 @@ static const zend_module_dep imap_deps[] = { | |
}; | |
/* }}} */ | |
+ | |
+/* {{{ PHP_INI | |
+ */ | |
+PHP_INI_BEGIN() | |
+STD_PHP_INI_BOOLEAN("imap.enable_insecure_rsh", "0", PHP_INI_SYSTEM, OnUpdateBool, enable_rsh, zend_imap_globals, imap_globals) | |
+PHP_INI_END() | |
+/* }}} */ | |
+ | |
+ | |
/* {{{ imap_module_entry | |
*/ | |
zend_module_entry imap_module_entry = { | |
@@ -835,6 +844,8 @@ PHP_MINIT_FUNCTION(imap) | |
{ | |
unsigned long sa_all = SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY; | |
+ REGISTER_INI_ENTRIES(); | |
+ | |
#ifndef PHP_WIN32 | |
mail_link(&unixdriver); /* link in the unix driver */ | |
mail_link(&mhdriver); /* link in the mh driver */ | |
@@ -1052,6 +1063,12 @@ PHP_MINIT_FUNCTION(imap) | |
GC_TEXTS texts | |
*/ | |
+ if (!IMAPG(enable_rsh)) { | |
+ /* disable SSH and RSH, see https://bugs.php.net/bug.php?id=77153 */ | |
+ mail_parameters (NIL, SET_RSHTIMEOUT, 0); | |
+ mail_parameters (NIL, SET_SSHTIMEOUT, 0); | |
+ } | |
+ | |
le_imap = zend_register_list_destructors_ex(mail_close_it, NULL, "imap", module_number); | |
return SUCCESS; | |
} | |
diff --git a/ext/imap/php_imap.h b/ext/imap/php_imap.h | |
index 3a1d048cd3..0c3ce78d48 100644 | |
--- a/ext/imap/php_imap.h | |
+++ b/ext/imap/php_imap.h | |
@@ -214,6 +214,7 @@ ZEND_BEGIN_MODULE_GLOBALS(imap) | |
#endif | |
/* php_stream for php_mail_gets() */ | |
php_stream *gets_stream; | |
+ zend_bool enable_rsh; | |
ZEND_END_MODULE_GLOBALS(imap) | |
#ifdef ZTS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment