diff options
author | Anatol Belski <ab@php.net> | 2018-01-12 17:13:18 +0100 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2018-01-12 17:13:18 +0100 |
commit | cecf734dc38449590ae689aed781f4cb7ade61be (patch) | |
tree | 7952da608b9fa569eeeb317f24a851b4430b494a | |
parent | 9d2662ea4b0da2e7e8b26aea84f923ff7b62a50a (diff) | |
download | php-git-cecf734dc38449590ae689aed781f4cb7ade61be.tar.gz |
Fixed bug #75774 imap_append HeapCorruction
-rw-r--r-- | ext/imap/php_imap.c | 11 | ||||
-rw-r--r-- | ext/imap/tests/bug75774.phpt | 24 |
2 files changed, 29 insertions, 6 deletions
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 3e5b49e0d7..acde3ba629 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -1312,18 +1312,18 @@ PHP_FUNCTION(imap_append) zend_string *folder, *message, *internal_date = NULL, *flags = NULL; pils *imap_le_struct; STRING st; - zend_string* regex; - pcre_cache_entry *pce; /* Compiled regex */ - zval *subpats = NULL; /* Parts (not used) */ - int global = 0; if (zend_parse_parameters(ZEND_NUM_ARGS(), "rSS|SS", &streamind, &folder, &message, &flags, &internal_date) == FAILURE) { return; } - regex = zend_string_init("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/", sizeof("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/") - 1, 0); if (internal_date) { + zend_string *regex = zend_string_init("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/", sizeof("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/") - 1, 0); + pcre_cache_entry *pce; /* Compiled regex */ + zval *subpats = NULL; /* Parts (not used) */ + int global = 0; + /* Make sure the given internal_date string matches the RFC specifiedformat */ if ((pce = pcre_get_compiled_regex_cache(regex))== NULL) { zend_string_free(regex); @@ -1340,7 +1340,6 @@ PHP_FUNCTION(imap_append) } } - zend_string_free(regex); if ((imap_le_struct = (pils *)zend_fetch_resource(Z_RES_P(streamind), "imap", le_imap)) == NULL) { RETURN_FALSE; } diff --git a/ext/imap/tests/bug75774.phpt b/ext/imap/tests/bug75774.phpt new file mode 100644 index 0000000000..ba08ab0439 --- /dev/null +++ b/ext/imap/tests/bug75774.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #75774 imap_append HeapCorruction +--SKIPIF-- +<?php +extension_loaded('imap') or die('skip imap extension not available in this build'); +?> +--FILE-- +<?php + +$fn = __DIR__ . DIRECTORY_SEPARATOR . "foo75774"; +$var1=fopen($fn, "w"); + +imap_append($var1, "", "", "", ""); + +fclose($var1); +unlink($fn); + +?> +==DONE== +--EXPECTF-- +Warning: imap_append(): internal date not correctly formatted in %s on line %d + +Warning: imap_append(): supplied resource is not a valid imap resource in %s on line %d +==DONE== |