Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-lang/php/files/4.4.1/php4.4.1-mbstring-header_inj.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/php/files/4.4.1/php4.4.1-mbstring-header_inj.patch')
-rw-r--r--dev-lang/php/files/4.4.1/php4.4.1-mbstring-header_inj.patch145
1 files changed, 145 insertions, 0 deletions
diff --git a/dev-lang/php/files/4.4.1/php4.4.1-mbstring-header_inj.patch b/dev-lang/php/files/4.4.1/php4.4.1-mbstring-header_inj.patch
new file mode 100644
index 0000000..adbf35a
--- /dev/null
+++ b/dev-lang/php/files/4.4.1/php4.4.1-mbstring-header_inj.patch
@@ -0,0 +1,145 @@
+--- ext/mbstring/mbstring.c 2005-09-21 15:19:19.000000000 +0200
++++ ext/mbstring/mbstring.c 2005-11-22 01:00:03.000000000 +0100
+@@ -17,7 +17,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: mbstring.c,v 1.142.2.47.2.1 2005/09/21 13:19:19 iliaa Exp $ */
++/* $Id: mbstring.c,v 1.142.2.47.2.5 2005/11/21 23:21:19 hirokawa Exp $ */
+
+ /*
+ * PHP4 Multibyte String module "mbstring"
+@@ -2924,16 +2924,17 @@
+ }
+ /* }}} */
+
+-/* {{{ proto string mb_encode_mimeheader(string str [, string charset [, string transfer-encoding [, string linefeed]]])
++/* {{{ proto string mb_encode_mimeheader(string str [, string charset [, string transfer-encoding [, string linefeed [, int indent]]]])
+ Converts the string to MIME "encoded-word" in the format of =?charset?(B|Q)?encoded_string?= */
+ PHP_FUNCTION(mb_encode_mimeheader)
+ {
+- pval **argv[4];
++ pval **argv[5];
+ enum mbfl_no_encoding charset, transenc;
+ mbfl_string string, result, *ret;
+ char *p, *linefeed;
++ int indent;
+
+- if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 4 || zend_get_parameters_array_ex(ZEND_NUM_ARGS(), argv) == FAILURE) {
++ if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 5 || zend_get_parameters_array_ex(ZEND_NUM_ARGS(), argv) == FAILURE) {
+ WRONG_PARAM_COUNT;
+ }
+
+@@ -2970,6 +2971,12 @@
+ linefeed = Z_STRVAL_PP(argv[3]);
+ }
+
++ indent = 0;
++ if (ZEND_NUM_ARGS() >= 5) {
++ convert_to_long_ex(argv[4]);
++ indent = Z_LVAL_PP(argv[4]);
++ }
++
+ convert_to_string_ex(argv[0]);
+ mbfl_string_init(&string);
+ mbfl_string_init(&result);
+@@ -2977,7 +2984,7 @@
+ string.no_encoding = MBSTRG(current_internal_encoding);
+ string.val = Z_STRVAL_PP(argv[0]);
+ string.len = Z_STRLEN_PP(argv[0]);
+- ret = mbfl_mime_header_encode(&string, &result, charset, transenc, linefeed, 0);
++ ret = mbfl_mime_header_encode(&string, &result, charset, transenc, linefeed, indent);
+ if (ret != NULL) {
+ RETVAL_STRINGL((char *)ret->val, ret->len, 0) /* the string is already strdup()'ed */
+ } else {
+@@ -3460,6 +3467,22 @@
+ * Sends an email message with MIME scheme
+ */
+ #if HAVE_SENDMAIL
++#define SKIP_LONG_HEADER_SEP_MBSTRING(str, pos) \
++ if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
++ pos += 3; \
++ while (str[pos] == ' ' || str[pos] == '\t') { \
++ pos++; \
++ } \
++ continue; \
++ } \
++ else if (str[pos] == '\n' && (str[pos + 1] == ' ' || str[pos + 1] == '\t')) { \
++ pos += 2; \
++ while (str[pos] == ' ' || str[pos] == '\t') { \
++ pos++; \
++ } \
++ continue; \
++ } \
++
+ PHP_FUNCTION(mb_send_mail)
+ {
+ int argc, n;
+@@ -3474,8 +3497,9 @@
+ body_enc; /* body transfar encoding */
+ mbfl_memory_device device; /* automatic allocateable buffer for additional header */
+ const mbfl_language *lang;
+- char *force_extra_parameters = INI_STR("mail.force_extra_parameters");
+ int err = 0;
++ char *to_r;
++ int to_len, i;
+
+ /* initialize */
+ mbfl_memory_device_init(&device, 0, 0);
+@@ -3502,6 +3526,32 @@
+ convert_to_string_ex(argv[0]);
+ if (Z_STRVAL_PP(argv[0])) {
+ to = Z_STRVAL_PP(argv[0]);
++ to_len = Z_STRLEN_PP(argv[0]);
++ if (to_len > 0) {
++ to_r = estrndup(to, to_len);
++ for (; to_len; to_len--) {
++ if (!isspace((unsigned char) to_r[to_len - 1])) {
++ break;
++ }
++ to_r[to_len - 1] = '\0';
++ }
++ for (i = 0; to_r[i]; i++) {
++ if (iscntrl((unsigned char) to_r[i])) {
++ /* According to RFC 822, section 3.1.1 long headers may be
++separated into
++ * parts using CRLF followed at least one linear-white-space
++character ('\t' or ' ').
++ * To prevent these separators from being replaced with a space,
++we use the
++ * SKIP_LONG_HEADER_SEP_MBSTRING to skip over them.
++ */
++ SKIP_LONG_HEADER_SEP_MBSTRING(to_r, i);
++ to_r[i] = ' ';
++ }
++ }
++ } else {
++ to_r = to;
++ }
+ } else {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing To: field");
+ err = 1;
+@@ -3596,18 +3646,19 @@
+ extra_cmd = Z_STRVAL_PP(argv[4]);
+ }
+
+- if (force_extra_parameters) {
+- extra_cmd = estrdup(force_extra_parameters);
+- } else if (extra_cmd) {
++ if (extra_cmd) {
+ extra_cmd = php_escape_shell_cmd(extra_cmd);
+ }
+
+- if (!err && php_mail(to, subject, message, headers, extra_cmd TSRMLS_CC)) {
++ if (!err && php_mail(to_r, subject, message, headers, extra_cmd TSRMLS_CC)) {
+ RETVAL_TRUE;
+ } else {
+ RETVAL_FALSE;
+ }
+
++ if (to_r != to) {
++ efree(to_r);
++ }
+ if (extra_cmd) {
+ efree(extra_cmd);
+ }