]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6de6f2a)
Fix segfaults after conversion from zval to zend_string params
authorGeorge Peter Banyard <girgias@php.net>
Thu, 22 Oct 2020 14:21:57 +0000 (15:21 +0100)
committerGeorge Peter Banyard <girgias@php.net>
Thu, 22 Oct 2020 14:50:01 +0000 (15:50 +0100)
ext/imap/php_imap.c patch | blob | history
ext/imap/tests/bug77020.phpt patch | blob | history

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 258bd5bb9c9c3b2faf5f39c05e5da6ea40eab01c..6861b2ad9eca57e3055c03fe9d5db9ddeb201bca 100644 (file)
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -3532,6 +3532,7 @@ bool _php_imap_mail(zend_string *to, zend_string *subject, zend_string *message,
 
        ZEND_ASSERT(to && ZSTR_LEN(to) != 0);
        ZEND_ASSERT(subject && ZSTR_LEN(subject) != 0);
+       ZEND_ASSERT(message);
 
 #ifdef PHP_WIN32
        char *tempMailTo;
@@ -3661,14 +3662,23 @@ bool _php_imap_mail(zend_string *to, zend_string *subject, zend_string *message,
        }
        sendmail = popen(INI_STR("sendmail_path"), "w");
        if (sendmail) {
-               if (ZSTR_LEN(rpath) != 0) fprintf(sendmail, "From: %s\n", ZSTR_VAL(rpath));
+               if (rpath && ZSTR_LEN(rpath) != 0) {
+                       fprintf(sendmail, "From: %s\n", ZSTR_VAL(rpath));
+               }
+               /* to cannot be a null pointer, asserted earlier on */
                fprintf(sendmail, "To: %s\n", ZSTR_VAL(to));
-               if (ZSTR_LEN(cc) != 0) fprintf(sendmail, "Cc: %s\n", ZSTR_VAL(cc));
-               if (ZSTR_LEN(bcc) != 0) fprintf(sendmail, "Bcc: %s\n", ZSTR_VAL(bcc));
+               if (cc && ZSTR_LEN(cc) != 0) {
+                       fprintf(sendmail, "Cc: %s\n", ZSTR_VAL(cc));
+               }
+               if (bcc && ZSTR_LEN(bcc) != 0) {
+                       fprintf(sendmail, "Bcc: %s\n", ZSTR_VAL(bcc));
+               }
+               /* subject cannot be a null pointer, asserted earlier on */
                fprintf(sendmail, "Subject: %s\n", ZSTR_VAL(subject));
-               if (headers != NULL) {
+               if (headers && ZSTR_LEN(headers) != 0) {
                        fprintf(sendmail, "%s\n", ZSTR_VAL(headers));
                }
+               /* message cannot be a null pointer, asserted earlier on */
                fprintf(sendmail, "\n%s\n", ZSTR_VAL(message));
                ret = pclose(sendmail);
 
diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt
index 582b132ad863e1dd0b52f33777864a3c276e671d..43c8133700b73dd02703943e5c289753f1ebf7b1 100644 (file)
--- a/ext/imap/tests/bug77020.phpt
+++ b/ext/imap/tests/bug77020.phpt
@@ -10,4 +10,4 @@ imap_mail('1', 1, NULL);
 ?>
 --EXPECTF--
 Warning: imap_mail(): No message string in mail command in %s on line %d
-%A
+%S
Unnamed repository; edit this file 'description' to name the repository.